Nginx编译安装及平滑升级

基于仓库安装

官网地址： http://nginx.org/en/linux_packages.html

sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor     | 

sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx"     | sudo tee /etc/apt/sources.list.d/nginx.list


root@ops106:~# apt list nginx
Listing... Done
nginx/stable 1.20.2-1~focal arm64
N: There are 6 additional versions. Please use the '-a' switch to see them.


root@ops106:~# apt install nginx

# 查看版本及编译参数
root@ops106:~# nginx -V
nginx version: nginx/1.20.2
built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2) 
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.20.2/debian/debuild-base/nginx-1.20.2=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

编译安装1.18.0 安装依赖工具

apt install gcc openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev make    libncurses-dev  libperl-dev

创建用户

groupadd nginx
useradd nginx -g nginx -s /sbin/nologin -M

下载软件包&解压

wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar xf nginx-1.18.0.tar.gz

修改相应报文Server首部（可选）

cd nginx-1.18.0

vim  src/core/nginx.h
#define NGINX_VERSION      "1.11.30"
#define NGINX_VER          "super ops/" NGINX_VERSION                                    # 没有禁用版本后显示

vim src/http/ngx_http_header_filter_module.c
static u_char ngx_http_server_string[] = "Server: super ops" CRLF;     #  server_tokens off; 指令显示此处版本

编译安装

./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx  \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_sub_module  \
--with-http_stub_status_module \
--with-http_gzip_static_module  \
--with-pcre \
# --with-http_perl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-http_addition_module  \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module 

make && make install

修改目录权限

chown -R nginx.nginx /usr/local/nginx

准备启动文件

cat /usr/lib/systemd/system/nginx.service 
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/run/nginx.pid
ExecStart=/usr/local/bin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /usr/local/nginx/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /usr/local/nginx/run/nginx.pid)"

[Install]
WantedBy=multi-user.target

启动测试

systemctl start nginx
systemctl enable nginx
systemctl status nginx

验证

curl -I 10.211.55.106

HTTP/1.1 200 OK
Server: super ops/1.11.30
Date: Tue, 30 Nov 2021 12:21:57 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 30 Nov 2021 12:11:57 GMT
Connection: keep-alive
ETag: "61a6150d-264"
Accept-Ranges: bytes

平滑升级和回滚

实验： 将nginx版本1.18.0升级到nginx1.20.2版本。

平滑升级流程 将旧Nginx二进制文件换成新Nginx程序文件（注意先备份) 向master进程发送USR2信号 master进程修改pid文件名加上后缀.oldbin,成为nginx.pid.oldbin master进程用新Nginx文件启动新master进程成为旧master的子进程,系统中将有新旧两个Nginx 主进程共同提供Web服务,当前新的请求仍然由旧Nginx的worker进程进行处理,将新生成的master 进程的PID存放至新生成的pid文件nginx.pid 向旧的Nginx服务进程发送WINCH信号，使旧的Nginx worker进程平滑停止 向旧master进程发送QUIT信号，关闭老master，并删除Nginx.pid.oldbin文件 如果发现升级有问题,可以回滚∶向老master发送HUP，向新master发送QUIT 编译1.20.2版本Nginx

# 下载并解压
wget http://nginx.org/download/nginx-1.20.2.tar.gz
tar xf nginx-1.20.2.tar.gz
cd nginx-1.20.2

# 修改响应头
root@ops106:~/nginx-1.20.2# vim src/core/nginx.h 
#define NGINX_VERSION      "1.12.2"
#define NGINX_VER          "Super Ops/" NGINX_VERSION

root@ops106:~/nginx-1.20.2# vim src/http/ngx_http_header_filter_module.c 
static u_char ngx_http_server_string[] = "Server: Super Ops" CRLF;

# 编译

./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx  \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_sub_module  \
--with-http_stub_status_module \
--with-http_gzip_static_module  \
--with-pcre \
# --with-http_perl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-http_addition_module  \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module 

 # 只需要make 不需要make install make

备份旧版本nginx程序并拷贝新版本

mv /usr/local/nginx/sbin/nginx{,.bak}
cp objs/nginx /usr/local/nginx/sbin/
cd /usr/local/nginx/sbin/

root@ops106:/usr/local/nginx/sbin# ls -l
total 16820
-rwxr-xr-x 1 root  root  8676640 Nov 30 13:37 nginx
-rwxr-xr-x 1 nginx nginx 8543112 Nov 30 12:11 nginx.bak

检查&发送USR2信号进行平滑升级

root@ops106:/usr/local/nginx# pwd
/usr/local/nginx

# 使用新命令检查配置
root@ops106:/usr/local/nginx# sbin/nginx -t

# 查看旧版本nginx进程状态
root@ops106:/usr/local/nginx# ps auxf | grep nginx
root       17411  0.0  0.0   5832   640 pts/1    S+   13:42   0:00          \_ grep --color=auto nginx
root       13473  0.0  0.1  13024  1740 ?        Ss   12:21   0:00 nginx: master process /usr/local/bin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx      13474  0.0  0.5  13776  5292 ?        S    12:21   0:00  \_ nginx: worker process

# 发送 USR2 平滑升级信号
#USR2 平滑升级可执行程序,将存储有旧版本主进程PID的文件重命名为nginx.pid.oldbin，并启动新的
nginx
#此时两个master的进程都在运行,只是旧的master不在监听,由新的master监听80
#此时Nginx开启一个新的master进程，这个master进程会生成新的worker进程，这就是升级后的Nginx进
程，此时老的进程不会自动退出，但是当接收到新的请求不作处理而是交给新的进程处理。
root@ops106:/usr/local/nginx# kill -USR2 `ps -ef | grep "nginx: master process" | grep -v grep | awk '{print $2}'`

# 查看最新进程状态
# 可以看到两个master,新的master是旧版master的子进程,并生成新版的worker进程
root@ops106:/usr/local/nginx# ps auxf | grep nginx
root       17424  0.0  0.0   5832   676 pts/1    S+   13:43   0:00          \_ grep --color=auto nginx
root       13473  0.0  0.2  13024  2556 ?        Ss   12:21   0:00 nginx: master process /usr/local/bin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx      13474  0.0  0.5  13776  5292 ?        S    12:21   0:00  \_ nginx: worker process

#先关闭旧nginx的worker进程,而不关闭nginx主进程方便回滚
#向原Nginx主进程发送WINCH信号，它会逐步关闭旗下的工作进程（主进程不退出），这时所有请求都会由新
版Nginx处理
root@ops106:/usr/local/nginx# kill -WINCH `cat /usr/local/nginx/run/nginx.pid.oldbin`


#经过一段时间测试，新版本服务没问题，最后退出老的master
root@ops106:/usr/local/nginx# kill -QUIT `cat /usr/local/nginx/run/nginx.pid.oldbin`

回滚操作

#最后关闭新版的master 
kill -QUIT `cat /usr/local/nginx/run/nginx.pid`