This article mainly describes the yum installation method of Nginx under Linux.
Yum installation generally uses root mode.
Installation method
Under Linux, Nginx can be installed in two ways: source code compilation and installation and yum (different OS may have different command names) direct installation. The advantages and disadvantages of the two methods are as follows:
Source code compilation and installation
- Advantages: High flexibility and strong customization, you can customize compilation options and functions as needed; can be used across platforms
- Disadvantages: The installation process is complicated; software dependency problems cannot be solved; management is inconvenient, and there is no automatic upgrade and uninstall mechanism
YUM Installation
- Advantages: Automatically resolve dependencies of software packages; easy management, providing functions such as installation, upgrade, uninstallation and search of software packages
- Disadvantages: Lack of customization, inability to customize functions; lag in updates, and the official repositories of some distributions may not provide the latest version of the software package in a timely manner
In addition, the yum installation does not include the following dynamic modules:
nginx-module-geoip
nginx-module-image-filter
nginx-module-njs
nginx-module-perl
nginx-module-xslt
If you need it, you need to import it with load_module in ngixn.conf.
yum installation
RHEL installation
Supported versions: RHEL7.4+, 8.x, 9.x including CentOS, Oracle Linux, Rocky Linux, AlmaLinux.
1. Install yum suite tools
yum install yum-utils
2. Create the yum library /etc/yum.repos.d/nginx.repo with the following content:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
3. Installation instructions
yum install nginx
The nginx-stable version is installed by default. If you want to install nginx-mainline, use the following command to switch and then install it.
yum-config-manager --enable nginx-mainline
4. Start
systemctl start nginx
5. If there is a new version, use the following command to upgrade
yum update nginx
Debian installation
Supported versions: Debian11.x, 12.x
1. Installation environment
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
2. Import an official nginx signing key so that apt can verify the authenticity of the package. Get the key:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
3. Verify that the downloaded file contains the correct key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as shown below:
pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <[email protected]>
If the fingerprints are different, delete the file.
4. Set up apt repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
5. The nginx-stable version is installed by default. If you want to install nginx-mainline, use the following command
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
6. Set up repository pinning so that our packages are more popular than those provided by distributions:
echo -e "Package: *\
Pin: origin nginx.org\
Pin: release o=nginx\
Pin-Priority: 900\
" \
| sudo tee /etc/apt/preferences.d/99nginx
7. Installation
apt update apt install nginx
It will start automatically after installation.
Ubuntu installation
Supported versions: Ubuntu20.x, 22.x,23.x
1. Installation environment
apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
2. Import an official nginx signing key so that apt can verify the authenticity of the package. Get the key:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
3. Verify that the downloaded file contains the correct key:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as shown below:
pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <[email protected]>
If the fingerprints are different, delete the file.
4. Set up apt repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
5. The nginx-stable version is installed by default. If you want to install nginx-mainline, use the following command
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
6. Set up repository pinning so that our packages are more popular than those provided by distributions:
echo -e "Package: *\
Pin: origin nginx.org\
Pin: release o=nginx\
Pin-Priority: 900\
" \
| sudo tee /etc/apt/preferences.d/99nginx
7. Installation
apt update apt install nginx
8. Start
service nginx start
SUSE installation
Supported versions: SUSE SP5+, 15 SP2+
1. Installation environment
zypper install curl ca-certificates gpg2
2. Set up apt repository
zypper addrepo --gpgcheck --type yum --refresh --check \
'http://nginx.org/packages/sles/$releasever_major' nginx-stable
3. The nginx-stable version is installed by default. If you want to install nginx-mainline, use the following command
zypper addrepo --gpgcheck --type yum --refresh --check \
'http://nginx.org/packages/mainline/sles/$releasever_major' nginx-mainline
4. Import an official nginx signing key so that zypper/rpm can verify the authenticity of the package:
curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
5. Verify that the downloaded file contains the correct key:
gpg --with-fingerprint /tmp/nginx_signing.key
The output should contain the complete fingerprint 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 as shown below:
pub 2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14]
Key fingerprint = 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
uid nginx signing key <[email protected]>
If the fingerprints are different, delete the file.
