Introduction
Installing Nginx from source code allows complete customization for your specific needs. This tutorial describes the steps to install a full-featured Nginx server on CentOS 8. Each compilation option is described so you can make an informed choice about how to compile your installation.
Prerequisites
- A fully updated CentOS 8 server
- A non-root sudo user
1. Install Development Tools
Before you compile Nginx, you'll need to install some tools.
$ sudo dnf groupinstall 'Development Tools'
$ sudo dnf install epel-release
$ sudo dnf install wget
2. Download Nginx Source
Visit the Nginx download page and locate the latest Mainline version URL. Substitute that URL in the commands below.
$ mkdir -p /tmp/nginxinstallation
$ cd /tmp/nginxinstallation/
$ wget https://nginx.org/download/nginx-1.19.1.tar.gz && tar zxvf nginx-*
3. Download Dependencies
Download and unpack some dependencies.
$ wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz && tar zxvf pcre-*
$ wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar zxvf zlib-*
$ wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz && tar zxvf openssl-*
4. Install Optional Dependencies
The Nginx configuration in this tutorial depends on several packages. You may not need these if you exclude them in your makefile configuration. We recommend you follow this tutorial once to verify your tool-chain works properly before making customizations.
Install the optional dependencies:
$ sudo dnf install perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel GeoIP GeoIP-devel gperftools-devel
5. Create The Nginx User
Nginx requires a user account.
$ adduser nginx --system --no-create-home --shell /bin/false --user-group
6. Compile Nginx
When configuring the Nginx makefile, you'll choose many command-line options, which are described below.
Mandatory Options
These options are required.
- --prefix= the directory for Nginx configuration files.
- --sbin-path= the path for the Nginx binary.
- --pid-path= the path for the Nginx pidfile.
- --lock-path= the path for the Nginx lockfile.
- --conf-path= the path for the Nginx configuration file.
- --modules-path= the path for Nginx modules.
- --error-log-path= the path for the error log file.
- --http-log-path= the path for the access log file.
- --user= the user name for worker processes.
- --group= the group name for worker processes.
- --with-pcre= the path for the PCRE source code library.
- --with-pcre-jit= PCRE will be used in just-in-time compilation mode.
- --with-zlib= the path for the zlib source code library.
- --with-openssl= the path ofor the openssl source code library.
Optional Settings
Speed and Security
- --with-http_ssl_module enable HTTPS.
- --with-http_v2_module enable HTTP/2.
- --with-threads enables Thread Pools for better performance.
- --with-file-aio enables asynchronous I/O for better performance.
- --with-http_degradation_module return an error if the request uses too much memory.
- --with-http_auth_request_module allows basic HTTP authentication.
- --with-http_geoip_module enables Goelocation from the user’s IP address.
- --with-http_realip_module sets the real client IP instead of the one specified in the header.
- --with-http_secure_link_module protect resources from unauthorized access.
Metrics and Advanced
- --with-cpp_test_module checks C++ compatibility.
- --with-debug enables the debug log debug.
- --with-google_perftools_module enables the Google Performance Toolkit.
- --with-http_stub_status_module enables basic status information.
Additional Functions
- --with-mail enables the mail proxy.
- --with-mail_ssl_module allows email proxying through SSL/TLS.
- --with-http_mp4_module adds support for MP4 file streaming.
- --with-http_flv_module adds support for FLV file streaming.
- --with-stream enables streaming through a proxy with UDP/TCP protocols.
- --with-stream_ssl_module enables Nginx to proxy streams through SSL/TLS.
- --with-stream_ssl_preread_module extract information from "ClientHello" without closing SSL/TLS.
- --with-http_dav_module enables WebDAV file management.
- --with-http_image_filter_module allows image transformation in PNG, JPEG and GIF format.
- --with-http_gunzip_module decompress requests with gzip if the client does not support the zip encoding.
- --with-http_gzip_static_module send pre-compressed .gz files instead of regular files.
- --with-http_perl_module implements PERL.
- --with-http_addition_module insert text before and after an answer.
- --with-http_random_index_module show a random page when a file in the URL can not be defined.
- --with-http_slice_module divide a request into subrequests, useful for caching of large files.
- --with-http_sub_module change text in replies.
- --with-http_xslt_module transform XML with XSLT.
- --with-select_module enables the select() method.
- --with-poll_module enables the poll() method.
Configure the Makefile
For a full-featured Nginx server, copy and paste the configuration commands below.
$ cd nginx-1.18.0
$ sudo ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--conf-path=/etc/nginx/nginx.conf \
--modules-path=/etc/nginx/modules \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--user=nginx \
--group=nginx \
--with-pcre=../pcre-8.44 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1g \
--with-http_ssl_module \
--with-http_v2_module \
--with-threads \
--with-file-aio \
--with-http_degradation_module \
--with-http_auth_request_module \
--with-http_geoip_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-cpp_test_module \
--with-debug \
--with-google_perftools_module \
--with-mail \
--with-mail_ssl_module \
--with-http_mp4_module \
--with-http_flv_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_dav_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_addition_module \
--with-http_random_index_module \
--with-http_slice_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-select_module \
--with-poll_module
$ sudo make
$ sudo make install
7. Create the System Service
Edit the Nginx system service file.
$ sudo nano /etc/systemd/system/nginx.service
Paste the following:
[Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx ExecReload=/usr/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
Save and exit the file.
Reload the systemctl daemon.
$ sudo systemctl daemon-reload
Enable the system service.
$ systemctl enable nginx.service
Start Nginx.
$ sudo service nginx start
Verify that Nginx is running.
$ sudo service nginx status
8. Configure the Firewall
Use firewall-cmd to allow traffic to the webserver.
$ firewall-cmd --zone=public --permanent --add-service=http
$ firewall-cmd --zone=public --permanent --add-service=https
$ firewall-cmd --reload
Conclusion
Installing a web server from source code is more involved than a packaged version, but allows you to perform custom configuration.