centos7.6环境下编译安装tengine-2.2.2的编译安装

.获取tengine2..2的源码包

http://tengine.taobao.org/download/tengine-2.2.2.tar.gz

.获取tengine的编译参数

/usr/loca/nginx/sbin/nginx -V

# tengine2..2的编译安装

tar -zxf tengine-2.2..tar.gz

cd tengine-2.2.

./configure --prefix=/usr/local/tengine-2.2. --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

make && make install

# 因为openssl经常曝出一些大的漏洞,使用最新版本的openssl1..0i

--with-openssl=/usr/local/lab/openssl-1.1.0i

# 找到geoip相关的库

ngx_http_geoip2_module-3.2

....

报错的处理:

问题1:./configure预编译报错

configuring additional modules

adding module in /usr/local/lab/ngx_cache_purge-2.3

 + ngx_http_cache_purge_module was configured

adding module in /usr/local/ngx_http_geoip2_module-3.2

checking for MaxmindDB library ... found

 + ngx_geoip2_module was configured

adding module in modules/ngx_http_lua_module

checking for LuaJIT library in /usr/local/lib/ and /usr/local/include/luajit-2.0/ (specified by the LUAJIT_LIB and LUAJIT_INC env, with -ldl) ... found

checking for export symbols by default (-E) ... found

checking for export symbols by default (--export-all-symbols) ... not found

checking for SO_PASSCRED ... found

 + ngx_http_lua_module was configured

checking for libxslt ... found

checking for libexslt ... found

checking for GeoIP library ... not found

checking for GeoIP library in /usr/local/ ... not found

checking for GeoIP library in /usr/pkg/ ... not found

checking for GeoIP library in /opt/local/ ... not found

./configure: error: the GeoIP module requires the GeoIP library.

You can either do not enable the module or install the library.

解决办法编译安装GeoIP:

cd source

wget https://github.com/maxmind/geoip-api-c/releases/download/v1.6.9/GeoIP-1.6.9.tar.gz

tar -zxvf GeoIP-1.6..tar.gz -C /usr/local

cd GeoIP-1.6.

# 注意不要添加--prefix 默认即可否则无法正常编译安装

./configure

make

sudo make install

问题2:

make编译报错:

    POSIX mem threshold ............. :

    Internal link size .............. :

    Nested parentheses limit ........ :

    Match limit ..................... :

    Match limit recursion ........... : MATCH_LIMIT

    Build shared libs ............... : no

    Build static libs ............... : yes

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ :

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line : ./config: No such file or directory

make[]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error

make[]: Leaving directory `/usr/local/src/tengine-2.2.'

make: *** [build] Error 

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2./auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可

问题3:

make报错:

make[]: *** No rule to make target `distclean'.  Stop

make[]: *** [/usr/local/lab/zlib-1.2./libz.a] Error 

问题分析:

/usr/local/lab/zlib-1.2./下没有libz.a文件,当时编译的时候是--prefix的,源码没有拷贝过来

解决办法:

将之前的编译目录拷贝过去即可:

cp -ar /usr/loca/src/zlib-1.2./* /usr/local/lab/zlib-1.2.11/

#####################################

tengine升级为2.2.3

# tengine2.2.3的编译安装

tar -zxf tengine-2.2.3.tar.gz

cd tengine-2.2.3

./configure --prefix=/usr/local/tengine-2.2.3 --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2.11 --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# 报错

    Use JIT in pcregrep ............. : no

    Buffer size for pcregrep ........ : 20480

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libedit ...... : no

    Link pcretest with libreadline .. : no

    Valgrind support ................ : no

    Code coverage ................... : no

cd /usr/local/lab/openssl-1.1.0i \

    && if [ -f Makefile ]; then make clean; fi \

    && ./config --prefix=/usr/local/lab/openssl-1.1.0i/.openssl no-shared  \

    && make \

    && make install LIBDIR=lib

/bin/sh: line 2: ./config: No such file or directory

make[1]: *** [/usr/local/lab/openssl-1.1.0i/.openssl/include/openssl/ssl.h] Error 127

make[1]: Leaving directory `/usr/local/src/tengine-2.2.3'

make: *** [build] Error 2

解决方案:

打开nginx源文件下的/usr/local/src/tengine-2.2.2/auto/lib/openssl/conf文件:

找到这么一段代码:

CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

修改成以下代码:

CORE_INCS="$CORE_INCS $OPENSSL/include"

CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"

CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"

CORE_LIBS="$CORE_LIBS $NGX_LIBDL"

 然后再进行Nginx的编译安装即可
无法解析SSI报错如下:Nginx: unsafe URI detected while sending response

现象:# 类似 <!--#include virtual="../library/header.html"--><div id="blog"> html语法无法解析,导致网站头部尾部不能正常展示

