centos7.6环境下编译安装tengine-2.2.2的编译安装

.获取tengine2..2的源码包

http://tengine.taobao.org/download/tengine-2.2.2.tar.gz

.获取tengine的编译参数

/usr/loca/nginx/sbin/nginx -V

# tengine2..2的编译安装

tar -zxf tengine-2.2..tar.gz

cd tengine-2.2.

./configure --prefix=/usr/local/tengine-2.2. --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

make && make install

# 因为openssl经常曝出一些大的漏洞,使用最新版本的openssl1..0i

--with-openssl=/usr/local/lab/openssl-1.1.0i

# 找到geoip相关的库

ngx_http_geoip2_module-3.2

....

报错的处理:

问题1:./configure预编译报错

configuring additional modules

adding module in /usr/local/lab/ngx_cache_purge-2.3

 + ngx_http_cache_purge_module was configured

adding module in /usr/local/ngx_http_geoip2_module-3.2

checking for MaxmindDB library ... found

 + ngx_geoip2_module was configured

adding module in modules/ngx_http_lua_module

checking for LuaJIT library in /usr/local/lib/ and /usr/local/include/luajit-2.0/ (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found

checking for export symbols by default (-E) ... found

checking for export symbols by default (--export-all-symbols) ... not found

checking for SO_PASSCRED ... found

 + ngx_http_lua_module was configured

checking for libxslt ... found

checking for libexslt ... found

checking for GeoIP library ... not found

checking for GeoIP library in /usr/local/ ... not found

checking for GeoIP library in /usr/pkg/ ... not found

checking for GeoIP library in /opt/local/ ... not found

./configure: error: the GeoIP module requires the GeoIP library.

You can either do not enable the module or install the library.

解决办法编译安装GeoIP:

cd source

wget https://github.com/maxmind/geoip-api-c/releases/download/v1.6.9/GeoIP-1.6.9.tar.gz

tar -zxvf GeoIP-1.6..tar.gz -C /usr/local

cd GeoIP-1.6.

# 注意不要添加--prefix 默认即可否则无法正常编译安装

./configure

make

sudo make install

问题2:

make编译报错:

    POSIX mem threshold ............. :

    Internal link size .............. :

    Nested parentheses limit ........ :

    Match limit ..................... :

    Match limit recursion ........... : MATCH_LIMIT

    Build shared libs ............... : no

    Build static libs ............... : yes

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ :

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line : ./config: No such file or directory

make[]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error

make[]: Leaving directory `/usr/local/src/tengine-2.2.'

make: *** [build] Error 

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2./auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可

问题3:

make报错:

make[]: *** No rule to make target `distclean'.  Stop

make[]: *** [/usr/local/lab/zlib-1.2./libz.a] Error 

问题分析:

/usr/local/lab/zlib-1.2./下没有libz.a文件,当时编译的时候是--prefix的,源码没有拷贝过来

解决办法:

将之前的编译目录拷贝过去即可:

cp -ar /usr/loca/src/zlib-1.2./* /usr/local/lab/zlib-1.2.11/

#####################################

tengine升级为2.2.3

# tengine2.2.3的编译安装

tar -zxf tengine-2.2.3.tar.gz

cd tengine-2.2.3

./configure --prefix=/usr/local/tengine-2.2.3 --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2.11 --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# 报错

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ : 20480

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line 2: ./config: No such file or directory

make[1]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error 127

make[1]: Leaving directory `/usr/local/src/tengine-2.2.3'

make: *** [build] Error 2

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2.2/auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可
无法解析SSI报错如下:Nginx: unsafe URI detected while sending response

现象:# 类似 <!--#include virtual="../library/header.html"--><div id="blog"> html语法无法解析,导致网站头部尾部不能正常展示