6. Import the key into the rpm database:
rpmkeys --import /tmp/nginx_signing.key
7. Installation
zypper install nginx
8. Start
/usr/local/nginx/sbin/nginx #Start nginx /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf #Start in configuration file mode
Verification command
After yum is installed, it is automatically installed as a service. View the command as follows:
Other commands:
nginx -h View help
nginx -v
Show NGINX version.
nginx -V
Displays the NGINX version, build information, and configuration parameters showing the modules built into the NGINX binary.
Source code installation
Source code installation is relatively complicated. The usual steps are as follows:
1. Installation support environment (different systems and versions have different requirements)
2. Download the source code and unzip it
3. Enter the source code directory
4. Build Makefile: ./configure [-options]
5. Compile: make
6. Installation: make install
7. Add it as a service and start it automatically after booting.
8. Start verification
If you really want to install it, please refer to Baidu for relevant articles.
The purpose of source code installation is usually for customization, which is performed in the configure step; this article details the compilation options of ./configure (bold indicates common items):
–prefix=path
Define the directory where server files will be saved. This directory will also be used for all relative paths set in the configure and nginx.conf configuration files (except paths to library sources). By default, it is set to the /usr/local/nginx directory.
–sbin-path=path
Set the name of the nginx executable file. This name is only used during installation. By default, the file name is prefix/sbin/nginx.
–modules-path=path
Defines the installation directory of nginx dynamic modules. By default, prefix/modules is used.
–conf-path=path
Set the name of the nginx.conf configuration file. If desired, nginx can always be started by specifying a different configuration file in the command line parameter -c file. By default, the file name is prefix/conf/nginx.conf.
–error-log-path=path
Sets the names of major error, warning, and diagnostic files. After installation, the file name can be changed in the nginx.conf configuration file using the error_log directive. By default, the file name is prefix/logs/error.log.
–pid-path=path
Set the name of the nginx.pid file, which will store the process ID of the main process. After installation, the file name can be changed in the nginx.conf configuration file using the pid directive. By default, the file name is prefix/logs/nginix.pid.
–lock-path=path
Sets a prefix for the names of locked files. After installation, this value can be changed in the nginx.conf configuration file using the lock_file directive. By default, this value is prefix/logs/nginix.lock.
–user=name
Sets the name of the unprivileged user whose credentials the worker process will use. After installation, the name can be changed in the nginx.conf configuration file using the user directive. The default username is nobody.
–group=name
Sets the name of the group whose credentials the worker process will use. After installation, the name can be changed in the nginx.conf configuration file using the user directive. By default, the group name is set to the name of the unprivileged user.
–build=name
Set an optional nginx build name.
–builddir=path
Set the build directory.
–with-select_module
–without-select_module
Enables or disables building modules that allow the server to use the select() method. This module is automatically built if the platform does not appear to support more appropriate methods such as kqueue, epoll, or /dev/poll.
–with-poll_module
–without-poll_module
Enables or disables building modules that allow the server to use the poll() method. This module is automatically built if the platform does not appear to support more appropriate methods such as kqueue, epoll, or /dev/poll.
–with-threads
Allows the use of thread pools.
–with-file-aio
Allows the use of asynchronous file I/O (AIO) on FreeBSD and Linux.
–with-http_ssl_module
Allows building a module that adds HTTPS protocol support to an HTTP server. This module is not generated by default. Building and running this module requires the OpenSSL library.
–with-http_v2_module
Ability to build a module that supports HTTP/2. This module is not generated by default.
–with-http_v3_module
Ability to build a module that supports HTTP/3. This module is not generated by default. It is recommended to build and run this module using an SSL library that provides HTTP/3 support, such as BoringSSL, LibreSSL, or QuicTLS. Otherwise, if you use the OpenSSL library, an OpenSSL compatibility layer that does not support QUIC early data will be used.
–with-http_realip_module
Allows building the ngx_http_realip_module module, which changes the client address to the address sent in the specified header field. This module is not generated by default.
–with-http_addition_module
Allows building the ngx_http_adition_module module, which adds text before and after the response. This module is not generated by default.
