Skip to content

karljohns0n/nginx-more

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Nginx-more

Release Build Quality Gate Status Installs Downloads

Synopsis

Nginx-more is a build of Nginx with additional modules such as HTTP/2, HTTP/3, PageSpeed, Brotli, More Headers, Cache Purge, VTS, GeoIP2, Echo and ModSecurity. It's compiled using recent GCC version and latest OpenSSL sources. It also includes some built-in configurations such as WordPress and Laravel php-fpm setup. More information about this package can be found here however this post is be a bit outdated at this time. Nginx-more is supported since 2014 and used on a thousand of servers.

Easy installation for RHEL / CentOS / AlmaLinux / Rocky Linux

There's packages available for Enterprise Linux 6, 7, 8 and 9. The easiest way to install nginx-more is by using Aeris yum repository:

EL6 > yum install -y https://repo.aerisnetwork.com/pub/aeris-release-6.rpm
EL7 > yum install -y https://repo.aerisnetwork.com/pub/aeris-release-7.rpm
EL8 > dnf install -y https://repo.aerisnetwork.com/pub/aeris-release-8.rpm
EL9 > dnf install -y https://repo.aerisnetwork.com/pub/aeris-release-9.rpm

Once the repository is configured, you can proceed with installing nginx-more:

> yum install nginx-more

All configurations will be installed in default directory which is /etc/nginx/. The package already includes a bunch of PHP-FPM configurations in conf.d/custom/ for WordPress, Laravel, Drupal, OpenCart, PrestaShop and Sendy, so you can get started in few seconds with your website hosting.

Clean vhost example for WordPress:

server {
    listen 80;
    listen 443 ssl;
    http2 on;
    server_name example.com;
    root /home/www/example.com/public_html;
    access_log /var/log/nginx/example.com-access_log main;
    error_log /var/log/nginx/example.com-error_log warn;

    if ($bad_bot) { return 444; }

    include conf.d/custom/ssl.global.conf;
    include conf.d/custom/restrictions.conf;
    include conf.d/custom/fpm-wordpress.conf;
}

All nginx-more builds are kept in the repository. If you upgrade to a newest version and it has any issues that you don't have time to troubleshoot by looking at the nginx error_log, you can downgrade to an older version with yum:

> yum downgrade nginx-more

Note that you cannot install nginx-more if nginx package is already installed on your system because both packages provide nginx binary and configurations. You need to choose between nginx-more OR nginx from CentOS / EPEL / Nginx repository. Nginx-more is compiled using a more recent GCC version than the others and it provides lots of ready-to-go WordPress / Laravel configurations. If nginx is already installed, it's possible to swap from nginx to nginx-more with a simple yum command, although be careful with your inplace configurations. A new install is recommended.

> yum swap nginx nginx-more

Full output of nginx configure:

> nginx -V
nginx version: nginx/1.26.2
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC) 
built with OpenSSL 3.4.0 22 Oct 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.4.0 --with-openssl-opt=enable-ktls --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_headers_more-0.37 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_brotli-1.0.0rc-2-g6e97 --add-module=modules/ngx_module_vts-0.2.2 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.63

Packages

Modules

Patches

SELinux

Third-party modules such as PageSpeed will cause trouble while SELinux enforced. To get nginx-more works with SELinux, you need at least to turn on httpd_execmem policy:

> yum -y install policycoreutils && setsebool -P httpd_execmem 1
> systemctl start nginx

It's possible to temporarily disable SELinux for Nginx to get started quickly:

> semanage permissive -a httpd_t

Here's two nice external blogs to help you troubleshoot SELinux with Nginx:

Ansible playbook

A simple Ansible role is available to install nginx-more and keep it updated.

Example of playbook:

- hosts: servers
    roles:
      - { role: karljohns0n.nginx-more }

Package dependencies

As of writing, only one package outside EL default repositories is required to build nginx-more RPM, which is libmaxminddb-devel for module GeoIP2. It's available in EPEL however a newer version is available in Aeris repository so it's recommended to add Aeris repository in your mock configuration. We try to avoid packages that aren't available in EL but if it's the case we will build and include them in Aeris repository therefore no other third-party repository is required to build nginx-more.