<!--#include virtual="library/header.html"--> 可以解析没有问题

# 代码片段

<!DOCTYPE html>

<html>

<head>

<meta charset="utf-8">

<meta name="viewport" content="width=device-width,initial-scale=1.0">

<link rel="shortcut icon" href="http://blog.chinasoft.com/static/favicon.ico" />

<title>Influencer Marketing Tips</title>

<meta name="description" content="Learn more about the helpful influencer marketing tips for your brand, products or business on chinasoft blog center." />

</head>

<body>

<!--#include virtual="../library/header.html"--><div id="blog">

  <div>

    <div class="container py-lg-5" style="max-width:1200px">

      <div class="bg-light rounded py-4 px-5 mx-auto">

网站头部不能加载影响美观

[root@eus_mp_web01:/data/www/vhosts/blog.chinasoft.com/httpdocs/influencer-marketing-tips]# tail -f /data/www/logs/nginx_log/error/blog.com_error.log

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * open() "/data/www/vhosts/blog.chinasoft.com/httpdocs/static/favicon.ico" failed (: No such file or directory), client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /static/favicon.ico HTTP/1.1", host: "blog.chinasoft.com", referrer: "https://blog.chinasoft.com/influencer-marketing-tips/"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/header.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

关于Nginx的SSI(包含路径)

如果shtml里面的网页代码包含语句写成如下:

<!--#include virtual="/test.html"-->

这样是没有问题,可以包含的,但是如果写成这样:

<!--#include virtual="../test.html"-->

由于需要包含当前代码文件所在目录路径的上级目录文件,nginx会为此请求产生的子请求uri为/../test.html,默认nginx会认为这个uri并不是安全的,日志(error_log)会输入如下错误:

// :: [error] #: * unsafe URI "/influencer-marketing-tips/../library/footer.html" was detected while sending response to client, client: 1.1.1.1, server: blog.chinasoft.com, request: "GET /influencer-marketing-tips/ HTTP/1.1", host: "blog.chinasoft.com"

不能正确包含文件,页面会输出[an error occurred while processing the directive],解决方法是找到nginx源代码目录的unsafe uri检查函数并强制使其返回一个NGX_OK

# 解决办法:

# 修改源文件tengine-2.2./src/http/ngx_http_parse.c

# 找到ngx_http_parse_unsafe_uri 函数,直接返回 NGX_OK

ngx_http_parse_unsafe_uri(ngx_http_request_t *r, ngx_str_t *uri,

    ngx_str_t *args, ngx_uint_t *flags)

{

    return NGX_OK;            # 新增return NGX_OK;

    u_char      ch, *p, *src, *dst;

    size_t      len;

    ngx_uint_t  quoted;

    len = uri->len;

    p = uri->data;

    quoted = ;

    if (len ==  || p[] == '?') {

        goto unsafe;

    }

    if (p[] == '.' && len >  && p[] == '.'

        && (len ==  || ngx_path_separator(p[])))

    {

        goto unsafe;

    }

    for ( /* void */ ; len; len--) {

        ch = *p++;

        if (ch == '%') {

            quoted = ;

            continue;

        }

        if (usual[ch >> ] & ( << (ch & 0x1f))) {

            continue;

        }

        if (ch == '?') {

            args->len = len - ;

            args->data = p;

            uri->len -= len;

            break;

        }

# 重新编译即可

./configure --prefix=/usr/local/tengine-2.2.3_ssi --with-ld-opt=-Wl,-rpath, --user=daemon --group=daemon --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_stub_status_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_geoip_module --with-http_secure_link_module --with-http_degradation_module --with-mail_ssl_module --with-http_sysguard_module --with-http_concat_module --with-pcre=/usr/local/lab/pcre-8.34 --with-zlib=/usr/local/lab/zlib-1.2. --add-module=/usr/local/lab/ngx_cache_purge-2.3 --with-jemalloc --with-http_upstream_check_module --with-http_lua_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.0/ --with-lua-inc=/usr/local/include/luajit-2.0/ --with-lua-lib=/usr/local/lib/ --with-openssl=/usr/local/lab/openssl-1.1.0i --add-module=/usr/local/ngx_http_geoip2_module-3.2

# make && make install

重新编译以后nginx可以包含上级目录的文件,当然,带来的后果是安全性的下降

centos7.6环境下编译安装tengine-2.2.2的编译安装的更多相关文章

  1. CentOS7.3环境下源码安装httpd

    CentOS7.3环境下源码安装httpd 本文在CentOS7.3下,源码安装apache服务httpd2.4. 1.下载好源码安装包 [root@localhost ~]#ll total 625 ...

  2. Centos7.4环境下搭建Python开发环境(虚拟机安装+python安装+pycharm安装)

    目录 一.安装 Centos7.4虚拟机 二.安装 python3.6.7 三.安装 pycharm 一般情况下,大家都是在 Windows平台下进行 Python开发,软件安装和环境搭建都非常&qu ...

