This is an old revision of the document!
Nginx HTTP Server
General Information
Installation and configuration of Nginx web server.
Checklist
- Distro(s): Enterprise Linux 6/7
Installation
Installation of Nginx can be completed via repo (Official Nginx, EPEL, or Software Collections) or compiling.
Repo: Official Nginx
Nginx.org has pre-built packages. You can select mainline (newer) or stable.
Versions as of 04/13/2016:
- Mainline: 1.9.14
- Stable: 1.8.1
- Legacy: 1.6.3 and below
- Add a nginx repo file
- Stable Repo:
vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1
- Mainline Repo:
vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/ gpgcheck=0 enabled=1
- Install
yum install nginx
Repo: EPEL
Versions as of 04/13/2016
- CentOS 7.2: Nginx 1.6.3
Procedure
- Install the EPEL repo
- Install Nginx
yum install nginx
Repo: Software Collections
Versions as of 04/13/2016:
- nginx 1.4 (legacy)
- nginx 1.6 (legacy)
- nginx 1.8 (stable)
- Add the software collections repo.
- Install
yum install rh-nginx18
- Enable the software collection
scl enable rh-nginx18 bash
- Run signal commands (nginx -s signal) as normal from the Operation section below
Compile and Install
Building from source is usually done for specific functionality and is more time consuming.
- Install pre-reqs
yum install gcc pcre-devel zlib-devel
- Download a tarball (Example: Stable)
wget http://nginx.org/download/nginx-1.8.1.tar.gz
- Unarchive/unpack
tar -zxvf nginx-1.8.1.tar.gz
- Change into directory
cd nginx-1.8.1/
- Configure nginx
./configure --prefix=/usr/local/nginx
- Available configuration options: http://nginx.org/en/docs/configure.html
- Compile
make
- Install
make install
Configuration
- Main Config: /etc/nginx/nginx.conf
- Alt Main (Compiled): /usr/local/nginx/conf/nginx.conf
- Alt Main (Software Collections): /etc/opt/rh/rh-nginx18/nginx/nginx.conf
- Additional Config: /etc/nginx/conf.d/
- Alt Additional Config (Compiled): No default
- Alt Additional Config (Software Collections): /etc/opt/rh/rh-nginx18/nginx/conf.d/
Main Config: nginx.conf
- Default repo installed file location: /etc/nginx/nginx.conf
Main nginx.conf config file, in the http context
# Context: HTTP - HTTP Server Directives http { ... ##-- Security --## # server_tokens off - Disable nginx version on error pages and response headers server_tokens off; ## Headers - Add additional headers ## # X-Frame-Options SAMEORIGIN -> Page can only be displayed in a frame on same origin add_header X-Frame-Options SAMEORIGIN; # X-Content-Type-Options nosniff -> Prevent MIME Type Attacks add_header X-Content-Type-Options nosniff; # X-XSS-Protection "1; mode=block" -> Prevent Some Cross Site Scripting # 1;mode=block -> XSS filter enabled, prevent rendering the page if attack detected add_header X-XSS-Protection "1; mode=block" always; # Content-Security-Policy -> Prevent XSS, clickjacking, code injection add_header Content-Security-Policy "default-src 'self';" always; ##-- End of Security Settings --## ... }
Operation
Controlling the nginx web server.
Nginx can be controlled via the system's service commands or nginx executable signals.
- Main nginx executable: /usr/sbin/nginx
- Alt main nginx executable (Compiled): /usr/local/nginx/sbin/nginx
- Alt main nginx executable (Software Collections): /opt/rh/rh-nginx18/root/sbin/nginx
Note: If using the software collections method, that environment must be enabled before you attempt to operate the web server.
scl enable rh-nginx18 bash
- This could be put in a user's .bashrc for easier use if needed.
Enable on Boot
- Autostart the nginx web server upon system startup
systemctl enable nginx
Start
- Evaluate config files; if syntax is ok, start
systemctl start nginx
or
nginx
Stop
- Stop the nginx processes now
- Kills current sessions
systemctl stop nginx
or
nginx -s stop
Reload Config
- Equivalent to Apache httpd's “graceful” restart
- Check syntax
- if ok, then spawn new workers with new config and signal old workers to shutdown after current requests are complete
- if NOT ok, continue using old configuration
systemctl reload nginx
or
nginx -s reload
Restart
- Kill worker processes immediately
systemctl restart nginx
or
nginx -s stop && nginx -s start
Graceful Stop
- Equivalent to Apache httpd's “graceful-stop”
- Wait for worker processes to finish serving current requests, then stop.
- Do not accept new requests
nginx -s quit