–with-http_xslt_module
–with-http_xslt_module=dynamic
Allows building the ngx_http_xslt_module module, which transforms XML responses using one or more xslt stylesheets. This module is not generated by default. Building and running this module requires the libxml2 and libxslt libraries.
–with-http_image_filter_module
–with-http_image_filter_module=dynamic
Allows building the ngx_http_image_filter_module module, which converts images to JPEG, GIF, PNG and WebP formats. This module is not generated by default.
–with-http_geoip_module
–with-http_geoip_module=dynamic
Allows building the ngx_http_geoip_module module, which creates variables (client ip and geolocation mapping) based on client IP address and precompiled MaxMind database. This module is not generated by default.
–with-http_sub_module
Allows building the ngx_http_sub_module module, which modifies the response by replacing one specified string with another. This module is not generated by default.
–with-http_dav_module
Allows building the ngx_http_dav_module module, which provides file management automation via the WebDAV protocol. This module is not generated by default.
–with-http_flv_module
Allows building the ngx_http_flv_module module, which provides pseudo-streaming server-side support for Flash Video (flv) files. This module is not generated by default.
–with-http_mp4_module
Allows building the ngx_http_mp4_module module, which provides pseudo-streaming server-side support for mp4 files. This module is not generated by default.
–with-http_gunzip_module
Allows building the ngx_http_gunzip module for clients that do not support the “gzip” encoding method, which uses “content-encoding: gzip” to decompress responses. This module is not generated by default.
–with-http_gzip_static_module
Allows building the ngx_http_gzip_static_module module, which allows sending precompressed files with a “.gz” file extension instead of regular files. This module is not generated by default.
–with-http_auth_request_module
Allows building the ngx_http_auth_request_module module, which implements client authorization based on the results of subrequests. This module is not generated by default.
–with-http_random_index_module
Allows building the ngx_http_random_index_module module, which handles requests ending with a slash (“/”) and selects a random file in the directory as the index file. This module is not generated by default.
–with-http_secure_link_module
Allow building the ngx_http_secure_link_module module. This module is not generated by default.
–with-http_degradation_module
Allow building the ngx_http_degradation_module module. This module is not generated by default.
–with-http_slice_module
Allows building the ngx_http_slice_module module, which splits requests into subrequests, each of which returns a range of responses. This module provides more efficient caching of large responses. This module is not generated by default.
–with-http_stub_status_module
Allows building the ngx_http_stub_status_module module, which provides access to basic status information. This module is not generated by default.
–without-http_charset_module
Disables building the ngx_http_charset_module module, which adds the specified charset to the Content-Type response header field and can convert data from one charset to another.
–without-http_gzip_module
Disable building modules that compress HTTP server responses. The zlib library is required to build and run this module.
–without-http_ssi_module
Disables the generation of the ngx_http_ssi_module module, which handles ssi (server-side includes) commands in responses passed through it.
–without-http_userid_module
Disables building the ngx_http_userid_module module, which sets cookies for client identity.
–without-http_access_module
Disables building the ngx_http_access_module module, which allows restricting access to certain client addresses.
–without-http_auth_basic_module
Disables building the ngx_http_auth_basic_module module, which allows restricting access to resources by validating username and password using the “http basic auth” protocol.
–without-http_mirror_module
Disables building the ngx_http_mirror_module module, which mirrors the original request by creating a background mirror subrequest.
–without-http_autoindex_module
Disables the generation of the ngx_http_autoindex_module module, which handles requests ending in a slash (“/”) and generates directory listings when the ngx_http_index_module module cannot find an index file.
–without-http_geo_module
Disables building the ngx_http_geo_module module, which creates value variables based on the client IP address.
–without-http_map_module
Disables building the ngx_http_map_module module, which creates variables whose values depend on the values of other variables.
–without-http_split_clients_module
Disables building the ngx_http_split_clients_module module, which creates variables for A/B testing.
–without-http_referer_module
Disables the generation of the ngx_http_referer_module module, which blocks requests with invalid values in the “referer” header field from accessing the site.
–without-http_rewrite_module
Building modules that allow HTTP servers to redirect requests and change the request URI is prohibited. Building and running this module requires the PCRE library.
–without-http_fastcgi_module
Disables building the ngx_http_fastcgi_module module that passes requests to the fastcgi server.
