# 1.25.3.1
openresty 在 2024年1月9日的时候更新了 1.25.3.1 版本,其中值得关注的部分包括但不限于:
使用 nginx 1.25.3(此前使用 1.21,有 0 day 漏洞)
支持 HTTP/3 PCRE2 (更快)
lua-nginx-module 支持使用 lua 处理 ssl
lua-resty-core (性能更新) lua-resty-dns (新清理方法) LuaJIT (合并上游 PR)
因为 1.25.3.1 版本支持了 PCRE 2,所以编译步骤与此前有略微不同
# 0 安装编译环境
apt install gcc make perl patch -y
| 包名/模块 | 作用 |
|---|---|
| openresty (opens new window) | openresty 本体 |
| nginx-sticky-module-ng (opens new window) | 根据 cookie 转发到同一 upstream |
| nginx-module-vts (opens new window) | 查看 nginx 状态 |
| nginx_upstream_check_module (opens new window) | 检查 upstream |
| pcre (opens new window) | 正则匹配 |
| openssl (opens new window) | 加解密套件 |
| zlib (opens new window) | 传输内容 gzip 压缩 |
# 下载源码、模块
wget https://openresty.org/download/openresty-1.25.3.1.tar.gz
wget https://github.com/liberatti/nginx-sticky-module-ng/archive/refs/heads/master.zip -O nginx-sticky-module-ng-master.zip
wget https://github.com/vozlt/nginx-module-vts/archive/refs/heads/master.zip -O nginx-module-vts-master.zip
wget https://github.com/yaoweibin/nginx_upstream_check_module/archive/refs/heads/master.zip -O nginx_upstream_check_module-master.zip
wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.42/pcre2-10.42.tar.gz
wget https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz
wget https://zlib.net/zlib-1.3.1.tar.gz
# 解压
find ./ -name "*.tar.gz" | xargs -I {} tar xzvf {}
find ./ -name "*.zip" | xargs -I {} unzip {}
# 1 编译
# 添加环境变量
OPENRESTY_VERSION=1.25.3.1
NGINX_VERSION=1.25.3
# 编译 LuaJIT,并删除动态库,让链接的时候使用静态库链接
cd openresty-${OPENRESTY_VERSION}
cd bundle/LuaJIT-*
make install -j$(grep -c ^processor /proc/cpuinfo) PREFIX=`pwd`
LUAROOT=`pwd`
rm -rf lib/*.so*
cd ../..
# nginx-module-vts 和 nginx_upstream_check_module 有冲突,需要打补丁
cd bundle/nginx-${NGINX_VERSION}
patch -p1 < ../../../nginx_upstream_check_module-master/check_1.20.1+.patch
cd ../../
# 搜索并去掉 without-pcre2
sed -i "/push @ngx_opts, '--without-pcre2';/d" configure
# 设置编译选项
./configure \
-j$(grep -c ^processor /proc/cpuinfo)\
--prefix=.\
--with-cc-opt="-O2"\
--with-luajit=${LUAROOT}\
--with-http_v2_module\
--with-http_v3_module\
--with-pcre-jit\
--with-http_stub_status_module\
--with-http_ssl_module\
--with-http_sub_module\
--with-stream\
--with-stream_ssl_module\
--with-stream_ssl_preread_module\
--add-module=../nginx-module-vts-master\
--add-module=../nginx_upstream_check_module-master\
--add-module=../nginx-sticky-module-ng-master\
--with-zlib=../zlib-1.3.1\
--with-pcre=../pcre2-10.42\
--with-openssl=../openssl-1.1.1w\
--with-http_iconv_module
# 编译,安装
gmake -j$(grep -c ^processor /proc/cpuinfo)
gmake install
# 复制安装内容到新目录,并打包,包内的 openresty 可分发
mkdir openresty_${OPENRESTY_VERSION} -p
cp bundle/LuaJIT-* ./openresty_${OPENRESTY_VERSION}/luajit -r
cp lualib ./openresty_${OPENRESTY_VERSION} -r
cp nginx ./openresty_${OPENRESTY_VERSION} -r
cp pod ./openresty_${OPENRESTY_VERSION} -r
cp site ./openresty_${OPENRESTY_VERSION} -r
tar czf openresty_${OPENRESTY_VERSION}.tar.gz openresty_${OPENRESTY_VERSION}
# 配置 logrotate
cat << EOF > /etc/logrotate.d/openresty_${OPENRESTY_VERSION}
${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}/nginx/logs/access.log
${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}/nginx/logs/error.log
{
daily
rotate 15
copytruncate
missingok
dateext
compress
notifempty
}
EOF
# 配置 systemd
cat << EOF > /etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
WorkingDirectory=${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}
PIDFile=${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}/nginx/logs/nginx.pid
ExecStartPre=${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}/nginx/sbin/nginx -t
ExecStart=${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}/nginx/sbin/nginx
ExecReload=${INSTALL_DIR}/openresty_${OPENRESTY_VERSION}/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
编译使用 PCRE2,但是 configure 脚本里面居然强制添加了 --without-pcre2 参数,因此需要从脚本中删除这一行才能正常编译
← 1.21.4.3