openresty精简编译

编译openresty应用，用于开发waf，尽可能做到精简

0x01 nginx 编译准备

• 系统环境

rocky 9

dnf install pcre pcre-devel zlib zlib-devel libxml2 libxml2-devel libxslt libxslt-devel gd gd-devel  perl-ExtUtils-Embed  perl-core  gcc-c++ cmake git -y

lua-moudle模块的 v0.10.16 版本开始，lua-resty-core 库是必须的。lua-resty-core 提供了许多核心功能和优化，使得 Lua 代码在 Nginx 上运行得更加高效和稳定。 /usr/local/lualib/

在某些 OpenResty 的配置和模块中，resty.lrucache 被用作默认的缓存机制。如果没有安装这个库，某些依赖它的功能将无法正常工作，从而导致 Nginx 无法启动。例如，一些第三方模块或自定义 Lua 脚本可能依赖 resty.lrucache 来实现缓存功能。

使用BoringSSL 作为 OpenSSL的替代品(未编译通过)

git clone https://boringssl.googlesource.com/boringssl 

cd  boringssl
mkdir build
cd  build
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j 4
cd ..
rm -rf .openssl
mkdir -p .openssl/lib
cd .openssl
ln -s ../include/ include
cd ..
cp build/crypto/libcrypto.a .openssl/lib/
cp build/ssl/libssl.a  .openssl/lib/
touch .openssl/include/openssl/ssl.h

zlib

wget https://www.zlib.net/zlib-1.3.1.tar.gz
tar zvxf zlib-1.3.1.tar.gz
cd zlib-1.3.1
./configure  && make -j 4
cd ..

prce

wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz/download -O pcre-8.45.tar.gz
tar zvxf pcre-8.45.tar.gz
cd  pcre-8.45
./configure  && make -j 4
cd ..

openssl

wget   https://www.openssl.org/source/openssl-3.0.13.tar.gz
tar zvxf openssl-3.0.13.tar.gz
cd openssl-3.0.13
./config && make -j 4
mkdir -p .openssl/lib
cd .openssl
ln -s ../include/ include
cd ..
cp libcrypto.a .openssl/lib/
cp libssl.a .openssl/lib/
cd ..

0x02 编译和安装

mkdir -p /data/logs
mkdir -p /data/wwwroot
chown nobody:adm /data/logs/
chattr +t /data/logs
mkdir /data/logs/waflog
chown nobody:nobody /data/logs/waflog

相关文件配置编译配置

wget https://openresty.org/download/openresty-1.25.3.1.tar.gz
tar zvxf openresty-1.25.3.1.tar.gz
cd openresty-1.25.3.1

• 修改openresty的configure文件如下

my @modules = (
    [ndk => 'ngx_devel_kit'],
    [http_iconv => 'iconv-nginx-module', 'disabled'],
    [http_echo => 'echo-nginx-module', 'disabled'],
    [http_xss => 'xss-nginx-module', 'disabled'],
    [http_coolkit => 'ngx_coolkit', 'disabled'],
    [http_set_misc => 'set-misc-nginx-module', 'disabled'],
    [http_form_input => 'form-input-nginx-module', 'disabled'],
    [http_encrypted_session => 'encrypted-session-nginx-module', 'disabled'],
    [http_drizzle => 'drizzle-nginx-module', 'disabled'],
    [http_postgres => 'ngx_postgres', 'disabled'],
    [http_srcache => 'srcache-nginx-module', 'disabled'],
    [http_lua => 'ngx_lua'],
    [http_lua_upstream => 'ngx_lua_upstream'],
    [http_headers_more => 'headers-more-nginx-module', 'disabled'],
    [http_array_var => 'array-var-nginx-module', 'disabled'],
    [http_memc => 'memc-nginx-module', 'disabled'],
    [http_redis2 => 'redis2-nginx-module', 'disabled'],
    [http_redis => 'redis-nginx-module', 'disabled'],
    #[http_upstream_keepalive => 'upstream-keepalive-nginx-module'],
    #[http_auth_request => 'auth-request-nginx-module'],
    [http_rds_json => 'rds-json-nginx-module', 'disabled'],
    [http_rds_csv => 'rds-csv-nginx-module', 'disabled'],
    [stream_lua => 'ngx_stream_lua'],
);

./configure \
--prefix=/usr/local \
--modules-path=/usr/local/nginx/modules \
--sbin-path=/usr/local/nginx/sbin/nginx \
--conf-path=/usr/local/nginx/conf/nginx.conf \
--error-log-path=/data/logs/error.log \
--http-log-path=/data/logs/access.log \
--with-cc-opt='-O2 -DNGX_LUA_ABORT_AT_PANIC' \
--with-zlib=../zlib-1.3.1 \
--with-pcre=../pcre-8.45 \
--with-openssl=../openssl-3.0.13 \
--with-pcre-jit \
--with-stream \
--user=nobody \
--group=nobody \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_v2_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module  \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_gunzip_module \
--with-threads \
--with-compat \
--with-stream=dynamic \
--with-http_ssl_module \
--with-debug \
--without-lua_resty_dns \
--without-lua_resty_memcached \
--without-lua_redis_parser \
--without-lua_rds_parser \
--without-lua_resty_redis \
--without-lua_resty_mysql \
--without-lua_resty_upload \
--without-lua_resty_upstream_healthcheck \
--without-lua_resty_string \
--without-lua_resty_websocket \
--without-lua_resty_limit_traffic \
--without-lua_resty_lrucache \
--without-lua_resty_lock \
--without-lua_resty_signal \
--without-lua_resty_lrucache \
--without-lua_resty_shell \
--without-lua_resty_core \
--without-select_module \
--without-lua_resty_mysql \
--without-http_charset_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-http_auth_basic_module \
--without-http_mirror_module \
--without-http_autoindex_module \
--without-http_split_clients_module \
--without-http_memcached_module \
--without-http_empty_gif_module \
--without-http_browser_module \
--without-stream_limit_conn_module \
--without-stream_geo_module \
--without-stream_map_module \
--without-stream_split_clients_module \
--without-stream_return_module     

