It’s easy to install NGINX from the repo. For example on RHEL/ Centos/ Rocky Linux:

sudo dnf install nginx

So, this tutorial I want to show you how to install from source. You can read something here for NGINX and streaming: [Full install] Streaming HLS with Nginx & FFMPEG (quicktricks.net). Or below:

Preparing for the installation

Install some required packages:

sudo dnf -y install epel-release
sudo dnf -y groupinstall 'Development Tools'
sudo dnf install -y  wget git unzip perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel pcre-devel GeoIP GeoIP-devel
cd ~

Find lastest ZLIB version at: https://zlib.net/

Find lastest PCRE version at: https://www.pcre.org/ or https://sourceforge.net/projects/pcre/files/pcre2/

Find lastest OpenSSL version at: https://www.openssl.org/source/ or

Install lastest version of ZLIB, PCRE, OpenSSL by change URL in below commands:

sudo wget https://zlib.net/zlib-1.2.13.tar.gz
sudo tar -xf zlib-1.2.13.tar.gz 
sudo wget https://udomain.dl.sourceforge.net/project/pcre/pcre2/10.37/pcre2-10.37.tar.gz
tar -xf pcre2-10.37.tar.gz
sudo wget https://www.openssl.org/source/openssl-3.0.8.tar.gz
tar -xf openssl-3.0.8.tar.gz

Find lastest NGINX version at: https://nginx.org/en/download.html

Edit below commands to install lastest version you jusst found:

sudo wget https://nginx.org/download/nginx-1.24.0.tar.gz
tar -xf nginx-1.24.0.tar.gz
cd nginx-1.24.0

Installation NGINX from source

Now, edit some text in this configuration command (in NGINX source folder, in this case is nginx-1.23.1):

./configure --prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--modules-path=/usr/lib64/nginx/modules \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--user=nginx \--group=nginx \--build=Rocky \--builddir=nginx-1.24.0 \--with-select_module \--with-poll_module \--with-threads \--with-file-aio \--with-http_ssl_module \--with-http_v2_module \--with-http_realip_module \--with-http_addition_module \--with-http_xslt_module=dynamic \--with-http_image_filter_module=dynamic \--with-http_geoip_module=dynamic \--with-http_sub_module \--with-http_dav_module \--with-http_flv_module \--with-http_mp4_module \--with-http_gunzip_module \--with-http_gzip_static_module \--with-http_auth_request_module \--with-http_random_index_module \--with-http_secure_link_module \--with-http_degradation_module \--with-http_slice_module \--with-http_stub_status_module \--http-log-path=/var/log/nginx/access.log \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--with-mail=dynamic \--with-mail_ssl_module \--with-stream=dynamic \--with-stream_ssl_module \--with-stream_realip_module \--with-stream_geoip_module=dynamic \--with-stream_ssl_preread_module \--with-compat \--with-pcre=../pcre2-10.37 \--with-pcre-jit \--with-zlib=../zlib-1.2.13 \--with-openssl=../openssl-3.0.8 \--with-openssl-opt=no-nextprotoneg \--with-debug \--with-stream

Then install:

sudo make
sudo make install

Create shortcut, user,…

sudo ln -s /usr/lib64/nginx/modules /etc/nginx/modules

Create run-user “nginx”

sudo useradd -r -d /var/cache/nginx/ -s /sbin/nologin -U nginx

Make cache folder and set permission:

sudo mkdir -p /var/cache/nginx/
sudo chown -R nginx:nginx /var/cache/nginx/

Check NGINX configuration and version:

sudo nginx -t
sudo nginx -V

Make NGINX as system’s service:

sudo cat << EOF >> /lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target
EOF

Reload system daemon, set NGINX as autostart when system boot

sudo systemctl daemon-reload
sudo systemctl start nginx
sudo systemctl enable nginx

Configuration NGINX

Config NGINX from this file: Edit “/etc/nginx/nginx.conf

Basic config for HTTP, HTTPS, Socket with proxy.

If you have SSL cert and key, change they name as: cert.pem, cert.key then copy to /etc/nginx/

user    nginx;
worker_processes    auto;
error_log  logs/error.log crit;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
    use epoll;
    multi_accept on;
}
http {
    upstream example1.domain.com {
        hash $remote_addr consistent;
        server 10.5.10.1:3001; # server 1   
        server 10.5.10.2:3001; # server 2
    }
    upstream example2.domain.com {
        hash $remote_addr consistent;
        server 10.5.10.3:3001;    
        server 10.5.10.4:3002;
    }
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    gzip  on;
    gzip_min_length 10240;
    gzip_comp_level 1;
    gzip_vary on;
    gzip_disable msie6;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types
    # text/html is always compressed by HttpGzipModule
    text/css
    text/javascript
    text/xml
    text/plain
    text/x-component
    application/javascript
    application/x-javascript
    application/json
    application/xml
    application/rss+xml
    application/atom+xml
    font/truetype
    font/opentype
    application/vnd.ms-fontobject
    image/svg+xml;
    # for http connection:
    server {
        server_name  example1.domain.com; #hostname
        listen       80;	
        location / {
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade"; #for socket
            proxy_set_header Host $host;			
            proxy_bind 10.5.10.99; # this computer IP in the same interface with other server
            proxy_pass http://$host; # this case, $host variable = example1.domain.com
        }
    }
    #for https connection, with SSL cert and key:
    server {
        # http listener, redirect from http to https
        server_name  example2.domain.com; #hostname
        listen       80;	
        return 301 https://$host$request_uri;
        
    }
    server {
        # https listener
        server_name  example2.domain.com; #hostname
        listen       443 ssl;	
        ssl_certificate      cert.pem; # fullchain path
        ssl_certificate_key  cert.key; # key path
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        location / {
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade"; #for socket
            proxy_set_header Host $host;			
            proxy_bind 10.5.10.99; # this computer IP in the same interface with other server
            proxy_pass http://$host; # this case, $host variable = example2.domain.com
        }
    }
    #for https connection, without SSL cert and key:
    server {
        # http listener, redirect from http to https
        server_name  example3.domain.com; #hostname
        listen       80;	
        return 301 https://$host$request_uri;
        
    }
    server {
        # https listener
        server_name  example3.domain.com; #hostname
        listen       443 ssl;	
        location / {
            proxy_buffering off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade"; #for socket
            proxy_set_header Host $host;
            proxy_pass https://example4.domain.com; # this case, you need use domain example4.domain.com which point to that https server
        }
    }
}

You can include many children config files instead of all-in-one-file.

Running

Always Confirm your config will not make error:

sudo nginx -t

If successfull, re-run nginx:

sudo systemctl restart nginx

DMCA.com Protection Status


Leave a Reply

Your email address will not be published. Required fields are marked *