实在不知道写啥好了 此文随便写一篇关于我的站点Nginx的配置

截至发文日 2020-04-09 11:29:59 星期四 我的nginx配置如下:

nginx version: nginx/1.17.9
built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_v3_module --with-http_v2_hpack_enc --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche --with-pcre=../pcre-8.44 --with-pcre-jit --add-module=../incubator-pagespeed-ngx-1.13.35.2-stable --with-ld-opt=-ljemalloc --add-module=../headers-more-nginx-module --add-module=../ngx_brotli --add-module=../ngx_security_headers --add-module=../lua-nginx-module --add-module=../ngx_devel_kit --with-threads --with-file-aio --without-http_ssi_module --without-http_scgi_module --without-http_uwsgi_module --with-stream --with-ld-opt=-Wl,-rpath,/usr/local/luajit/lib --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module

这是我自己的,虽然有些暂时用不到 但是先装着 说不定之后就用到了(
本站开启了实验性协议quic.在http3check中可以看到:
图
得益于 BoringSSL 本站也启用了 CECPQ2 密钥交换算法
Nginx 载入了以下模块:
Brotli:

git clone --recursive https://github.com/google/ngx_brotli.git

Nginx Devel Kit (NDK)

git clone https://github.com/simpl/ngx_devel_kit.git

Nginx Headers More

git clone https://github.com/openresty/headers-more-nginx-module.git

Lua Nginx Module:

git clone https://github.com/openresty/lua-nginx-module.git

PCRE:

wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
tar -xvzf pcre-8.44.tar.gz

jemalloc

git clone https://github.com/jemalloc/jemalloc
cd jemalloc
./configure
make && make install
echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
ldconfig

Nginx Security Headers

git clone https://github.com/GetPageSpeed/ngx_security_headers

LuaJit2

git clone https://github.com/openresty/luajit2
cd luajit2
make PREFIX=/usr/local/luajit
make install PREFIX=/usr/local/luajit
export LUAJIT_LIB=/usr/local/luajit/lib
export LUAJIT_INC=/usr/local/luajit/include/luajit-2.1

关于lua可能会出现找不到core.lua之类的问题 自行解决(下载对应的然后放到对应目录就行了)
以及 PageSpeed
还有 QUICHE
还用了由kn007制作的补丁文件

git clone https://github.com/kn007/patch
cd nginx-1.17.9
patch -p01 < ../patch/nginx_with_quic.patch
patch -p01 < ../patch/Enable_BoringSSL_OCSP.patch

因为QUICHE依靠BORINGSSLBoringssl又不支持双证书且默认不支持OCSP所以这里打上OCSP的补丁
以上是为本站Nginx的编译模块与部分过程(


沉淪在無盡的深淵中