• 编译和安装

gmake && gmake install

0x03 脚本

自动安装脚本如下:

install.sh

#!/bin/bash

set -e  # 遇到错误立即退出

# 定义版本号和路径
ZLIB_VERSION="1.3.1"
OPENSSL_VERSION="3.0.13"
OPENRESTY_VERSION="1.25.3.1"
INSTALL_PREFIX="/usr/local"
NGINX_PREFIX="$INSTALL_PREFIX/nginx"
LOG_DIR="/data/logs"
WWW_DIR="/data/wwwroot"
ZLIB_URL="https://www.zlib.net/zlib-$ZLIB_VERSION.tar.gz"
OPENSSL_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"
OPENRESTY_URL="https://openresty.org/download/openresty-$OPENRESTY_VERSION.tar.gz"
PCRE_URL="https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz/download"
# 安装依赖项
dnf install -y pcre pcre-devel zlib zlib-devel libxml2 libxml2-devel libxslt libxslt-devel gd gd-devel perl-ExtUtils-Embed perl-core gcc-c++ cmake git

# 下载并编译 zlib
wget $ZLIB_URL
tar zvxf "zlib-$ZLIB_VERSION.tar.gz"
cd "zlib-$ZLIB_VERSION"
./configure && make -j 4
cd ..
# 下载并编译pcre
wget $PCRE_URL -O pcre-8.45.tar.gz
tar zvxf pcre-8.45.tar.gz
cd  pcre-8.45
./configure  && make -j 4
cd ..


# 下载并编译 OpenSSL
wget $OPENSSL_URL
tar zvxf "openssl-$OPENSSL_VERSION.tar.gz"
cd "openssl-$OPENSSL_VERSION"
./config && make -j 4
mkdir -p .openssl/lib
cd .openssl
ln -s ../include/ include
cd ..
cp libcrypto.a .openssl/lib/
cp libssl.a .openssl/lib/
cd ..

# 创建必要的目录和设置权限
mkdir -p $LOG_DIR $WWW_DIR $LOG_DIR/waflog
chown nobody:nobody $LOG_DIR/waflog

# 下载并编译 OpenResty
wget $OPENRESTY_URL
tar zvxf "openresty-$OPENRESTY_VERSION.tar.gz"
cd "openresty-$OPENRESTY_VERSION"

# 编译配置修改
/bin/cp -rf ../configure ./
# 编译
./configure \
--prefix=$INSTALL_PREFIX \
--modules-path=$NGINX_PREFIX/modules \
--sbin-path=$NGINX_PREFIX/sbin/nginx \
--conf-path=$NGINX_PREFIX/conf/nginx.conf \
--error-log-path=$LOG_DIR/error.log \
--http-log-path=$LOG_DIR/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
--with-cc-opt="-O2" \
--with-zlib=../"zlib-$ZLIB_VERSION" \
--with-pcre=../pcre-8.45 \
--with-openssl=../"openssl-$OPENSSL_VERSION" \
--with-pcre-jit \
--with-stream=dynamic \
--user=nobody \
--group=nobody \
--with-stream_ssl_module \
--with-http_v2_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module  \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_gunzip_module \
--with-threads \
--with-compat \
--with-file-aio \
--with-http_image_filter_module \
--with-http_perl_module=dynamic \
--with-http_degradation_module \
--with-http_ssl_module \
--with-http_addition_module \
--with-http_slice_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-debug \
--without-lua_resty_dns \
--without-lua_resty_memcached \
--without-lua_redis_parser \
--without-lua_rds_parser \
--without-lua_resty_redis \
--without-lua_resty_mysql \
--without-lua_resty_upload \
--without-lua_resty_upstream_healthcheck \
--without-lua_resty_websocket \
--without-lua_resty_limit_traffic \
--without-lua_resty_lock \
--without-lua_resty_signal \
--without-lua_resty_shell \
--without-select_module \
--without-lua_resty_mysql \
--without-http_charset_module \
--without-http_ssi_module \
--without-http_userid_module \
--without-http_auth_basic_module \
--without-http_mirror_module \
--without-http_autoindex_module \
--without-http_split_clients_module \
--without-http_memcached_module \
--without-http_empty_gif_module \
--without-http_browser_module \
--without-stream_limit_conn_module \
--without-stream_geo_module \
--without-stream_map_module \
--without-stream_split_clients_module \
--without-stream_return_module  

gmake -j 4 && gmake install
cd ..
# 创建虚拟主机配置目录并复制配置文件
mkdir -p $NGINX_PREFIX/conf/vhost
mkdir -p /var/lib/nginx/tmp/client_body