It’s easy to install NGINX from the repo. For example on RHEL/ Centos/ Rocky Linux:
sudo dnf install nginx
So, this tutorial I want to show you how to install from source. You can read something here for NGINX and streaming: [Full install] Streaming HLS with Nginx & FFMPEG (quicktricks.net). Or below:
Preparing for the installation
Install some required packages:
sudo dnf -y install epel-release
sudo dnf -y groupinstall 'Development Tools'
sudo dnf install -y wget git unzip perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel pcre-devel GeoIP GeoIP-devel
cd ~
Find lastest ZLIB version at: https://zlib.net/
Find lastest PCRE version at: https://www.pcre.org/ or https://sourceforge.net/projects/pcre/files/pcre2/
Find lastest OpenSSL version at: https://www.openssl.org/source/ or
Install lastest version of ZLIB, PCRE, OpenSSL by change URL in below commands:
sudo wget https://zlib.net/zlib-1.2.13.tar.gz
sudo tar -xf zlib-1.2.13.tar.gz
sudo wget https://udomain.dl.sourceforge.net/project/pcre/pcre2/10.37/pcre2-10.37.tar.gz
tar -xf pcre2-10.37.tar.gz
sudo wget https://www.openssl.org/source/openssl-3.0.8.tar.gz
tar -xf openssl-3.0.8.tar.gz
Find lastest NGINX version at: https://nginx.org/en/download.html
Edit below commands to install lastest version you jusst found:
sudo wget https://nginx.org/download/nginx-1.24.0.tar.gz
tar -xf nginx-1.24.0.tar.gz
cd nginx-1.24.0
Installation NGINX from source
Now, edit some text in this configuration command (in NGINX source folder, in this case is nginx-1.23.1):
./configure --prefix=/etc/nginx \--sbin-path=/usr/sbin/nginx \--modules-path=/usr/lib64/nginx/modules \--conf-path=/etc/nginx/nginx.conf \--error-log-path=/var/log/nginx/error.log \--pid-path=/var/run/nginx.pid \--lock-path=/var/run/nginx.lock \--user=nginx \--group=nginx \--build=Rocky \--builddir=nginx-1.24.0 \--with-select_module \--with-poll_module \--with-threads \--with-file-aio \--with-http_ssl_module \--with-http_v2_module \--with-http_realip_module \--with-http_addition_module \--with-http_xslt_module=dynamic \--with-http_image_filter_module=dynamic \--with-http_geoip_module=dynamic \--with-http_sub_module \--with-http_dav_module \--with-http_flv_module \--with-http_mp4_module \--with-http_gunzip_module \--with-http_gzip_static_module \--with-http_auth_request_module \--with-http_random_index_module \--with-http_secure_link_module \--with-http_degradation_module \--with-http_slice_module \--with-http_stub_status_module \--http-log-path=/var/log/nginx/access.log \--http-client-body-temp-path=/var/cache/nginx/client_temp \--http-proxy-temp-path=/var/cache/nginx/proxy_temp \--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \--http-scgi-temp-path=/var/cache/nginx/scgi_temp \--with-mail=dynamic \--with-mail_ssl_module \--with-stream=dynamic \--with-stream_ssl_module \--with-stream_realip_module \--with-stream_geoip_module=dynamic \--with-stream_ssl_preread_module \--with-compat \--with-pcre=../pcre2-10.37 \--with-pcre-jit \--with-zlib=../zlib-1.2.13 \--with-openssl=../openssl-3.0.8 \--with-openssl-opt=no-nextprotoneg \--with-debug \--with-stream
Then install:
sudo make
sudo make install
Create shortcut, user,…
sudo ln -s /usr/lib64/nginx/modules /etc/nginx/modules
Create run-user “nginx”
sudo useradd -r -d /var/cache/nginx/ -s /sbin/nologin -U nginx
Make cache folder and set permission:
sudo mkdir -p /var/cache/nginx/
sudo chown -R nginx:nginx /var/cache/nginx/
Check NGINX configuration and version:
sudo nginx -t
sudo nginx -V
Make NGINX as system’s service:
sudo cat << EOF >> /lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.target
EOF
Reload system daemon, set NGINX as autostart when system boot
sudo systemctl daemon-reload
sudo systemctl start nginx
sudo systemctl enable nginx
Configuration NGINX
Config NGINX from this file: Edit “/etc/nginx/nginx.conf“
Basic config for HTTP, HTTPS, Socket with proxy.
If you have SSL cert and key, change they name as: cert.pem, cert.key then copy to /etc/nginx/
user nginx;
worker_processes auto;
error_log logs/error.log crit;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
upstream example1.domain.com {
hash $remote_addr consistent;
server 10.5.10.1:3001; # server 1
server 10.5.10.2:3001; # server 2
}
upstream example2.domain.com {
hash $remote_addr consistent;
server 10.5.10.3:3001;
server 10.5.10.4:3002;
}
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 10240;
gzip_comp_level 1;
gzip_vary on;
gzip_disable msie6;
gzip_proxied expired no-cache no-store private auth;
gzip_types
# text/html is always compressed by HttpGzipModule
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/atom+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
# for http connection:
server {
server_name example1.domain.com; #hostname
listen 80;
location / {
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; #for socket
proxy_set_header Host $host;
proxy_bind 10.5.10.99; # this computer IP in the same interface with other server
proxy_pass http://$host; # this case, $host variable = example1.domain.com
}
}
#for https connection, with SSL cert and key:
server {
# http listener, redirect from http to https
server_name example2.domain.com; #hostname
listen 80;
return 301 https://$host$request_uri;
}
server {
# https listener
server_name example2.domain.com; #hostname
listen 443 ssl;
ssl_certificate cert.pem; # fullchain path
ssl_certificate_key cert.key; # key path
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; #for socket
proxy_set_header Host $host;
proxy_bind 10.5.10.99; # this computer IP in the same interface with other server
proxy_pass http://$host; # this case, $host variable = example2.domain.com
}
}
#for https connection, without SSL cert and key:
server {
# http listener, redirect from http to https
server_name example3.domain.com; #hostname
listen 80;
return 301 https://$host$request_uri;
}
server {
# https listener
server_name example3.domain.com; #hostname
listen 443 ssl;
location / {
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade"; #for socket
proxy_set_header Host $host;
proxy_pass https://example4.domain.com; # this case, you need use domain example4.domain.com which point to that https server
}
}
}
You can include many children config files instead of all-in-one-file.
Running
Always Confirm your config will not make error:
sudo nginx -t
If successfull, re-run nginx:
sudo systemctl restart nginx