<!--#include virtual="library/header.html"--> 可以解析没有问题

# 代码片段

<!DOCTYPE html>

<html>

<head>

<meta charset="utf-8">

<meta name="viewport" content="width=device-width,initial-scale=1.0">

<link rel="shortcut icon" href="http://blog.chinasoft.com/static/favicon.ico" />

<title>Influencer Marketing Tips</title>

<meta name="description" content="Learn more about the helpful influencer marketing tips for your brand, products or business on chinasoft blog center." />

</head>

<body>

<!--#include virtual="../library/header.html"--><div id="blog">

  <div>

    <div class="container py-lg-5" style="max-width:1200px">

      <div class="bg-light rounded py-4 px-5 mx-auto">

网站头部不能加载影响美观

[root@eus_mp_web01:/data/www/vhosts/blog.chinasoft.com/httpdocs/influencer-marketing-tips]# tail -f /data/www/logs/nginx_log/error/blog.com_error.log

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * open() "/data/www/vhosts/blog.chinasoft.com/httpdocs/static/favicon.ico" failed (: No such file or directory), client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /static/favicon.ico HTTP/1.1", host: "blog.chinasoft.com", referrer: "https://blog.chinasoft.com/influencer-marketing-tips/"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

关于Nginx的SSI(包含路径)

如果shtml里面的网页代码包含语句写成如下:

<!--#include virtual="/test.html"-->

这样是没有问题,可以包含的,但是如果写成这样:

<!--#include virtual="../test.html"-->

由于需要包含当前代码文件所在目录路径的上级目录文件,nginx会为此请求产生的子请求uri为/../test.html,默认nginx会认为这个uri并不是安全的,日志(error_log)会输入如下错误:

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

不能正确包含文件,页面会输出[an error occurred while processing the directive],解决方法是找到nginx源代码目录的unsafe uri检查函数并强制使其返回一个NGX_OK

# 解决办法:

# 修改源文件tengine-2.2./src/http/ngx_http_parse.c

# 找到ngx_http_parse_unsafe_uri 函数,直接返回 NGX_OK

ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,

    ngx_str_t *args, ngx_uint_t *flags)

{

    return NGX_OK;            # 新增return NGX_OK;

    u_char      ch, *p, *src, *dst;

    size_t      len;

    ngx_uint_t  quoted;

    len = uri->len;

    p = uri->data;

    quoted = ;

    if (len ==  || p[] == '?') {

        goto unsafe;

    }

    if (p[] == '.' && len >  && p[] == '.'

        && (len ==  || ngx_path_separator(p[])))

    {

        goto unsafe;

    }

    for ( /* void */ ; len; len--) {

        ch = *p++;

        if (ch == '%') {

            quoted = ;

            continue;

        }

        if (usual[ch >> ] & ( << (ch & 0x1f))) {

            continue;

        }

        if (ch == '?') {

            args->len = len - ;

            args->data = p;

            uri->len -= len;

            break;

        }

# 重新编译即可

./configure --prefix=/usr/local/tengine-2.2.3_ssi --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# make && make install

重新编译以后nginx可以包含上级目录的文件,当然,带来的后果是安全性的下降

centos7.6环境下编译安装tengine-2.2.2的编译安装的更多相关文章

  1. CentOS7.3环境下源码安装httpd

    CentOS7.3环境下源码安装httpd 本文在CentOS7.3下,源码安装apache服务httpd2.4. 1.下载好源码安装包 [root@localhost ~]#ll total 625 ...

  2. Centos7.4环境下搭建Python开发环境(虚拟机安装+python安装+pycharm安装)

    目录 一.安装 Centos7.4虚拟机 二.安装 python3.6.7 三.安装 pycharm 一般情况下,大家都是在 Windows平台下进行 Python开发,软件安装和环境搭建都非常&qu ...

  3. centos7.2环境下安装smokeping对网络状态进行监控

    centos7.2环境下安装smokeping对网络状态进行监控 安装smokeping建议用centos7,用centos6.5一直卡在smokeping那里,下载不了perl的扩展插件,可能是因为 ...

