centos7.6环境下编译安装tengine-2.2.2的编译安装

.获取tengine2..2的源码包

http://tengine.taobao.org/download/tengine-2.2.2.tar.gz

.获取tengine的编译参数

/usr/loca/nginx/sbin/nginx -V

# tengine2..2的编译安装

tar -zxf tengine-2.2..tar.gz

cd tengine-2.2.

./configure --prefix=/usr/local/tengine-2.2. --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

make && make install

# 因为openssl经常曝出一些大的漏洞,使用最新版本的openssl1..0i

--with-openssl=/usr/local/lab/openssl-1.1.0i

# 找到geoip相关的库

ngx_http_geoip2_module-3.2

....

报错的处理:

问题1:./configure预编译报错

configuring additional modules

adding module in /usr/local/lab/ngx_cache_purge-2.3

 + ngx_http_cache_purge_module was configured

adding module in /usr/local/ngx_http_geoip2_module-3.2

checking for MaxmindDB library ... found

 + ngx_geoip2_module was configured

adding module in modules/ngx_http_lua_module

checking for LuaJIT library in /usr/local/lib/ and /usr/local/include/luajit-2.0/ (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found

checking for export symbols by default (-E) ... found

checking for export symbols by default (--export-all-symbols) ... not found

checking for SO_PASSCRED ... found

 + ngx_http_lua_module was configured

checking for libxslt ... found

checking for libexslt ... found

checking for GeoIP library ... not found

checking for GeoIP library in /usr/local/ ... not found

checking for GeoIP library in /usr/pkg/ ... not found

checking for GeoIP library in /opt/local/ ... not found

./configure: error: the GeoIP module requires the GeoIP library.

You can either do not enable the module or install the library.

解决办法编译安装GeoIP:

cd source

wget https://github.com/maxmind/geoip-api-c/releases/download/v1.6.9/GeoIP-1.6.9.tar.gz

tar -zxvf GeoIP-1.6..tar.gz -C /usr/local

cd GeoIP-1.6.

# 注意不要添加--prefix 默认即可否则无法正常编译安装

./configure

make

sudo make install

问题2:

make编译报错:

    POSIX mem threshold ............. :

    Internal link size .............. :

    Nested parentheses limit ........ :

    Match limit ..................... :

    Match limit recursion ........... : MATCH_LIMIT

    Build shared libs ............... : no

    Build static libs ............... : yes

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ :

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line : ./config: No such file or directory

make[]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error

make[]: Leaving directory `/usr/local/src/tengine-2.2.'

make: *** [build] Error 

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2./auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可

问题3:

make报错:

make[]: *** No rule to make target `distclean'.  Stop

make[]: *** [/usr/local/lab/zlib-1.2./libz.a] Error 

问题分析:

/usr/local/lab/zlib-1.2./下没有libz.a文件,当时编译的时候是--prefix的,源码没有拷贝过来

解决办法:

将之前的编译目录拷贝过去即可:

cp -ar /usr/loca/src/zlib-1.2./* /usr/local/lab/zlib-1.2.11/

#####################################

tengine升级为2.2.3

# tengine2.2.3的编译安装

tar -zxf tengine-2.2.3.tar.gz

cd tengine-2.2.3

./configure --prefix=/usr/local/tengine-2.2.3 --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2.11 --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# 报错

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ : 20480

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line 2: ./config: No such file or directory

make[1]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error 127

make[1]: Leaving directory `/usr/local/src/tengine-2.2.3'

make: *** [build] Error 2

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2.2/auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可
无法解析SSI报错如下:Nginx: unsafe URI detected while sending response

现象:# 类似 <!--#include virtual="../library/header.html"--><div id="blog"> html语法无法解析,导致网站头部尾部不能正常展示

