Nginx is a high-performance web server software, which has very useful IO performance, and is simpler and easier to use than Apache Httpd configuration. This article will introduce you to compile and install third-party extensions of Nginx.

Nginx Additional extensions for:

1. OpenSSL 1.1.0, ALPN support, HTTP/2 support
2. Nginx CT, transparent certificate improves the security of HTTPS website and browser support
3. Ngx_PageSpeed, Google Home's website performance optimization tool
4. Brotli, achieving higher compression ratio than Gzip
5. Jemalloc, optimizing memory management

The first openssl and the last jemalloc are now included in most of the installation packages, which are not described. If you need them, please search Google for related tutorials. Today, I will mainly talk about the installation of Nginx-CT, ngx_PageSpeed and Brotli (It is recommended to put all third-party extensions under one folder for easy management)

Download the required source code package:

wget  https://github.com/grahamedgecombe/nginx-ct/archive/v1.3.2.tar.gz

tar xzf v1.3.2.tar.gz

git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli
git submodule update --init

wget https://github.com/pagespeed/ngx_pagespeed/archive/v1.12.34.3-stable.zip
unzip v1.12.34.3-stable.zip
cd ngx_pagespeed-1.12.34.3-stable/
wget https://dl.google.com/dl/page-speed/psol/1.12.34.2-x64.tar.gz
tar -xzvf 1.12.34.2-x64.tar.gz

The next step is compiling. This is to add extensions in the environment where nginx has been installed Just make   unwanted make install , Otherwise, the installation will be overwritten

The error prompt under Linux is very humanized. You can basically solve the problem by looking at the prompt and more prompt operations

Important steps:

View the configuration of nginx and its existing extensions through the command nginx - V. We only need to add modules later:

For example, using the nginx - V command to view the results is similar to the following:

 --prefix=/usr/local/nginx --with-http_stub_status_module

We just need to add our modules to the original ones:

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --add-module=/data/software/nginx-ct-1.3.2 --add-module=/data/software/ngx_brotli --add-module=/data/software/ngx_pagespeed-1.12.34.3-stable

After its automatic configuration is completed, just make it directly

Then back up the original installed nginx:

 cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
 service nginx stop

Then overwrite the just compiled nginx with the original nginx (nginx will stop at this time, and has stopped through the above command):

 cp ./ objs/nginx /usr/local/nginx/sbin/

Then start nginx (service nginx start), and check whether the third-party extension has been successfully added through the command nginx - V

PS: Notes+sharing, good extension, open source products should be experienced!

The reason for writing this article is to see my blog friend Secret, who wrote an article:

Google Image Station for Building Wheels It reminds me of the Nginx extended image Google, which I struggled with before. It is more efficient than this. It also supports advanced configuration and multi-level cooperation to form a cluster like function. Today, I struggled again, so I write down the process for the convenience of people who need it later

Statement: Please use the search engine reasonably within the scope permitted by law. This article is only a technical note and bears no responsibility

1. update library
2. apt - get update
3.  
4. #Install gcc&git
5. apt - get install build - essential git gcc g ++ make - y
6.  
7. #Nginx official website: http://nginx.org/en/download.html
8. wget " http://nginx.org/download/nginx-1.8.1.tar.gz "
9.  
10. #Pcre official website: http://www.pcre.org/
11. wget " ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz "
12.  
13. #The official website of opessl: https://www.openssl.org/
14. wget " https://www.openssl.org/source/openssl-1.0.1t.tar.gz "
15.  
16. #Zlib official website: http://www.zlib.net/
17. wget " http://zlib.net/zlib-1.2.8.tar.gz "
18.  
19. #Download this extension
20. git clone https : //github.com/cuber/ngx_http_google_filter_module
21.  
22. #Download the substitutions extension
23. git clone https : //github.com/yaoweibin/ngx_http_substitutions_filter_module
24.  
25. #Decompress
26. tar xzvf nginx - one point eight . 1.tar . gz && tar xzvf pcre - eight point three nine . tar . gz && tar xzvf openssl - one . 1t . tar . gz && tar xzvf zlib - one point two . 8.tar . gz
27.  
28. #Enter nginx source code directory
29. cd nginx - one point eight . one
30.  
31. #Create nginx installation directory
32. mkdir / usr / local / nginx - one point eight . one

Compiling nginx and its extensions

1. #Set Compilation Options
2. ./ configure \
3. -- prefix = /usr/ local / nginx - one point eight . one \
4. -- with - pcre =../ pcre - eight point three nine \
5. -- with - openssl =../ openssl - one . 1t \
6. -- with - zlib =../ zlib - one point two . eight \
7. -- with - http_ssl_module \
8. -- add - module =../ ngx_http_google_filter_module \
9. -- add - module =../ ngx_http_substitutions_filter_module
10.  
11. #Compilation, installation
12. #If the extension reports an error, please issue it to
13. # https://github.com/cuber/ngx_http_google_filter_module/issues
14. make
15. make install

