How to install the Nginx Mainline version

CentOS

Install the prerequisites:

yum install yum-utils

To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

By default, the repository for stable Nginx packages is used. To use mainline Nginx packages, run the following command:

yum-config-manager --enable nginx-mainline

To install Nginx, run the following command:

It will be prompted to accept the GPG key, verify that the fingerprint matches 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62, and if so, accept it.

yum install nginx

Output:

Downloading packages:
(1/2): pcre2-10.23-2.el7.x86_64.rpm                        | 201 kB   00:00
warning: /var/cache/yum/x86_64/7/nginx-mainline/packages/nginx-1.21.6-1.el7.ngx.                                      x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
Public key for nginx-1.21.6-1.el7.ngx.x86_64.rpm is not installed
(2/2): nginx-1.21.6-1.el7.ngx.x86_64.rpm                   | 796 kB   00:01
--------------------------------------------------------------------------------
Total                                              752 kB/s | 998 kB  00:01
Retrieving key from https://nginx.org/keys/nginx_signing.key
Importing GPG key 0x7BD9BF62:
 Userid     : "nginx signing key <signing-key@nginx.com>"
 Fingerprint: 573b fd6b 3d8f bc64 1079 a6ab abf5 bd82 7bd9 bf62
 From       : https://nginx.org/keys/nginx_signing.key
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : pcre2-10.23-2.el7.x86_64                                     1/2
pam_tally2: Couldn't create /var/log/tallylog: Permission denied
pam_tally2: Authentication error
useradd: failed to reset the tallylog entry of user "nginx"
  Installing : 1:nginx-1.21.6-1.el7.ngx.x86_64                              2/2
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* https://nginx.org/en/docs/

Please subscribe to nginx-announce mailing list to get
the most important news about nginx:
* https://nginx.org/en/support.html

Commercial subscriptions for nginx are available on:
* https://nginx.com/products/

----------------------------------------------------------------------
  Verifying  : pcre2-10.23-2.el7.x86_64                                     1/2
  Verifying  : 1:nginx-1.21.6-1.el7.ngx.x86_64                              2/2

Installed:
  nginx.x86_64 1:1.21.6-1.el7.ngx

Dependency Installed:
  pcre2.x86_64 0:10.23-2.el7

Complete!

Once the installation is complete, enable Nginx (to start automatically upon system boot), start the webserver, and verify the status using the commands below.

systemctl start nginx

systemctl enable nginx

systemctl status nginx

Output:

[root@vps ~]# systemctl start nginx
[root@vps ~]# systemctl enable nginx
[root@vps ~]# systemctl status nginx
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset                                      : disabled)
   Active: active (running) since Thu 2022-04-21 01:11:25 UTC; 14s ago
     Docs: http://nginx.org/en/docs/
 Main PID: 11609 (nginx)
   CGroup: /system.slice/nginx.service
           ├─11609 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx....
           ├─11610 nginx: worker process
           └─11611 nginx: worker process

Apr 21 01:11:25 vps.server.com systemd[1]: Starting nginx - high performance....
Apr 21 01:11:25 vps.server.com systemd[1]: Started nginx - high performance ....
Hint: Some lines were ellipsized, use -l to show in full.
[root@vps ~]#

To make your pages available to the public, you will have to edit your firewall rules to allow HTTP requests on your web server by using the following commands.

firewall-cmd --permanent --zone=public --add-service=http 

firewall-cmd --permanent --zone=public --add-service=https

firewall-cmd --reload

Output:

[root@server ~]# firewall-cmd --permanent --zone=public --add-service=http
success
[root@server ~]# firewall-cmd --permanent --zone=public --add-service=https
success
[root@server ~]# firewall-cmd --reload
success

Verify that the webserver is running and accessible by accessing your server’s IP address.

From your browser,

Replace the IP_address with the actual IP of the server.

http://IP_address

Ubuntu

Install the prerequisites:

apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring

Import an official Nginx signing key so apt could verify the authenticity of the package. Fetch the key:

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

Output:

root@vps:~# curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1561  100  1561    0     0   2477      0 --:--:-- --:--:-- --:--:--  2473

Verify that the downloaded file contains the proper key:

gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:

Output:

root@vps:~# gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
gpg: keyblock resource '/root/.gnupg/pubring.kbx': No such file or directory
pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key <signing-key@nginx.com>

root@vps:~#

If the fingerprint is different, remove the file.

To use mainline Nginx packages, run the following command:

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

Set up repository pinning to prefer our packages over distribution-provided ones:

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

Output:

Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 900

To install Nginx, run the following commands:

apt update
apt install nginx

Once Nginx is successfully installed, you can start and verify it by running

systemctl start nginx
systemctl status nginx

Output:

root@vps:~# systemctl start nginx
root@vps:~# systemctl status nginx
● nginx.service - nginx - high performance web server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-04-21 01:53:56 UTC; 4s ago
       Docs: https://nginx.org/en/docs/
    Process: 43048 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
   Main PID: 43049 (nginx)
      Tasks: 3 (limit: 1081)
     Memory: 2.4M
        CPU: 16ms
     CGroup: /system.slice/nginx.service
             ├─43049 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
             ├─43050 nginx: worker process
             └─43051 nginx: worker process

Apr 21 01:53:56 vps.server.com systemd[1]: Starting nginx - high performance web server...
Apr 21 01:53:56 vps.server.com systemd[1]: Started nginx - high performance web server.
root@vps:~#

To check the version of Nginx,

nginx -v
or
dpkg -l nginx

Output:

root@vps:~# nginx -v
nginx version: nginx/1.21.6
root@vps:~# dpkg -l nginx
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version         Architecture Description
+++-==============-===============-============-=================================
ii  nginx          1.21.6-1~impish amd64        high performance web server
root@vps:~#

Open Nginx Ports on UFW Firewall

  • Port 80 opens the http ( For unencrypted web traffic).
  • Port 443 opens the https (For SSL / TLS encryption).

Command using Nginx HTTP profile that will allow traffic on port 80.

ufw allow 'Nginx HTTP'

Output:

root@vps:~# ufw allow 80
Rule added
Rule added (v6)
root@vps:~#

To reload the firewall for the changes to persist.

ufw reload

To check the status of the firewall,

root@vps:~#  ufw status
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
80 (v6)                    ALLOW       Anywhere (v6)

Verify that the webserver is running and accessible by accessing your server’s IP address.

From your browser,

Replace the IP_address with the actual IP of the server.

http://IP_address