<!--#include virtual="library/header.html"--> 可以解析没有问题

# 代码片段

<!DOCTYPE html>

<html>

<head>

<meta charset="utf-8">

<meta name="viewport" content="width=device-width,initial-scale=1.0">

<link rel="shortcut icon" href="http://blog.chinasoft.com/static/favicon.ico" />

<title>Influencer Marketing Tips</title>

<meta name="description" content="Learn more about the helpful influencer marketing tips for your brand, products or business on chinasoft blog center." />

</head>

<body>

<!--#include virtual="../library/header.html"--><div id="blog">

  <div>

    <div class="container py-lg-5" style="max-width:1200px">

      <div class="bg-light rounded py-4 px-5 mx-auto">

网站头部不能加载影响美观

[root@eus_mp_web01:/data/www/vhosts/blog.chinasoft.com/httpdocs/influencer-marketing-tips]# tail -f /data/www/logs/nginx_log/error/blog.com_error.log

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * open() "/data/www/vhosts/blog.chinasoft.com/httpdocs/static/favicon.ico" failed (: No such file or directory), client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /static/favicon.ico HTTP/1.1", host: "blog.chinasoft.com", referrer: "https://blog.chinasoft.com/influencer-marketing-tips/"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

关于Nginx的SSI(包含路径)

如果shtml里面的网页代码包含语句写成如下:

<!--#include virtual="/test.html"-->

这样是没有问题,可以包含的,但是如果写成这样:

<!--#include virtual="../test.html"-->

由于需要包含当前代码文件所在目录路径的上级目录文件,nginx会为此请求产生的子请求uri为/../test.html,默认nginx会认为这个uri并不是安全的,日志(error_log)会输入如下错误:

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

不能正确包含文件,页面会输出[an error occurred while processing the directive],解决方法是找到nginx源代码目录的unsafe uri检查函数并强制使其返回一个NGX_OK

# 解决办法:

# 修改源文件tengine-2.2./src/http/ngx_http_parse.c

# 找到ngx_http_parse_unsafe_uri 函数,直接返回 NGX_OK

ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,

    ngx_str_t *args, ngx_uint_t *flags)

{

    return NGX_OK;            # 新增return NGX_OK;

    u_char      ch, *p, *src, *dst;

    size_t      len;

    ngx_uint_t  quoted;

    len = uri->len;

    p = uri->data;

    quoted = ;

    if (len ==  || p[] == '?') {

        goto unsafe;

    }

    if (p[] == '.' && len >  && p[] == '.'

        && (len ==  || ngx_path_separator(p[])))

    {

        goto unsafe;

    }

    for ( /* void */ ; len; len--) {

        ch = *p++;

        if (ch == '%') {

            quoted = ;

            continue;

        }

        if (usual[ch >> ] & ( << (ch & 0x1f))) {

            continue;

        }

        if (ch == '?') {

            args->len = len - ;

            args->data = p;

            uri->len -= len;

            break;

        }

# 重新编译即可

./configure --prefix=/usr/local/tengine-2.2.3_ssi --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# make && make install

重新编译以后nginx可以包含上级目录的文件,当然,带来的后果是安全性的下降

centos7.6环境下编译安装tengine-2.2.2的编译安装的更多相关文章

  1. CentOS7.3环境下源码安装httpd

    CentOS7.3环境下源码安装httpd 本文在CentOS7.3下,源码安装apache服务httpd2.4. 1.下载好源码安装包 [root@localhost ~]#ll total 625 ...

  2. Centos7.4环境下搭建Python开发环境(虚拟机安装+python安装+pycharm安装)

    目录 一.安装 Centos7.4虚拟机 二.安装 python3.6.7 三.安装 pycharm 一般情况下,大家都是在 Windows平台下进行 Python开发,软件安装和环境搭建都非常&qu ...

  3. centos7.2环境下安装smokeping对网络状态进行监控

    centos7.2环境下安装smokeping对网络状态进行监控 安装smokeping建议用centos7,用centos6.5一直卡在smokeping那里,下载不了perl的扩展插件,可能是因为 ...

