centos7.6环境下编译安装tengine-2.2.2的编译安装

.获取tengine2..2的源码包

http://tengine.taobao.org/download/tengine-2.2.2.tar.gz

.获取tengine的编译参数

/usr/loca/nginx/sbin/nginx -V

# tengine2..2的编译安装

tar -zxf tengine-2.2..tar.gz

cd tengine-2.2.

./configure --prefix=/usr/local/tengine-2.2. --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

make && make install

# 因为openssl经常曝出一些大的漏洞,使用最新版本的openssl1..0i

--with-openssl=/usr/local/lab/openssl-1.1.0i

# 找到geoip相关的库

ngx_http_geoip2_module-3.2

....

报错的处理:

问题1:./configure预编译报错

configuring additional modules

adding module in /usr/local/lab/ngx_cache_purge-2.3

 + ngx_http_cache_purge_module was configured

adding module in /usr/local/ngx_http_geoip2_module-3.2

checking for MaxmindDB library ... found

 + ngx_geoip2_module was configured

adding module in modules/ngx_http_lua_module

checking for LuaJIT library in /usr/local/lib/ and /usr/local/include/luajit-2.0/ (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found

checking for export symbols by default (-E) ... found

checking for export symbols by default (--export-all-symbols) ... not found

checking for SO_PASSCRED ... found

 + ngx_http_lua_module was configured

checking for libxslt ... found

checking for libexslt ... found

checking for GeoIP library ... not found

checking for GeoIP library in /usr/local/ ... not found

checking for GeoIP library in /usr/pkg/ ... not found

checking for GeoIP library in /opt/local/ ... not found

./configure: error: the GeoIP module requires the GeoIP library.

You can either do not enable the module or install the library.

解决办法编译安装GeoIP:

cd source

wget https://github.com/maxmind/geoip-api-c/releases/download/v1.6.9/GeoIP-1.6.9.tar.gz

tar -zxvf GeoIP-1.6..tar.gz -C /usr/local

cd GeoIP-1.6.

# 注意不要添加--prefix 默认即可否则无法正常编译安装

./configure

make

sudo make install

问题2:

make编译报错:

    POSIX mem threshold ............. :

    Internal link size .............. :

    Nested parentheses limit ........ :

    Match limit ..................... :

    Match limit recursion ........... : MATCH_LIMIT

    Build shared libs ............... : no

    Build static libs ............... : yes

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ :

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line : ./config: No such file or directory

make[]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error

make[]: Leaving directory `/usr/local/src/tengine-2.2.'

make: *** [build] Error 

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2./auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可

问题3:

make报错:

make[]: *** No rule to make target `distclean'.  Stop

make[]: *** [/usr/local/lab/zlib-1.2./libz.a] Error 

问题分析:

/usr/local/lab/zlib-1.2./下没有libz.a文件,当时编译的时候是--prefix的,源码没有拷贝过来

解决办法:

将之前的编译目录拷贝过去即可:

cp -ar /usr/loca/src/zlib-1.2./* /usr/local/lab/zlib-1.2.11/

#####################################

tengine升级为2.2.3

# tengine2.2.3的编译安装

tar -zxf tengine-2.2.3.tar.gz

cd tengine-2.2.3

./configure --prefix=/usr/local/tengine-2.2.3 --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2.11 --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# 报错

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ : 20480

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line 2: ./config: No such file or directory

make[1]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error 127

make[1]: Leaving directory `/usr/local/src/tengine-2.2.3'

make: *** [build] Error 2

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2.2/auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可
无法解析SSI报错如下:Nginx: unsafe URI detected while sending response

现象:# 类似 <!--#include virtual="../library/header.html"--><div id="blog"> html语法无法解析,导致网站头部尾部不能正常展示

<!--#include virtual="library/header.html"--> 可以解析没有问题

# 代码片段

<!DOCTYPE html>

<html>

<head>

<meta charset="utf-8">

<meta name="viewport" content="width=device-width,initial-scale=1.0">

<link rel="shortcut icon" href="http://blog.chinasoft.com/static/favicon.ico" />

<title>Influencer Marketing Tips</title>

<meta name="description" content="Learn more about the helpful influencer marketing tips for your brand, products or business on chinasoft blog center." />

