centos使用源码编译安装nginx并附加模块 Geoip2
1.下载源码
#下载
wget http://nginx.org/download/nginx-1.16.1.tar.gz
#解压
tar -xzf nginx-1.16.1.tar.gz
cd nginx-1.16.1
2.安装编译环境
yum update -y
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
3.编译安装
#添加用户和组
sudo groupadd test
sudo useradd -g test test
#配置
./configure \
--user=test \
--group=test \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-threads \
--add-module=/path/to/ngx_http_geoip2_module 此处指向模块路径
#编译
sudo make
#安装
sudo make install
ngx_http_geoip2_module下载地址
libmaxminddb下载地址
4.验证
#如果可正确现实nginx版本号等即安装成功
/usr/local/nginx/sbin/nginx -V
5.创建软链接
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
6.开机自启
sudo vim /etc/init.d/nginx
添加以下内容
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
赋予脚本可执行权限
chmod a+x /etc/init.d/nginx
将nginx服务加入chkconfig管理列表
chkconfig --add /etc/init.d/nginx
chkconfig nginx on
# 启动
systemctl start nginx
7.常用启动等命令
# 启动
systemctl start nginx
# 查看状态
systemctl status nginx
# 停止
systemctl stop nginx
# 重载配置
nginx -s reload
# 测试配置是否正确
nginx -t
8.Geoip2的配置
sudo vim nginx.conf
- 在http模块中加入
- source 选项对应的是 $remote_addr, 表示解析的是用户IP,可以修改为其它变量
http {
...
...
geoip2 /home/xuhao/GeoLite2/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
$geoip2_data_country_name country names en;
}
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
...
...
}
同时在业务相应的conf文件中写入判断即可达到屏蔽效果
server {
listen 9999;
server_name your domain;
location / {
if ($geoip2_data_country_code != 'CN'){
return 403;
}
}
}