–without-http_uwsgi_module
Disables building the ngx_http_uwsgi_module module that passes requests to the uwsgi server.
–without-http_scgi_module
Disables the generation of the ngx_http_scgi_module module that passes requests to the scgi server.
–without-http_grpc_module
Disables the generation of the ngx_http_grpc_module module that passes requests to the grpc server.
–without-http_memcached_module
Disable the ngx_http_memcached_module module that generates responses from the memcached server.
–without-http_limit_conn_module
Disables building the ngx_http_limit_conn_module module, which limits the number of connections per key, e.g. from a single IP address.
–without-http_limit_req_module
Disables building the ngx_http_limit_req_module module, which limits the rate at which requests are processed per key, for example, for requests from a single IP address.
–without-http_empty_gif_module
Disables the module that generates emitted single-pixel transparent GIFs.
–without-http_browser_module
Disables the generation of the ngx_http_browser_module module, which creates variables whose values depend on the value of the “User-Agent” request header field.
–without-http_upstream_hash_module
Disables building modules that implement hash load balancing methods.
–without-http_upstream_ip_hash_module
Disables building modules that implement the ip_hash load balancing method.
–without-http_upstream_least_conn_module
Disables building modules that implement minimal con load balancing methods.
–without-http_upstream_random_module
Disables building modules that implement random load balancing methods.
–without-http_upstream_keepalive_module
Disable building modules that provide connection caching to the server.
–without-http_upstream_zone_module
Disables building a module that stores the runtime state of an upstream group in a shared memory area.
–with-http_perl_module
–with-http_perl_module=dynamic
Allows building embedded Perl modules. This module is not generated by default.
–with-perl_modules_path=path
Defines a directory to hold Perl modules.
–with-perl=path
Sets the name of the Perl binary.
–http-log-path=path
Sets the name of the HTTP server’s main request log file. After installation, the file name can be changed in the nginx.conf configuration file using the access_log directive. By default, the file name is prefix/logs/access.log.
–http-client-body-temp-path=path
Define a directory to store temporary files containing client request bodies. After installation, the directory can be changed in the nginx.conf configuration file using the client_body_temp_path directive. By default, the directory name is prefix/client_body_temp.
–http-proxy-temp-path=path
Defines a directory for storing temporary files with data received from the proxy server. After installation, the directory can be changed in the nginx.conf configuration file using the proxy_temp_path directive. By default, the directory name is prefix/proxy_temp.
–http-fastcgi-temp-path=path
Defines a directory for storing temporary files with data received from the FastCGI server. After installation, the directory can be changed in the nginx.conf configuration file using the fastcgi_tmp_path directive. By default, the directory name is prefix/fastcgi_temp.
–http-uwsgi-temp-path=path
Define a directory to store temporary files with data received from the uwsgi server. After installation, the directory can be changed in the nginx.conf configuration file using the uwsgi_temp_path directive. By default, the directory name is prefix/uwsgi_temp.
–http-scgi-temp-path=path
Defines the directory used to store temporary files with data received from the SCGI server. After installation, the directory can be changed in the nginx.conf configuration file using the scgi_temp_path directive. By default, the directory name is prefix/scgi_temp.
–without-http
Disable HTTP server.
–without-http-cache
Disable HTTP caching.
–with-mail
–with-mail=dynamic
Enable POP3/IMAP4/SMTP mail proxy server.
–with-mail_ssl_module
Allows building a module that adds SSL/TLS protocol support to mail proxy servers. This module is not generated by default. Building and running this module requires the OpenSSL library.
–without-mail_pop3_module
Disable the POP3 protocol in the mail proxy server.
–without-mail_imap_module
Disable the IMAP protocol in the mail proxy server.
–without-mail_smtp_module
Disable the SMTP protocol in the mail proxy server.
–with-stream
–with-stream=dynamic
Ability to build streaming modules for generic TCP/UDP proxies and load balancing. This module is not generated by default.
–with-stream_ssl_module
Allows building a module that adds SSL/TLS protocol support to the streaming module. This module is not generated by default. Building and running this module requires the OpenSSL library.