  3. centos7.2环境下安装smokeping对网络状态进行监控

    centos7.2环境下安装smokeping对网络状态进行监控 安装smokeping建议用centos7,用centos6.5一直卡在smokeping那里,下载不了perl的扩展插件,可能是因为 ...

  4. Centos7.x环境下 安装Diszz

    镜像下载.域名解析.时间同步请点击 阿里云开源镜像站 一.背景 Discuz 是基于PHP网页,在 Linux 和 windows 两平台均可部署的论坛工具.本实验带你基于 CentOS 快速搭建属于 ...

  5. CentOS7.x-lnmp环境下安装Discuz论坛

    1.安装lnmp.这里采用一键安装的包 yum -y install wget wget http://soft.vpser.net/lnmp/lnmp1.6-full.tar.gz 2.加压安装ln ...

  6. centos7生产环境下openssh升级

    由于生产环境ssh版本太低,导致使用安全软件扫描时提示系统处于异常不安全的状态,主要原因是ssh漏洞.推荐通过升级ssh版本修复漏洞 因为是生产环境,所以有很多问题需要注意.为了保险起见,在生产环境下 ...

  7. windows 10环境下 使用 msys2 + vs code 配置 c++ 的编译环境

    不太多描述 msys2 与  vs code  ,既然你需要安装 一种语言的编译环境了 ,你肯定对这两个不陌生: 1. 先安装msys2; (下载多少位的msys2就安装多少位的 mingw,本人安装 ...

  8. Centos7.1环境下搭建BugFree

    环境准备: 系统 配置 IP Centos7.1 1核2G+60GB硬盘 10.10.28.204 1. 安装apache yum install httpd  2. 安装mysql yum inst ...

  9. linux环境下(非UI操作)所有软件的安装与卸载总结

    UI界面的软件管理 linux下的软件一般都是经过压缩的,主要的格式有这几种:rpm.tar.tar.gz.tgz等.所以首先拿到软件后第一件事就是解压缩. 在xwindow下以rpm格式的软件安装比 ...

随机推荐

  1. python中打印中文

    python中打印中文 在python 2.x版本中,默认是ASCII编码方式,在有业务需要输入中文时,就会出现乱码的情况.解决这种问题的一个方式就是设置py文件的编码方式.实现方式如下: 在py文件 ...

  2. JEECG 3.8宅男优化版本发布

    1024程序员节宅男节日快乐 -- JAVA快速开发平台,JEECG 3.8宅男优化版本发布 - JEECG开源社区 - CSDN博客https://blog.csdn.net/zhangdaisco ...

  3. Java基础:Java简介及安装配置(1)

    Java简介 Java是Sun公司于1995年推出的高级编程语言,具有跨平台特性,编译后的程序能够运行在多种类型的操作系统平台上. 1.1 Java应用程序版本 Java的3个独立用于开发不同类型应用 ...

  4. Node.js的事件处理机制

    1. 为什么Node.js是单线程执行的 因为从JavaScript设计之初,JavaScript是用户与浏览器交互的,主要处理DOM: 这样决定了JavaScript是单线程执行,否则会出现问题:例 ...

  5. 【XSY3147】子集计数 DFT 组合数学

    题目大意 给定一个集合 \(\{1,2,\ldots,n\}\),要求你从中选出 \(m\) 个数,且这 \(m\) 个数的和是 \(k\).问方案数 \(\bmod 998244353\) \(0\ ...

  6. 初识 go 语言:语法

    目录 语法 for 循环 if 语句 switch 语句 defer 语句 defer 栈 结束 前言: go语言系列第二篇,主要讲述go语言的语法,如循环,if判断,swich语句,defer语句, ...

  7. django-url的分发

    1)url的分发: 1,首先在全局的url里面的路径中写好,你要分发的路径名. 2,并且在你要分发的路径下,创好新的url文件. 在分发的路径名里面,把全局url里面的代码,复制过来 3,最后在浏览器 ...

  8. 20175221 实验一《Java开发环境的熟悉》实验报告

    20175221 实验一<Java开发环境的熟悉>实验报告 (一)Linux运行结果 (二)IDEA下Java程序开发.调试:学会通过调试(Debug)来定位逻辑错误   试验IDEA是否 ...

  9. Vue(小案例_vue+axios仿手机app)_图片列表操作

    一.前言 1.让图片还没有被完全加载出来的时候给用户提示                                       2.图片查看器 二.主要内容 1.让图片还没有被完全加载出来的时候 ...

  10. 微信小程序之 3d轮播(swiper来实现)

    以前写过一篇3d轮播,就是这篇,使用的方法比较笨拙,而且代码不简洁.这次发现swiper也能实现同样的效果.故记录一下. 先看看效果: wxml: <swiper previous-margin ...