  4. Centos7.x环境下 安装Diszz

    镜像下载.域名解析.时间同步请点击 阿里云开源镜像站 一.背景 Discuz 是基于PHP网页,在 Linux 和 windows 两平台均可部署的论坛工具.本实验带你基于 CentOS 快速搭建属于 ...

  5. CentOS7.x-lnmp环境下安装Discuz论坛

    1.安装lnmp.这里采用一键安装的包 yum -y install wget wget http://soft.vpser.net/lnmp/lnmp1.6-full.tar.gz 2.加压安装ln ...

  6. centos7生产环境下openssh升级

    由于生产环境ssh版本太低,导致使用安全软件扫描时提示系统处于异常不安全的状态,主要原因是ssh漏洞.推荐通过升级ssh版本修复漏洞 因为是生产环境,所以有很多问题需要注意.为了保险起见,在生产环境下 ...

  7. windows 10环境下 使用 msys2 + vs code 配置 c++ 的编译环境

    不太多描述 msys2 与  vs code  ,既然你需要安装 一种语言的编译环境了 ,你肯定对这两个不陌生: 1. 先安装msys2; (下载多少位的msys2就安装多少位的 mingw,本人安装 ...

  8. Centos7.1环境下搭建BugFree

    环境准备: 系统 配置 IP Centos7.1 1核2G+60GB硬盘 10.10.28.204 1. 安装apache yum install httpd  2. 安装mysql yum inst ...

  9. linux环境下(非UI操作)所有软件的安装与卸载总结

    UI界面的软件管理 linux下的软件一般都是经过压缩的,主要的格式有这几种:rpm.tar.tar.gz.tgz等.所以首先拿到软件后第一件事就是解压缩. 在xwindow下以rpm格式的软件安装比 ...

随机推荐

  1. LoadRunner 压力测试使用基础步骤

    一.新建脚本 二.新建脚本-选择协议,这里选择Web (HTTP/HTML) 三.开始录制(指定程序与URL) 四.场景设计(设计虚拟用户访问场景) 五.运行情况(可以看到运行结果) 六.分析报告(总 ...

  2. OpenStack-Neutron(5)

    一. Neutron 概述 SDN(software-defined networking)软件定义网络,其所具有的灵活性和自动化优势使其成为云时代网络管理的主流. Neutron的设计目标是实现“网 ...

  3. 根据json生成c#实体类

    vs 编辑->选择性粘贴->将json粘贴为类

  4. elasticsearch6.6及其插件安装记录(较详细)

    借鉴网上资料并实施验证结果 elasticsearch6.6安装 安装包下载路径 https://www.elastic.co/downloads/elasticsearch 本文使用安装包 elas ...

  5. 放弃幻想,全面拥抱Transformer:自然语言三大特征抽取器CNN/RNN/Transformer比较

    参考: https://zhuanlan.zhihu.com/p/54743941

  6. Flask插件wtforms、Flask文件上传和Echarts柱状图

    一.wtforms 类比Django的Form组件Form组件的主要应用是帮助我们自动生成HTML代码和做一些表单数据的验证 flask的wtforms用法跟Form组件大同小异参考文章:https: ...

  7. mpvue——引入echarts图表

    安装 mpvue-echarts的github地址 https://github.com/F-loat/mpvue-echarts $ cnpm install mpvue-echarts $ cnp ...

  8. 洛谷P1262间谍网络

    题目 我们首先考虑该题没有环应该怎么做,因为没有环所以是一个DAG,因此直接加上入度为0的罪犯,而有环则可以缩点,之后就成为了DAG,然后用一方法做就好了. \(Code\) #include < ...

  9. 2.4 random 模块

  10. Codeforces 629D Babaei and Birthday Cakes DP+线段树

    题目:http://codeforces.com/contest/629/problem/D 题意:有n个蛋糕要叠起来,能叠起来的条件是蛋糕的下标比前面的大并且体积也比前面的大,问能叠成的最大体积 思 ...