</head>

<body>

<!--#include virtual="../library/header.html"--><div id="blog">

  <div>

    <div class="container py-lg-5" style="max-width:1200px">

      <div class="bg-light rounded py-4 px-5 mx-auto">

网站头部不能加载影响美观

[root@eus_mp_web01:/data/www/vhosts/blog.chinasoft.com/httpdocs/influencer-marketing-tips]# tail -f /data/www/logs/nginx_log/error/blog.com_error.log

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * open() "/data/www/vhosts/blog.chinasoft.com/httpdocs/static/favicon.ico" failed (: No such file or directory), client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /static/favicon.ico HTTP/1.1", host: "blog.chinasoft.com", referrer: "https://blog.chinasoft.com/influencer-marketing-tips/"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

关于Nginx的SSI(包含路径)

如果shtml里面的网页代码包含语句写成如下:

<!--#include virtual="/test.html"-->

这样是没有问题,可以包含的,但是如果写成这样:

<!--#include virtual="../test.html"-->

由于需要包含当前代码文件所在目录路径的上级目录文件,nginx会为此请求产生的子请求uri为/../test.html,默认nginx会认为这个uri并不是安全的,日志(error_log)会输入如下错误:

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

不能正确包含文件,页面会输出[an error occurred while processing the directive],解决方法是找到nginx源代码目录的unsafe uri检查函数并强制使其返回一个NGX_OK

# 解决办法:

# 修改源文件tengine-2.2./src/http/ngx_http_parse.c

# 找到ngx_http_parse_unsafe_uri 函数,直接返回 NGX_OK

ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,

    ngx_str_t *args, ngx_uint_t *flags)

{

    return NGX_OK;            # 新增return NGX_OK;

    u_char      ch, *p, *src, *dst;

    size_t      len;

    ngx_uint_t  quoted;

    len = uri->len;

    p = uri->data;

    quoted = ;

    if (len ==  || p[] == '?') {

        goto unsafe;

    }

    if (p[] == '.' && len >  && p[] == '.'

        && (len ==  || ngx_path_separator(p[])))

    {

        goto unsafe;

    }

    for ( /* void */ ; len; len--) {

        ch = *p++;

        if (ch == '%') {

            quoted = ;

            continue;

        }

        if (usual[ch >> ] & ( << (ch & 0x1f))) {

            continue;

        }

        if (ch == '?') {

            args->len = len - ;

            args->data = p;

            uri->len -= len;

            break;

        }

# 重新编译即可

./configure --prefix=/usr/local/tengine-2.2.3_ssi --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# make && make install

重新编译以后nginx可以包含上级目录的文件,当然,带来的后果是安全性的下降

centos7.6环境下编译安装tengine-2.2.2的编译安装的更多相关文章

  1. CentOS7.3环境下源码安装httpd

    CentOS7.3环境下源码安装httpd 本文在CentOS7.3下,源码安装apache服务httpd2.4. 1.下载好源码安装包 [root@localhost ~]#ll total 625 ...

  2. Centos7.4环境下搭建Python开发环境(虚拟机安装+python安装+pycharm安装)

    目录 一.安装 Centos7.4虚拟机 二.安装 python3.6.7 三.安装 pycharm 一般情况下,大家都是在 Windows平台下进行 Python开发,软件安装和环境搭建都非常&qu ...

  3. centos7.2环境下安装smokeping对网络状态进行监控

    centos7.2环境下安装smokeping对网络状态进行监控 安装smokeping建议用centos7,用centos6.5一直卡在smokeping那里,下载不了perl的扩展插件,可能是因为 ...

  4. Centos7.x环境下 安装Diszz

    镜像下载.域名解析.时间同步请点击 阿里云开源镜像站 一.背景 Discuz 是基于PHP网页,在 Linux 和 windows 两平台均可部署的论坛工具.本实验带你基于 CentOS 快速搭建属于 ...

  5. CentOS7.x-lnmp环境下安装Discuz论坛

    1.安装lnmp.这里采用一键安装的包 yum -y install wget wget http://soft.vpser.net/lnmp/lnmp1.6-full.tar.gz 2.加压安装ln ...