–with-stream_realip_module
Enables building the ngx_stream_realip_module module, which changes the client address to the address sent in the PROXY protocol header. This module is not generated by default.
–with-stream_geoip_module
–with-stream_geoip_module=dynamic
Allows building the ngx_stream_geoip_module module, which creates variables based on client IP addresses and precompiled MaxMind databases. This module is not generated by default.
–with-stream_ssl_preread_module
Allows building the ngx_stream_ssl_preread_module module which allows extracting information from ClientHello messages without terminating SSL/TLS. This module is not generated by default.
–without-stream_limit_conn_module
Disables building the ngx_stream_limit_conn_module module, which limits the number of connections per key, e.g. from a single IP address.
–without-stream_access_module
Disables building the ngx_stream_access_module module, which allows restricting access to certain client addresses.
–without-stream_geo_module
Disables building the ngx_stream_geo_module module, which creates variables with values that depend on the client IP address.
–without-stream_map_module
Disables building the ngx_stream_map_module module, which creates variables whose values depend on the values of other variables.
–without-stream_split_clients_module
Disables building the ngx_stream_split_clients_module module, which creates variables for A/B testing.
–without-stream_return_module
Disables building the ngx_stream_return_module module, which sends some specified value to the client and then closes the connection.
–without-stream_set_module
Disables building the ngx_stream_set_module module that sets a value for a variable.
–without-stream_upstream_hash_module
Disables building modules that implement hash load balancing methods.
-without-stream_upstream_least_conn_module
Disables building modules that implement minimal con load balancing methods.
–without-stream_upstream_random_module
Disables building modules that implement random load balancing methods.
–without-stream_upstream_zone_module
Disables building a module that stores the runtime state of an upstream group in a shared memory area.
–with-google_perftools_module
Ability to build the ngx_google_perftools_module module, which enables analysis of nginx worker processes using Google Performance Tools. This module is for nginx developers and is not built by default.
–with-cpp_test_module
Allow building the ngx_cpp_test_module module.
–add-module=path
Add external modules.
–add-dynamic-module=path
External dynamic module path
–with-compat
Enable dynamic module compatibility.
–with-cc=path
Set the name of the C compiler.
–with-cpp=path
Sets the name of the C preprocessor.
–with-cc-opt=parameters
Set additional parameters that will be added to the CFLAGS variable. When using the system PCRE library under FreeBSD, you should specify –withcc opt=”-I/usr/local/include”. If the number of files supported by select() needs to be increased, it can also be specified here, for example: –with cc opt=”-D FD_SETSIZE=2048″.
–with-ld-opt=parameters
Set other parameters that will be used during linking. When using the system PCRE library under FreeBSD, you should specify –with ld opt=”-L/usr/local/lib”.
–with-cpu-opt=cpu
Specify CPU build: pentium, pentiumpro, pentium3, pentium4, athlon, optron, sparc32, sparc64, ppc64.
–with-pcre
–without-pcre
Force/disable use of PCRE library.
–with-pcre=path
Sets the path to the source of the PCRE library. The library distribution needs to be downloaded and extracted from the PCRE site. The rest is done/configured and made by nginx. This library is required for regular expression support in location directives and the ngx_http_rewrite_module module.
–with-pcre-opt=parameters
Set other build options for PCRE.
–with-pcre-jit
Build PCRE library with “just-in-time compilation” support (1.1.12, PCRE_jit directive).
–without-pcre2
It is forbidden to use the PCRE2 library instead of the original PCRE library (1.21.5).
–with-zlib=path
Set the path to the source of the zlib library. The library distribution (version 1.1.3-1.3) needs to be downloaded and extracted from the zlib site. The rest is done/configured and made by nginx. This library is required by the ngx_http_gzip_module module.
–with-zlib-opt=parameters
Set additional build options for zlib.
–with-zlib-asm=cpu
Allows the use of zlib assembler sources optimized for one of the specified CPUs: pentium, pentiumpro.
–with-libatomic
Force use of libatomic_ops library.
–with-libatomic=path
Sets the path to the libatomic_ops library sources.
–with-openssl=path
Set the path to the OpenSSL library source.
–with-openssl-opt=parameters
Set additional build options for OpenSSL.
–with-debug
Enable debug logging.