This article is outdated and may not work correctly for current operating systems or software.
NGINX can be used as an HTTP/HTTPS server, reverse proxy server, mail proxy server, load balancer, TLS terminator, or caching server. It is quite modular by design. It has native modules and third-party modules created by the community. Written in the C programming language, it's a very fast and lightweight piece of software.
NOTE: NGINX has two version streams that run in parallel - stable and mainline. Both versions can be used on a production server. It is recommended to use the mainline version in production.
Installing NGINX from source code is relatively "easy" - download the latest version of the NGINX source code, configure, build and install it.
In this tutorial I will use the mainline version, which is 1.13.3 at the time of writing. Update version numbers accordingly when newer versions become available.
Mandatory requirements:
OpenSSL library version between 1.0.2 - 1.1.0
zlib library version between 1.1.3 - 1.2.11
PCRE library version between 4.4 - 8.41
GCC Compiler
Optional requirements:
Create regular user with sudo
access:
Switch to the new user:
su - <username>
Update system:
sudo dnf check-update || sudo dnf upgrade -y
Install "Development Tools", Vim editor, wget, and gcc-c++:
sudo dnf install -y @development-tools && sudo dnf install -y vim wget gcc-c++
Download the latest mainline version of NGINX source code and untar it:
wget https://nginx.org/download/nginx-1.13.3.tar.gz && tar zxvf nginx-1.13.3.tar.gz
Download the NGINX dependencies' source code and extract them:
# PCRE version 8.41
wget https://ftp.pcre.org/pub/pcre/pcre-8.41.tar.gz && tar xzvf pcre-8.41.tar.gz
# zlib version 1.2.11
wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz
# OpenSSL version 1.1.0f
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz && tar xzvf openssl-1.1.0f.tar.gz
Download and install optional NGINX dependencies:
# perl
sudo dnf install -y perl perl-devel perl-ExtUtils-Embed
# libxslt
sudo dnf install -y libxslt libxslt-devel
# libxml2
sudo dnf install -y libxml2 libxml2-devel
# libgd
sudo dnf install -y gd gd-devel
# GeoIP
sudo dnf install -y GeoIP GeoIP-devel
# Libatomic_Ops
sudo dnf install -y libatomic_ops libatomic_ops-devel
Remove all .tar.gz
files. We don't need them anymore:
rm -rf *.tar.gz
Go to the NGINX source directory:
cd ~/nginx-1.13.3
For good measure, list NGINX source code files and directories:
ls
# auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
Copy NGINX manual page to /usr/share/man/man8/
:
sudo cp ~/nginx-1.13.3/man/nginx.8 /usr/share/man/man8/
sudo gzip /usr/share/man/man8/nginx.8
# Check that Man page for NGINX is working
man nginx
For help, you can list available configuration switches by running:
./configure --help
# To see want core modules can be build as dynamic run:
./configure --help | grep -F =dynamic
Configure, compile, and install NGINX:
./configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--build=Fedora \
--builddir=nginx-1.13.3 \
--with-select_module \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_perl_module=dynamic \
--with-perl=/usr/bin/perl \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre=../pcre-8.41 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.0f \
--with-openssl-opt=no-nextprotoneg \
--with-debug
make
sudo make install
Print the NGINX version, compiler version, and configure script parameters:
nginx -V
# nginx version: nginx/1.13.3 (Fedora)
# built by gcc 6.3.1 20161221 (Red Hat 6.3.1-1) (GCC)
# built with OpenSSL 1.1.0f 25 May 2017
# TLS SNI support enabled
# configure arguments: --prefix=/etc/nginx . . .
# . . .
Create the NGINX system user and group:
sudo useradd --system --home /var/cache/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx
Check syntax and potential errors:
sudo nginx -t
# Will throw this error: nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (2: No such file or directory)
# Just create directory
sudo mkdir -p /var/cache/nginx/ && sudo nginx -t
Create a systemd unit file for NGINX:
sudo vim /etc/systemd/system/nginx.service
Copy/paste the following content:
NOTE: The location of the
PID
file and the NGINX binary may be different depending on how NGINX was compiled.
[Unit]
Description=Nginx - A high performance web server and a reverse proxy server
Documentation=http://nginx.org/en/docs/
After=network.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /var/run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
Start NGINX:
sudo systemctl start nginx.service
Enable NGINX to start automatically on boot:
sudo systemctl enable nginx.service
Check if NGINX will startup after a reboot:
sudo systemctl is-enabled nginx.service
# enabled
Check if NGINX is running:
sudo systemctl status nginx.service
ps aux | grep nginx
curl -I 127.0.0.1
Reboot your VPS to verify that NGINX starts up automatically:
sudo shutdown -r now
Remove archaic files from the /etc/nginx/
directory:
sudo rm /etc/nginx/koi-utf /etc/nginx/koi-win /etc/nginx/win-utf
Place syntax highlighting files of NGINX configuration for vim
into ~/.vim/
. You will be presented with nice syntax highlighting when editing NGINX configuration file:
mkdir ~/.vim/
cp -r ~/nginx-1.13.3/contrib/vim/* ~/.vim/
Make a conf.d/
directory in the /etc/nginx/
directory. In this directory, you can place virtual servers and upstreams:
sudo mkdir /etc/nginx/conf.d/
Remove extracted directories and files from your home directory:
rm -rf nginx-1.13.3/ openssl-1.1.0f/ pcre-8.41/ zlib-1.2.11/
That's it. You now have newest version of NGINX installed. It is compiled statically against some important libraries like OpenSSL. Often, the system OpenSSL version is outdated. By using this method of installing with a newer version of OpenSSL, you can take advantage of new ciphers like CHACHA20_POLY1305
and protocols like TLS 1.3 that will be available in OpenSSL 1.1.1
(which has not been released at the time of writing).