  4. Centos7.x环境下 安装Diszz

    镜像下载.域名解析.时间同步请点击 阿里云开源镜像站 一.背景 Discuz 是基于PHP网页,在 Linux 和 windows 两平台均可部署的论坛工具.本实验带你基于 CentOS 快速搭建属于 ...

  5. CentOS7.x-lnmp环境下安装Discuz论坛

    1.安装lnmp.这里采用一键安装的包 yum -y install wget wget http://soft.vpser.net/lnmp/lnmp1.6-full.tar.gz 2.加压安装ln ...

  6. centos7生产环境下openssh升级

    由于生产环境ssh版本太低,导致使用安全软件扫描时提示系统处于异常不安全的状态,主要原因是ssh漏洞.推荐通过升级ssh版本修复漏洞 因为是生产环境,所以有很多问题需要注意.为了保险起见,在生产环境下 ...

  7. windows 10环境下 使用 msys2 + vs code 配置 c++ 的编译环境

    不太多描述 msys2 与  vs code  ,既然你需要安装 一种语言的编译环境了 ,你肯定对这两个不陌生: 1. 先安装msys2; (下载多少位的msys2就安装多少位的 mingw,本人安装 ...

  8. Centos7.1环境下搭建BugFree

    环境准备: 系统 配置 IP Centos7.1 1核2G+60GB硬盘 10.10.28.204 1. 安装apache yum install httpd  2. 安装mysql yum inst ...

  9. linux环境下(非UI操作)所有软件的安装与卸载总结

    UI界面的软件管理 linux下的软件一般都是经过压缩的,主要的格式有这几种:rpm.tar.tar.gz.tgz等.所以首先拿到软件后第一件事就是解压缩. 在xwindow下以rpm格式的软件安装比 ...

随机推荐

  1. 二分查找c++实现

    二分查找的算法原理较为简单,在此给出c++代码实现,以及代码中遇到的问题,以及解决方案: # include "iostream" using namespace std; //t ...

  2. Python的各种推导式合集

    推导式的套路 之前我们已经学习了最简单的列表推导式和生成器表达式.但是除此之外,其实还有字典推导式.集合推导式等等. 下面是一个以列表推导式为例的推导式详细格式,同样适用于其他推导式. variabl ...

  3. (转)JMeter学习逻辑控制器

    JMeter中的Logic Controller用于为Test Plan中的节点添加逻辑控制器. JMeter中的Logic Controller分为两类:一类用来控制Test Plan执行过程中节点 ...

  4. php函数 array_combine

    (PHP 5, PHP 7) array_combine — 创建一个数组,用一个数组的值作为其键名,另一个数组的值作为其值 array_combine ( array $keys , array $ ...

  5. 查看CLOUD系统级IIS日志

    1.进入IIS,点击查看日志文件 2.分不同文件夹存放

  6. Android艺术——探究Handler运行机制

    我们从开发的角度来说,Handler是Android 的消息机制的上层接口.说到Handler,大家都会说:哦,Handler这个我知道干什么的,更新UI.没错,Handler的确是用于更新UI的,具 ...

  7. python之路4-文件操作

    对文件操作流程 打开文件,得到文件句柄并赋值给一个变量 通过句柄对文件进行操作 关闭文件 f = open('lyrics','r',encoding='utf-8') read_line = f.r ...

  8. CSS属性速查表

    前面的话 本文将按照布局类属性.盒模型属性.文本类属性.修饰类属性这四个分类,对CSS常用属性进行重新排列,并最终设置为一份stylelintrc文件 布局类 1.定位 position z-inde ...

  9. CQOI2018异或序列 [莫队]

    莫队板子 用于复习 #include <cstdio> #include <cstdlib> #include <algorithm> #include <c ...

  10. virtual-dom

    virtual-dom的历史 react最早研究virtual-dom,后来react火了之后,大家纷纷研究react的高性能实现,出现了2个流派,一是研究react算法的算法派,(virtual-d ...