在AWS Elastic Beanstalk、Amazon Linux上安装动态nginx模块2

l3zydbqr  于 2023-10-17  发布在  Nginx
关注(0)|答案(1)|浏览(163)

我想删除由nginx添加的“Server”HTTP头。模块headers-more-nginx-module添加了此功能。
此模块在默认的Amazon yum存储库中不可用。
如何将模块添加到在Amazon Linux 2上运行的AWS Elastic Beanstalk EC2示例?

kulphzqa

kulphzqa1#

您需要从源代码编译模块,作为“动态模块”。下面是一个例子,特别是headers-more-nginx-module
假设您将应用程序以zip文件的形式上传到Elastic Beanstalk,则zip应包含三个文件,其内容如下。

.ebextensions/01-nginx-modules.config

# Install any system-level dependencies required to build nginx or your module
packages:
  yum:
    pcre2-devel: []
    zlib-devel: []

# Download the source for your nginx module
sources:
  /root: https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v0.34.tar.gz

.platform/hooks/predeploy/01-nginx-modules.sh

#!/usr/bin/env bash

set -o errexit -o pipefail -o verbose

# Ensure we start in the user home dir
cd ~

# Dynamically get the current version of nginx
nginx -V &> nginx_version.txt
nginx_version=$(grep -oP "(?<=nginx version: nginx/).*" ./nginx_version.txt)

# Download and extract nginx
wget -O nginx.tar.gz http://nginx.org/download/nginx-"${nginx_version}".tar.gz
tar -xzvf nginx.tar.gz

# Build the module. Most of the settings are copied from `nginx -V`, in case they're required for binary compatibility.
# We really just add `--add-dynamic-module` to the end.
cd nginx-"${nginx_version}"/
./configure \
  --prefix=/usr/share/nginx \
  --sbin-path=/usr/sbin/nginx \
  --modules-path=/usr/lib64/nginx/modules \
  --conf-path=/etc/nginx/nginx.conf \
  --error-log-path=/var/log/nginx/error.log \
  --http-log-path=/var/log/nginx/access.log \
  --http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
  --http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
  --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
  --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
  --http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
  --pid-path=/run/nginx.pid \
  --lock-path=/run/lock/subsys/nginx \
  --user=nginx \
  --group=nginx \
  --with-compat \
  --with-debug \
  --with-file-aio \
  --with-mail=dynamic \
  --with-pcre \
  --with-pcre-jit \
  --with-stream=dynamic \
  --with-threads \
  --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' \
  --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' \
  --add-dynamic-module=../headers-more-nginx-module-0.34/
make modules

# Copy the module somewhere it can be loaded dynamically.
# Overwrite any existing file (`\cp`, to skip the alias for `cp -i`, which prompts for overwrite).
\cp objs/ngx_http_headers_more_filter_module.so /usr/share/nginx/modules/

# Edit the staged default nginx.conf, just inserting the `load_module` directive.
# (This can't live in a `conf.d/` file, which only allows extending the `http` directive.)
# The `sed` comment will insert (/i) our code before the line containing `events {`.
# `-i.bak` will update the file in place, saving the original version as a new file with extension `.bak`.
sed -i.bak \
  '/events {/i # Hide the Server HTTP header\nload_module modules/ngx_http_headers_more_filter_module.so;\n' \
  /var/proxy/staging/nginx/nginx.conf

.platform/nginx/conf.d/01-remove-headers.conf

more_clear_headers Server;

这是在http上下文中应用任何指令的地方。

风险

1.从github.com和nginx.com下载意味着,如果其中一个主机不可用,或者如果文件在这些第三方服务器上移动,您的应用部署可能会失败。
1.在每个部署上安装依赖项、下载源代码和编译模块会降低应用部署的速度。
1.更新到Amazon Linux 2(或更改操作系统)可能会更改nginx的版本或编译标志,从而导致二进制不兼容。
这些风险可以通过以下方式缓解:
1.在S3上存储源程序包。
1.将编译好的模块存储在S3中,并使编译成为手动步骤。(开发人员可以在VM中编译nginx。
1.嗯嗯

相关问题