Nginx 1.7.x on Debian (Wheezy)

From HostmasterWiki
Jump to: navigation, search

This how-to will statically compile nginx 1.9.6 with libressl 2.3.0, pcre and zlib.


Prepare[edit]

$ sudo apt-get install make gcc g++ patch
$ wget \
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.0.tar.gz \
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.gz \
http://nginx.org/download/nginx-1.9.6.tar.gz \
http://zlib.net/zlib-1.2.8.tar.gz
$ tar xvfz libressl-2.3.0.tar.gz && tar xvfz pcre-8.37.tar.gz && tar xvfz nginx-1.9.6.tar.gz && tar xvfz zlib-1.2.8.tar.gz

Compile[edit]

$ cd nginx-1.9.6
$ ./configure \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--without-select_module \
--without-poll_module \
--with-file-aio \
--with-ipv6 \
--with-pcre=../pcre-8.37 \
--with-pcre-jit \
--with-md5-asm \
--with-sha1-asm \
--with-zlib=../zlib-1.2.8 \
--with-zlib-asm=pentiumpro \
--with-openssl=../libressl-2.3.0 \
--with-ld-opt="-lrt" \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_stub_status_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-http_geo_module \
--without-http_split_clients_module \
--without-http_referer_module \
--without-http_uwsgi_module \
--without-http_scgi_module \
--without-http_memcached_module \
--without-http_empty_gif_module
 
$ make
$ sudo make install
$ sudo mkdir -p /var/lib/nginx

Install[edit]

Logrotate[edit]

$ sudo nano /etc/logrotate.d/nginx


/var/log/nginx/*.log /var/www/*/logs/error.log {
	daily
	missingok
	rotate 7
	compress
	delaycompress
	notifempty
	create
	sharedscripts
	postrotate
		invoke-rc.d nginx rotate >/dev/null 2>&1
	endscript
}

Init[edit]

$ nano /etc/init.d/nginx


#!/bin/sh
 
### BEGIN INIT INFO
# Provides:	  nginx
# Required-Start:    $local_fs $remote_fs $network $syslog $named
# Required-Stop:     $local_fs $remote_fs $network $syslog $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO
 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
 
# Include nginx defaults if available
if [ -r /etc/default/nginx ]; then
	. /etc/default/nginx
fi
 
STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
 
test -x $DAEMON || exit 0
 
. /lib/init/vars.sh
. /lib/lsb/init-functions
 
# Try to extract nginx pidfile
PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
if [ -z "$PID" ]
then
	PID=/run/nginx.pid
fi
 
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
	# Set the ulimits
	ulimit $ULIMIT
fi
 
#
# Function that starts the daemon/service
#
do_start()
{
	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started
	start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
		|| return 1
	start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
		$DAEMON_OPTS 2>/dev/null \
		|| return 2
}
 
test_nginx_config() {
	$DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
}
 
#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
	RETVAL="$?"
 
	sleep 1
	return "$RETVAL"
}
 
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
	start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
	return 0
}
 
#
# Rotate log files
#
do_rotate() {
	start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
	return 0
}
 
#
# Online upgrade nginx executable
#
# "Upgrading Executable on the Fly"
# http://nginx.org/en/docs/control.html
#
do_upgrade() {
	# Return
	#   0 if nginx has been successfully upgraded
	#   1 if nginx is not running
	#   2 if the pid files were not created on time
	#   3 if the old master could not be killed
	if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
		# Wait for both old and new master to write their pid file
		while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
			cnt=`expr $cnt + 1`
			if [ $cnt -gt 10 ]; then
				return 2
			fi
			sleep 1
		done
		# Everything is ready, gracefully stop the old master
		if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
			return 0
		else
			return 3
		fi
	else
		return 1
	fi
}
 
case "$1" in
	start)
		[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
		do_start
		case "$?" in
			0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
			2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
		esac
		;;
	stop)
		[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
		do_stop
		case "$?" in
			0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
			2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
		esac
		;;
	restart)
		log_daemon_msg "Restarting $DESC" "$NAME"
 
		# Check configuration before stopping nginx
		if ! test_nginx_config; then
			log_end_msg 1 # Configuration error
			exit 0
		fi
 
		do_stop
		case "$?" in
			0|1)
				do_start
				case "$?" in
					0) log_end_msg 0 ;;
					1) log_end_msg 1 ;; # Old process is still running
					*) log_end_msg 1 ;; # Failed to start
				esac
				;;
			*)
				# Failed to stop
				log_end_msg 1
				;;
		esac
		;;
	reload|force-reload)
		log_daemon_msg "Reloading $DESC configuration" "$NAME"
 
		# Check configuration before reload nginx
		#
		# This is not entirely correct since the on-disk nginx binary
		# may differ from the in-memory one, but that's not common.
		# We prefer to check the configuration and return an error
		# to the administrator.
		if ! test_nginx_config; then
			log_end_msg 1 # Configuration error
			exit 0
		fi
 
		do_reload
		log_end_msg $?
		;;
	configtest|testconfig)
		log_daemon_msg "Testing $DESC configuration"
		test_nginx_config
		log_end_msg $?
		;;
	status)
		status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
		;;
	upgrade)
		log_daemon_msg "Upgrading binary" "$NAME"
		do_upgrade
		log_end_msg 0
		;;
	rotate)
		log_daemon_msg "Re-opening $DESC log files" "$NAME"
		do_rotate
		log_end_msg $?
		;;
	*)
		echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
		exit 3
		;;
esac
 
:


$ sudo chmod +x /etc/init.d/nginx
$ sudo update-rc.d nginx defaults


htpasswd[edit]

$ sudo nano /usr/local/bin/htpasswd


#!/bin/bash
 
if [ "$1" = "" ]; then
  echo "usage: htpasswd username"
  exit 1
fi
printf "${1}:`/opt/libressl/bin/openssl passwd -apr1`\n" >> /etc/nginx/htpasswd.conf
exit 0


$ sudo chmod +x /usr/local/bin/htpasswd

Munin[edit]

$ sudo nano /etc/nginx/munin-node.conf


server {
    listen 127.0.0.1:80;
    server_name localhost;
    location /nginx_status {
        stub_status on;
        allow 127.0.0.1;
        deny all;
    }
 
    location ~ ^/(status|ping)$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        include fastcgi.conf;
    }
}


$ sudo apt-get install libwww-perl
$ sudo ln -s /usr/share/munin/plugins/nginx_status /etc/munin/plugins/nginx_status
$ sudo ln -s /usr/share/munin/plugins/nginx_request /etc/munin/plugins/nginx_request