Finally, start nginx, access your server IP or resolve to the above domain name, and you can see whether nginx is installed

The github address of the ngx_http_google_filter_module project (he also has instructions there, but it is in English. If you can understand it, you can read the original text directly):

https://github.com/cuber/ngx_http_google_filter_module

Let's talk about the configuration of nginx:

1. Simple stand-alone configuration of https does not support http reverse generation anymore

1. server {
2. server_name <Your domain name>;
3. listen four hundred and forty-three ;
4.  
5. ssl on ;
6. ssl_certificate <Your certificate>;
7. ssl_certificate_key <Your private key>;
8.  
9. resolver eight point eight . eight point eight ;
10. location / {
11. google on ;
12. }
13. }

1. Advanced configuration: configure multiple servers to alleviate concurrency and the frequency of verification codes

Google_scholar depends on Google, so google_scholar cannot be used independently Since Google Academic has recently upgraded to use the https protocol, and ncr already supports it, it is no longer necessary to specify Google Academic's tld

1. location / {
2. google on ;
3. google_scholar on ;
4. #Set to German, the default language is simplified Chinese
5. google_language "de" ;
6. }

Upstreaming

Upstream reduces the overhead of domain name resolution once, and by configuring Google IP with multiple network segments, it can reduce the probability of being detected by Google robot identification program (pop-up verification code) to a certain extent The upstream parameter should be placed in http {} (that is, outside the server {} configuration). Note that this parameter is only valid when you add an SSL certificate that is https, otherwise an error will be reported! It's easy to find the Google IP of this parameter. Ping www.google.com on your VPS and add or subtract 1 from the last digit of the IP.

 upstream  www.google.com { server 173.194.38.1:443; server 173.194.38.2:443; server 173.194.38.3:443; server 173.194.38.4:443; }

Proxy Protocol -- proxy protection

By default, the proxy will use https to communicate with the back-end server. You can use google_ssl_off to force some domain names to fall back to the http protocol. This is useful if you want to proxy some domains through another gateway without an ssl certificate.

 #
 # eg.
 # i want to proxy the domain 'www.google.com' like this
 # vps(hk) -> vps(us) -> google
 #

 #
 # configuration of vps(hk)
 #
 server { # ...
   location  / { google on; google_ssl_off  "www.google.com" ; } # ... } upstream  www.google.com { server < ip of vps(us) >:80; } #
 # configuration of vps(us)
 #
 server { listen  eighty ; server_name www.google.com; # ...
   location  / { proxy_pass https://www.google.com ; } # ... }

All these configurations are configured on a brand new machine. If you have already configured nginx, it is also easy. You just need to add extensions and dynamically compile them. After compiling, remember not to make install, just make compilation and then overwrite

./configure \
--prefix=/usr/local/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
.......
--add-module=/data/software/ngx_http_google_filter_module \
--add-module=/data/software/ngx_http_substitutions_filter_module

Note: You need to execute this under the source package folder of nginx/ The configure command. Before using the command, first use nginx V to view the nginx version and download the source code package of the same version. When adding an extension, pay attention to the path. When it is best to copy, first stop nginx. At the same time, just in case, first copy a copy of nginx before overwriting. Reference materials are as follows:

http://imshusheng.com/linux/173.html

http://www.ttlsa.com/nginx/how-to-install-nginx-third-modules/

http://coolnull.com/4245.html

That's it. See you next time.) Finally, welcome to my Google image: gg.mrxn.net

Last night, when compiling pureFTP in the deployment environment, an error was reported:

error while loading shared libraries: libsodium.so.18: cannot open shared

Baidu and Google finally found a solution:

First, confirm whether libsodium.so.18 exists in your system, and directly solve the problem with one command:

cat /etc/ld.so.conf

include ld.so.conf.d/*.conf

/lib

/usr/lib

/usr/lib64

/usr/local/lib

Or the following find command:

Find/- name "libsodium. so. 18", my system returns that exists, and general systems exist

/usr/lib/libsodium.so.18 ... Since there is a good error report, soft connect to another libsodium.so. The specific command is as follows:

ln -sf /usr/lib/libsodium.so /usr/lib/libsodium.so.18

Finally, remember

ldconfig

Note: Reference link--

http://www.jb51.net/LINUXjishu/268747.html

Otherwise, you can execute acme.sh -- you may be prompted that the command cannot be found. If you do not restart, you can also switch to the installation directory of acme.sh,

Cd/root/. acme. sh/, and then execute/ Acme.sh -- parameter. It is recommended to restart it for convenience

If there is an error during the installation of the certificate, it is better to verify the domain name in another way. The author mentioned it

Before installing the certificate, remember not to be poisoned by Google or Firefox Otherwise, they can't pass and can't issue certificates. For more usage methods, go to the author's github homepage, which is very detailed