Installing Nginx from source code allows complete customization for your specific needs. This tutorial describes the steps to install a full-featured Nginx server on CentOS 8. Each compilation option is described so you can make an informed choice about how to compile your installation.
A fully updated CentOS 8 server
A non-root sudo user
Before you compile Nginx, you'll need to install some tools.
$ sudo dnf groupinstall 'Development Tools'
$ sudo dnf install epel-release
$ sudo dnf install wget
Visit the Nginx download page and locate the latest Mainline version URL. Substitute that URL in the commands below.
$ mkdir -p /tmp/nginxinstallation
$ cd /tmp/nginxinstallation/
$ wget https://nginx.org/download/nginx-1.19.1.tar.gz && tar zxvf nginx-*
Download and unpack some dependencies.
$ wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar zxvf pcre-*
$ wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar zxvf zlib-*
$ wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz && tar zxvf openssl-*
The Nginx configuration in this tutorial depends on several packages. You may not need these if you exclude them in your makefile configuration. We recommend you follow this tutorial once to verify your tool-chain works properly before making customizations.
Install the optional dependencies:
$ sudo dnf install perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel GeoIP GeoIP-devel gperftools-devel
Nginx requires a user account.
$ adduser nginx --system --no-create-home --shell /bin/false --user-group
When configuring the Nginx makefile, you'll choose many command-line options, which are described below.
These options are required.
--prefix= the directory for Nginx configuration files.
--sbin-path= the path for the Nginx binary.
--pid-path= the path for the Nginx pidfile.
--lock-path= the path for the Nginx lockfile.
--conf-path= the path for the Nginx configuration file.
--modules-path= the path for Nginx modules.
--error-log-path= the path for the error log file.
--http-log-path= the path for the access log file.
--user= the user name for worker processes.
--group= the group name for worker processes.
--with-pcre= the path for the PCRE source code library.
--with-pcre-jit= PCRE will be used in just-in-time compilation mode.
--with-zlib= the path for the zlib source code library.
--with-openssl= the path ofor the openssl source code library.
--with-httpsslmodule enable HTTPS.
--with-httpv2module enable HTTP/2.
--with-threads enables Thread Pools for better performance.
--with-file-aio enables asynchronous I/O for better performance.
--with-httpdegradationmodule return an error if the request uses too much memory.
--with-httpauthrequest_module allows basic HTTP authentication.
--with-httpgeoipmodule enables Goelocation from the userâs IP address.
--with-httprealipmodule sets the real client IP instead of the one specified in the header.
--with-httpsecurelink_module protect resources from unauthorized access.
--with-cpptestmodule checks C++ compatibility.
--with-debug enables the debug log debug.
--with-googleperftoolsmodule enables the Google Performance Toolkit.
--with-httpstubstatus_module enables basic status information.
--with-mail enables the mail proxy.
--with-mailsslmodule allows email proxying through SSL/TLS.
--with-httpmp4module adds support for MP4 file streaming.
--with-httpflvmodule adds support for FLV file streaming.
--with-stream enables streaming through a proxy with UDP/TCP protocols.
--with-streamsslmodule enables Nginx to proxy streams through SSL/TLS.
--with-streamsslpreread_module extract information from "ClientHello" without closing SSL/TLS.
--with-httpdavmodule enables WebDAV file management.
--with-httpimagefilter_module allows image transformation in PNG, JPEG and GIF format.
--with-httpgunzipmodule decompress requests with gzip if the client does not support the zip encoding.
--with-httpgzipstatic_module send pre-compressed .gz files instead of regular files.
--with-httpperlmodule implements PERL.
--with-httpadditionmodule insert text before and after an answer.
--with-httprandomindex_module show a random page when a file in the URL can not be defined.
--with-httpslicemodule divide a request into subrequests, useful for caching of large files.
--with-httpsubmodule change text in replies.
--with-httpxsltmodule transform XML with XSLT.
--with-select_module enables the select() method.
--with-poll_module enables the poll() method.
For a full-featured Nginx server, copy and paste the configuration commands below.
$ cd nginx-1.18.0
$ sudo ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--conf-path=/etc/nginx/nginx.conf \
--modules-path=/etc/nginx/modules \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=nginx \
--group=nginx \
--with-pcre=../pcre-8.44 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1g \
--with-http_ssl_module \
--with-http_v2_module \
--with-threads \
--with-file-aio \
--with-http_degradation_module \
--with-http_auth_request_module \
--with-http_geoip_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-cpp_test_module \
--with-debug \
--with-google_perftools_module \
--with-mail \
--with-mail_ssl_module \
--with-http_mp4_module \
--with-http_flv_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_dav_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_addition_module \
--with-http_random_index_module \
--with-http_slice_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-select_module \
--with-poll_module
$ sudo make
$ sudo make install
Edit the Nginx system service file.
$ sudo nano /etc/systemd/system/nginx.service
Paste the following:
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Save and exit the file.
Reload the systemctl daemon.
$ sudo systemctl daemon-reload
Enable the system service.
$ systemctl enable nginx.service
Start Nginx.
$ sudo service nginx start
Verify that Nginx is running.
$ sudo service nginx status
Use firewall-cmd to allow traffic to the webserver.
$ firewall-cmd --zone=public --permanent --add-service=http
$ firewall-cmd --zone=public --permanent --add-service=https
$ firewall-cmd --reload
Installing a web server from source code is more involved than a packaged version, but allows you to perform custom configuration.