centos使用源码编译安装nginx并附加模块 Geoip2

1648

1.下载源码

#下载
wget http://nginx.org/download/nginx-1.16.1.tar.gz
#解压
tar -xzf nginx-1.16.1.tar.gz
cd nginx-1.16.1

2.安装编译环境

yum update -y
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel

3.编译安装

#添加用户和组
sudo groupadd test
sudo useradd -g test test

#配置
./configure \
--user=test \
--group=test \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-threads \
--add-module=/path/to/ngx_http_geoip2_module 此处指向模块路径

#编译
sudo make

#安装
sudo make install

ngx_http_geoip2_module下载地址
libmaxminddb下载地址

4.验证

#如果可正确现实nginx版本号等即安装成功
/usr/local/nginx/sbin/nginx -V

5.创建软链接

ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx

6.开机自启

sudo vim /etc/init.d/nginx

添加以下内容

#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  NGINX is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# config:      /etc/sysconfig/nginx
# pidfile:     /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
   # make required directories
   user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
   if [ -z "`grep $user /etc/passwd`" ]; then
       useradd -M -s /bin/nologin $user
   fi
   options=`$nginx -V 2>&1 | grep 'configure arguments:'`
   for opt in $options; do
       if [ `echo $opt | grep '.*-temp-path'` ]; then
           value=`echo $opt | cut -d "=" -f 2`
           if [ ! -d "$value" ]; then
               # echo "creating" $value
               mkdir -p $value && chown -R $user $value
           fi
       fi
   done
}
start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    make_dirs
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}
stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}
restart() {
    configtest || return $?
    stop
    sleep 1
    start
}
reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}
force_reload() {
    restart
}
configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
    status $prog
}
rh_status_q() {
    rh_status >/dev/null 2>&1
}
case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

赋予脚本可执行权限

chmod a+x /etc/init.d/nginx

将nginx服务加入chkconfig管理列表

chkconfig --add /etc/init.d/nginx
chkconfig nginx on
# 启动
systemctl start nginx

7.常用启动等命令

# 启动
systemctl start nginx
# 查看状态
systemctl status nginx
# 停止
systemctl stop nginx

# 重载配置
nginx -s reload
# 测试配置是否正确
nginx -t

8.Geoip2的配置

sudo vim nginx.conf
  • 在http模块中加入
  • source 选项对应的是 $remote_addr, 表示解析的是用户IP,可以修改为其它变量
http {
    ...
    ...

    geoip2 /home/xuhao/GeoLite2/GeoLite2-Country.mmdb {
        auto_reload 5m;
        $geoip2_metadata_country_build metadata build_epoch;
        $geoip2_data_country_code default=US source=$remote_addr country iso_code;
        $geoip2_data_country_name country names en;
    }

    fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
    fastcgi_param COUNTRY_NAME $geoip2_data_country_name;

    ...
    ...
}

同时在业务相应的conf文件中写入判断即可达到屏蔽效果

server {
    listen 9999;
    server_name your domain;
    location / {
        if ($geoip2_data_country_code != 'CN'){
            return 403;
        }
    }
}