  6. centos7生产环境下openssh升级

    由于生产环境ssh版本太低,导致使用安全软件扫描时提示系统处于异常不安全的状态,主要原因是ssh漏洞.推荐通过升级ssh版本修复漏洞 因为是生产环境,所以有很多问题需要注意.为了保险起见,在生产环境下 ...

  7. windows 10环境下 使用 msys2 + vs code 配置 c++ 的编译环境

    不太多描述 msys2 与  vs code  ,既然你需要安装 一种语言的编译环境了 ,你肯定对这两个不陌生: 1. 先安装msys2; (下载多少位的msys2就安装多少位的 mingw,本人安装 ...

  8. Centos7.1环境下搭建BugFree

    环境准备: 系统 配置 IP Centos7.1 1核2G+60GB硬盘 10.10.28.204 1. 安装apache yum install httpd  2. 安装mysql yum inst ...

  9. linux环境下(非UI操作)所有软件的安装与卸载总结

    UI界面的软件管理 linux下的软件一般都是经过压缩的,主要的格式有这几种:rpm.tar.tar.gz.tgz等.所以首先拿到软件后第一件事就是解压缩. 在xwindow下以rpm格式的软件安装比 ...

随机推荐

  1. 解决 AttributeError: 'ForeignKey' object has no attribute 're'

    解决办法 # print('rel...',filter_field_obj.re.to.objects.all()) print("rel...", filter_field_o ...

  2. AOP从静态代理到动态代理 Emit实现

    [前言] AOP为Aspect Oriented Programming的缩写,意思是面向切面编程的技术. 何为切面? 一个和业务没有任何耦合相关的代码段,诸如:调用日志,发送邮件,甚至路由分发.一切 ...

  3. 追逐心目中的那个Ta

    申明:全篇皆为作者臆想,浪漫主义代表派作品,若有雷同,纯属巧合 人生最难过的不就是在一无所有的年纪里遇到了最想呵护一生的人,而在拥有一切的时候却失去了不顾一切的心. 长夜漫漫,本是相思人,偏听多情曲, ...

  4. 微信公众号开发 [05] 微信支付功能开发(网页JSAPI调用)

    1.微信支付的流程 如下三张手机截图,我们在微信网页端看到的支付,表面上看到的是 "点击支付按钮 - 弹出支付框 - 支付成功后出现提示页面",实际上的核心处理过程是: 点击支付按 ...

  5. 数据库和SQL面试题基础知识(持续更新)

    数据库方面基础知识复习 常问小问题: 一.like查询大小写问题: sql查询结果去重 SELECT distinct name FROM 表:平均数avg 一.like查询大小写问题: ①用bina ...

  6. 【学习总结】GirlsInAI ML-diary day-8-list列表

    [学习总结]GirlsInAI ML-diary 总 原博github链接-day8 认识list列表 新的数据类型:list. list是一种有序的集合,可以随时添加和删除其中的元素(链表??) 1 ...

  7. python中socket、进程、线程、协程、池的创建方式和应用场景

    进程 场景 利用多核.高计算型的程序.启动数量有限 进程是计算机中最小的资源分配单位 进程和线程是包含关系 每个进程中都至少有一条线程 可以利用多核,数据隔离 创建 销毁 切换 时间开销都比较大 随着 ...

  8. 清北澡堂 Day2 下午 一些比较重要的数论知识整理

    1.欧拉定理 设x1,x2,.....,xk,k=φ(n)为1~n中k个与n互质的数 结论一:axi与axj不同余 结论二:gcd(axi,n)=1 结论三:x1,x2,...,xk和ax1,ax2, ...

  9. C. Multi-Subject Competition 思维+前缀和+填表加减复杂度(复杂度计算错误)

    题意: 给出n个学生 m类题目 每个人会做s[i]类的题 并且做这个题的能力为r[i]  组成一个竞赛队 要求可以选择一些题目  在竞赛队中 擅长每一个题目的 人数要均等  求max(sigma(r[ ...

  10. 【POJ 3159】Candies&&洛谷P3275 [SCOI2011]糖果

    来补一下自己很久以前那个很蒟蒻很蒟蒻的自己没有学懂的知识 差分约束,说白了就是利用我们在求最短路的一个\(relax\)操作时的判断的原理 \[dis[v]>dis[u]+disj(u,v)\] ...