参考资料

ngx_http_google_filter_module
高版本nginx兼容情况的issues

先卸载已有的Nginx

1
sudo apt remove nginx -y

编译安装Nginx

下载源码

1
2
3
4
5
6
7
8
git clone https://github.com/aperezdc/ngx-fancyindex.git ngx-fancyindex
git clone https://github.com/cuber/ngx_http_google_filter_module
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
wget http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-8.45.zip
wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1u.tar.gz
wget http://zlib.net/fossils/zlib-1.2.11.tar.gz
wget http://nginx.org/download/nginx-1.9.15.tar.gz
wget http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-8.45.zip

解压源码

1
2
3
4
tar xzvf nginx-1.9.15.tar.gz
unzip pcre-8.45.zip 
tar xzvf openssl-1.0.1u.tar.gz
tar xzvf zlib-1.2.11.tar.gz

编译与安装

1
2
3
4
5
cd nginx-1.9.15/
./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx_error.log --http-log-path=/var/log/nginx_access.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=root --group=root --with-http_ssl_module --without-http_ssi_module --without-http_memcached_module --without-http_browser_module --without-http_geo_module  --without-http_scgi_module  --without-http_uwsgi_module --without-select_module --add-module=../ngx-fancyindex --add-dynamic-module=../ngx_http_google_filter_module --add-module=../ngx_http_substitutions_filter_module --with-pcre=../pcre-8.45 --with-openssl=../openssl-1.0.1u --with-zlib=../zlib-1.2.11 --with-http_v2_module --with-http_realip_module
sed -i 's/-Werror //g' objs/Makefile
make
make install

Nginx加入开机自启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
sudo tee /etc/systemd/system/nginx.service >/dev/null <<'EOF'
[Unit]
Description=nginx
After=network.target

[Service]
User=root
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/usr/sbin/nginx -s stop
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

将Nginx交给Systemd托管,设置Nginx下次开机启动

1
sudo systemctl daemon-reload && sudo systemctl enable nginx.service

修改Nginx配置

1、配置文件中要加载动态模块ngx_http_google_filter_module,所以添加如下语句load_module modules/ngx_http_google_filter_module.so;
2、在二级域名中添加ngx_http_google_filter_module相关配置,在我这里的二级域名是go.kexie.party

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
user  root;
worker_processes  1;
load_module modules/ngx_http_google_filter_module.so;
pid        /var/run/nginx.pid;
error_log /var/log/nginx_error.log;

events {
    use epoll;
    worker_connections  1024;
    multi_accept on;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    charset ISO-88509-1;
    sendfile on;
    tcp_nopush     on;
    tcp_nodelay on;
    keepalive_timeout  60;
    client_header_buffer_size 4k;
    open_file_cache max=102400 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 1;
    client_header_timeout 15;
    client_body_timeout 15;
    reset_timedout_connection on;
    send_timeout 15;
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 3;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    server_tokens off;
    access_log  /var/log/nginx_access.log;

    server {
    if ($host = www.kexie.party) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = kexie.party) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = go.kexie.party) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 default_server;
        return 301 https://$server_name$request_uri;

}

    server {
        listen       443 ssl;

        # 把example.com换成你的域名
        server_name  www.kexie.party kexie.party;
        root         /root/mokee;
        location / {
            expires 10h;
            fancyindex on;
            fancyindex_exact_size off;
            fancyindex_localtime on;
            fancyindex_header "/fancyindex/header.html";
            fancyindex_footer "/fancyindex/footer.html";
            fancyindex_ignore "donate" "fancyindex" "Download";
        }
        location ~*  ^.+\.(jpg|gif|png|img|apk|tar.gz|wmv|jpeg|mp3|mp4|zip|rar)$ {
            valid_referers none blocked www.kexie.party kexie.party;
            if ($invalid_referer){
                return 403;
                break;
            }
            access_log off;
        }
    }

    server {
        listen       443 ssl;
        # 把example.com换成你的域名
        server_name  go.kexie.party;
        resolver 8.8.8.8;
        location / {
            google on;
            google_scholar on;
      }
    }
}

安装cerbot自动申请证书

前提是为二级域名添加dns记录,一般半小时不到生效。

1
2
apt install python3-certbot-nginx
certbot --nginx

非常傻瓜,按照指引来就好了