Installing NGINx 1.29.6 in CentOS 10 Stream

This is a guide to install Nginx 1.29.6 latest in CentOS 10 Stream with a bunch of goodies to enable HTTP/3 and Brotli and other modern web server technologies in an easy and sureshot way.

Login to your machine, or ssh into it. Then enable the NGINx Mainline Repository. All these commands can be just copy pasted in your terminal

cat <<EOF | sudo tee /etc/yum.repos.d/nginx.repo  
[nginx-stable]  
name=nginx stable repo  
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/  
gpgcheck=1  
enabled=1  
gpgkey=https://nginx.org/keys/nginx_signing.key  
module_hotfixes=true

[nginx-mainline]  
name=nginx mainline repo  
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/  
gpgcheck=1  
enabled=0  
gpgkey=https://nginx.org/keys/nginx_signing.key  
module_hotfixes=true  
EOF

Then enable the repo with yum-config-manager

sudo yum-config-manager --enable nginx-mainline

If you do not have yum-config-manager install yum-utils

sudo yum install yum-utils -y

Then add firewall rules if your firewall is up.

firewall-cmd --permanent --service=http --add-port="80/udp"  
firewall-cmd --permanent --service=https --add-port="443/udp"  
firewall-cmd --zone=public --permanent --add-service=http  
firewall-cmd --zone=public --permanent --add-service=https  
firewall-cmd --reload  
nginx -v

80/udp and 443/udp are needed for HTTP/3 TLS Handshakes.

Then install nginx

sudo yum install nginx -y  
sudo systemctl enable --now nginx
sudo systemctl status nginx.service  

And make sure NGINx is running!

Now lets move on to the fun stuff! HTTP/3 and Brotli compression with other goodies. We need to install a few development packages so that we can compile NGINx with these extra features, get some OS native performance boost etc etc. These commands will get the tools.

yum group install "Development Tools" -y
yum install gcc gcc-c++ -y
dnf install -y pcre2 pcre2-devel zlib zlib-devel openssl openssl-devel -y

We also need Perl

dnf install perl-FindBin perl-IPC-Cmd perl-Pod-Html -y

Let’s also get Brotli-devel package, we will need it later.

sudo dnf install -y brotli-devel

At this stage, I like to tune the connection settings for the OS

echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse

sysctl net.core.somaxconn  
echo "net.core.somaxconn=65536" >> /etc/sysctl.conf  
sysctl -p

We now have all the tools Let’s make a scratch directory. It can be anywhere. I will put my one at /opt/temp

mkdir /opt/temp
cd /opt/temp
git clone https://github.com/openresty/headers-more-nginx-module.git
git clone https://github.com/google/ngx_brotli
cd ngx_brotli/
git submodule update --init
cd ..
wget http://nginx.org/download/nginx-1.29.6.tar.gz && tar xzf nginx-* && rm -rf nginx-*.tar.gz && cd nginx-*

Now that we are in the NGINx source code directory, its time to configure it for compilation. For CentOS 10, this is the config command I use

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g0 -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=native -fno-asynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' --add-module=/opt/temp/headers-more-nginx-module --add-module=/opt/temp/ngx_brotli

make -j$(nproc)  
make install  
nginx -t

service nginx restart

For Ubuntu, I use this config command

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_v2_module --with-http_v3_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O3 -march=native -mtune=native -fomit-frame-pointer -flto=auto -fPIC' --with-ld-opt='-flto=auto -Wl,--as-needed -Wl,-O1' --add-module=/opt/temp/headers-more-nginx-module --add-module=/opt/temp/ngx_brotli  

make -j$(nproc)  
make install  
nginx -t

service nginx restart

You are now running NGINx with HTTP/3 TLS and Brotli. Feel free to reach out if you need any NGINx server configuration help.