How to Install Nginx from Source on CentOS 8

Last Updated: Fri, Jul 24, 2020
CentOS Web Servers

Introduction

Installing Nginx from source code allows complete customization for your specific needs. This tutorial describes the steps to install a full-featured Nginx server on CentOS 8. Each compilation option is described so you can make an informed choice about how to compile your installation.

Prerequisites

1. Install Development Tools

Before you compile Nginx, you'll need to install some tools.

$ sudo dnf groupinstall 'Development Tools'
$ sudo dnf install epel-release
$ sudo dnf install wget

2. Download Nginx Source

Visit the Nginx download page and locate the latest Mainline version URL. Substitute that URL in the commands below.

$ mkdir -p /tmp/nginxinstallation
$ cd /tmp/nginxinstallation/
$ wget https://nginx.org/download/nginx-1.19.1.tar.gz && tar zxvf nginx-*

3. Download Dependencies

Download and unpack some dependencies.

$ wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar zxvf pcre-*
$ wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar zxvf zlib-*
$ wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz && tar zxvf openssl-*

4. Install Optional Dependencies

The Nginx configuration in this tutorial depends on several packages. You may not need these if you exclude them in your makefile configuration. We recommend you follow this tutorial once to verify your tool-chain works properly before making customizations.

Install the optional dependencies:

$ sudo dnf install perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel GeoIP GeoIP-devel gperftools-devel

5. Create The Nginx User

Nginx requires a user account.

$ adduser nginx --system --no-create-home --shell /bin/false --user-group

6. Compile Nginx

When configuring the Nginx makefile, you'll choose many command-line options, which are described below.

Mandatory Options

These options are required.

  • --prefix= the directory for Nginx configuration files.
  • --sbin-path= the path for the Nginx binary.
  • --pid-path= the path for the Nginx pidfile.
  • --lock-path= the path for the Nginx lockfile.
  • --conf-path= the path for the Nginx configuration file.
  • --modules-path= the path for Nginx modules.
  • --error-log-path= the path for the error log file.
  • --http-log-path= the path for the access log file.
  • --user= the user name for worker processes.
  • --group= the group name for worker processes.
  • --with-pcre= the path for the PCRE source code library.
  • --with-pcre-jit= PCRE will be used in just-in-time compilation mode.
  • --with-zlib= the path for the zlib source code library.
  • --with-openssl= the path ofor the openssl source code library.

Optional Settings

Speed and Security

  • --with-httpsslmodule enable HTTPS.
  • --with-httpv2module enable HTTP/2.
  • --with-threads enables Thread Pools for better performance.
  • --with-file-aio enables asynchronous I/O for better performance.
  • --with-httpdegradationmodule return an error if the request uses too much memory.
  • --with-httpauthrequest_module allows basic HTTP authentication.
  • --with-httpgeoipmodule enables Goelocation from the user’s IP address.
  • --with-httprealipmodule sets the real client IP instead of the one specified in the header.
  • --with-httpsecurelink_module protect resources from unauthorized access.

Metrics and Advanced

  • --with-cpptestmodule checks C++ compatibility.
  • --with-debug enables the debug log debug.
  • --with-googleperftoolsmodule enables the Google Performance Toolkit.
  • --with-httpstubstatus_module enables basic status information.

Additional Functions

  • --with-mail enables the mail proxy.
  • --with-mailsslmodule allows email proxying through SSL/TLS.
  • --with-httpmp4module adds support for MP4 file streaming.
  • --with-httpflvmodule adds support for FLV file streaming.
  • --with-stream enables streaming through a proxy with UDP/TCP protocols.
  • --with-streamsslmodule enables Nginx to proxy streams through SSL/TLS.
  • --with-streamsslpreread_module extract information from "ClientHello" without closing SSL/TLS.
  • --with-httpdavmodule enables WebDAV file management.
  • --with-httpimagefilter_module allows image transformation in PNG, JPEG and GIF format.
  • --with-httpgunzipmodule decompress requests with gzip if the client does not support the zip encoding.
  • --with-httpgzipstatic_module send pre-compressed .gz files instead of regular files.
  • --with-httpperlmodule implements PERL.
  • --with-httpadditionmodule insert text before and after an answer.
  • --with-httprandomindex_module show a random page when a file in the URL can not be defined.
  • --with-httpslicemodule divide a request into subrequests, useful for caching of large files.
  • --with-httpsubmodule change text in replies.
  • --with-httpxsltmodule transform XML with XSLT.
  • --with-select_module enables the select() method.
  • --with-poll_module enables the poll() method.

Configure the Makefile

For a full-featured Nginx server, copy and paste the configuration commands below.

$ cd nginx-1.18.0
$ sudo ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--conf-path=/etc/nginx/nginx.conf \
--modules-path=/etc/nginx/modules \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=nginx \
--group=nginx \
--with-pcre=../pcre-8.44 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1g \
--with-http_ssl_module \
--with-http_v2_module \
--with-threads \
--with-file-aio \
--with-http_degradation_module \
--with-http_auth_request_module \
--with-http_geoip_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-cpp_test_module \
--with-debug \
--with-google_perftools_module \
--with-mail \
--with-mail_ssl_module \
--with-http_mp4_module \
--with-http_flv_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_dav_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_addition_module \
--with-http_random_index_module \
--with-http_slice_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-select_module \
--with-poll_module 
$ sudo make 
$ sudo make install

7. Create the System Service

  1. Edit the Nginx system service file.

    $ sudo nano /etc/systemd/system/nginx.service
    
  2. Paste the following:

    [Unit]
    Description=The NGINX HTTP and reverse proxy server
    After=syslog.target network-online.target remote-fs.target nss-lookup.target
    Wants=network-online.target
    
    [Service]
    Type=forking
    PIDFile=/var/run/nginx.pid
    ExecStartPre=/usr/sbin/nginx -t
    ExecStart=/usr/sbin/nginx
    ExecReload=/usr/sbin/nginx -s reload
    ExecStop=/bin/kill -s QUIT $MAINPID
    PrivateTmp=true
    
    [Install]
    WantedBy=multi-user.target
    
  3. Save and exit the file.

  4. Reload the systemctl daemon.

    $ sudo systemctl daemon-reload
    
  5. Enable the system service.

    $ systemctl enable nginx.service 
    
  6. Start Nginx.

    $ sudo service nginx start
    
  7. Verify that Nginx is running.

    $ sudo service nginx status 
    

8. Configure the Firewall

Use firewall-cmd to allow traffic to the webserver.

$ firewall-cmd --zone=public --permanent --add-service=http
$ firewall-cmd --zone=public --permanent --add-service=https
$ firewall-cmd --reload

Conclusion

Installing a web server from source code is more involved than a packaged version, but allows you to perform custom configuration.

Want to contribute?

You could earn up to $300 by adding new articles