How To Build NGINX from Source (Compile) on Centos7

Introduction

NGINX has earned its reputation as a high-performance web server and reverse proxy that plays a crucial role in optimizing website speed and enhancing overall performance. By build NGINX from source on Centos 7, an open-source operating system, you can harness its full potential while tailoring it to your specific server requirements.

In this comprehensive guide, we’ll walk you through the process of how to build NGINX from source on Centos7 in order to unlock superior performance and optimize your online presence.

Why Build NGINX from Source?

While you can install NGINX using package managers like yum or dnf, building it from source offers certain advantages. Building from source allows you to customize the compilation to your server’s specific hardware, enabling optimized performance. Additionally, you have the flexibility to incorporate or exclude specific modules. This strategic approach reduces unnecessary bloat and further elevates the speed and SEO performance of your website.

Some key features and use cases of NGINX include:

1. Web Server: NGINX can serve static files such as HTML, CSS, JavaScript, and media files directly to clients. It provides fast and efficient delivery of static content.
2. Reverse Proxy: NGINX acts as an intermediary between clients and backend servers. It receives client requests and forwards them to the appropriate backend server based on various criteria such as load balancing algorithms, server health checks, and request routing rules.
3. Efficient Load Balancing: NGINX excels in efficiently distributing incoming requests across multiple backend servers. This capability optimizes resource utilization, enhances overall web application performance, and ensures improved availability.
4. SSL/TLS Termination: NGINX can handle SSL/TLS encryption and decryption, offloading this resource-intensive task from backend servers. It simplifies the management of SSL certificates and enables secure HTTPS connections.
5. Caching: NGINX includes caching capabilities to store frequently accessed content in memory, reducing the load on backend servers and improving response times for subsequent requests.
6. High Availability: NGINX can be configured in high-availability setups, where multiple instances work together to ensure continuous service availability even in the event of server failures or high traffic loads.

NGINX is highly configurable and supports a wide range of configurations and modules. It is widely used by large-scale websites, content delivery networks (CDNs), and web applications that require high performance,

Prerequisites

Requirements for Build NGINX from Source Centos7.

Mandatory requirements:

• GNU Compiler Collection (GCC)
• OpenSSL library version openssl-3.1.0
• Zlib library version between 1.1.3 – 1.2.11
• PCRE library version between 4.4 – 8.42

Optional requirements:

• Perl
• LibGD
• MaxMind GeoIP Legacy C Library
• libxml2
• libxslt

Build NGINX from Source Centos7

Compared to certain other UNIX/Linux software, Nginx stands out for its lightweight nature and minimal library dependencies. The default build configuration relies on just three essential libraries for installation: OpenSSL/LibreSSL/BoringSSL, Zlib, and PCRE.

Step 1: System Update and Install Some Tools

Start by updating your system’s repositories and installed software packages to ensure you have the latest updates:

[samm@nginx ~]$ sudo yum update -y
[samm@nginx ~]$ sudo yum install -y vim curl wget tree

Step 2: Install Required Packages

NGINX’s successful compilation relies on several libraries and tools. Install the required dependencies using the following command:

[samm@nginx ~]$ sudo yum groupinstall "Development Tools" -y
[samm@nginx ~]$ sudo yum install -y make perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel pcre-devel gd gd-devel GeoIP GeoIP-devel openssl-devel

Step 3: Download NGINX Source Code and Configure

Before you download the Nginx source code, visit the official NGINX website to identify and obtain the latest stable source code link. Once you’ve obtained the link, use the wget command to download the source code:

[samm@nginx ~]$ cd /var
[samm@nginx ~]$ sudo mkdir source
[samm@nginx ~]$ cd source/

• nginx-1.24.0

[samm@nginx source]$ sudo wget http://nginx.org/download/nginx-1.24.0.tar.gz  && sudo tar zxvf nginx-1.24.0.tar.gz

• pcre-8.45

[samm@nginx source]$ sudo wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz --no-check-certificate && sudo tar xzvf pcre-8.45.tar.gz

• zlib-1.2.11

[samm@nginx source]$ sudo wget https://zlib.net/fossils/zlib-1.2.11.tar.gz && sudo tar xzvf zlib-1.2.11.tar.gz

• openssl-3.1.0

[samm@nginx source]$ sudo wget https://www.openssl.org/source/openssl-3.1.0.tar.gz && sudo tar xzvf openssl-3.1.0.tar.gz

Step 4: Configure NGINX from Source

Go to the extracted directory by using this command

[samm@nginx source]$ cd nginx-1.24.0/
[samm@nginx nginx-1.24.0]$ sudo cp man/nginx.8 /usr/share/man/man8
[samm@nginx nginx-1.24.0]$ ls /usr/share/man/man8/ | grep nginx.8.gz
[samm@nginx nginx-1.24.0]$ man nginx

Initiate the configuration process using the ./configure script. This script allows for customization of the compilation process. The full documentation is in here: Building Nginx from Sources. For example, you can optimize NGINX for your server’s architecture and define the installation directory:

[samm@nginx nginx-1.24.0]$ sudo ./configure --prefix=/etc/nginx 
            --sbin-path=/usr/sbin/nginx 
            --modules-path=/usr/lib/nginx/modules 
            --conf-path=/etc/nginx/nginx.conf 
            --error-log-path=/var/log/nginx/error.log 
            --pid-path=/var/run/nginx.pid 
            --lock-path=/var/run/nginx.lock 
            --user=nginx 
            --group=nginx 
            --build=Debian 
            --builddir=nginx-1.24.0 
            --with-select_module 
            --with-poll_module 
            --with-threads 
            --with-file-aio 
            --with-http_ssl_module 
            --with-http_v2_module 
            --with-http_realip_module 
            --with-http_addition_module 
            --with-http_xslt_module=dynamic 
            --with-http_image_filter_module=dynamic 
            --with-http_geoip_module=dynamic 
            --with-http_sub_module 
            --with-http_dav_module 
            --with-http_flv_module 
            --with-http_mp4_module 
            --with-http_gunzip_module 
            --with-http_gzip_static_module 
            --with-http_auth_request_module 
            --with-http_random_index_module 
            --with-http_secure_link_module 
            --with-http_degradation_module 
            --with-http_slice_module 
            --with-http_stub_status_module 
            --with-http_perl_module=dynamic 
            --with-perl_modules_path=/usr/share/perl/5.26.1 
            --with-perl=/usr/bin/perl 
            --http-log-path=/var/log/nginx/access.log 
            --http-client-body-temp-path=/var/cache/nginx/client_temp 
            --http-proxy-temp-path=/var/cache/nginx/proxy_temp 
            --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp 
            --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp 
            --http-scgi-temp-path=/var/cache/nginx/scgi_temp 
            --with-mail=dynamic 
            --with-mail_ssl_module 
            --with-stream=dynamic 
            --with-stream_ssl_module 
            --with-stream_realip_module 
            --with-stream_geoip_module=dynamic 
            --with-stream_ssl_preread_module 
            --with-compat 
            --with-pcre=../pcre-8.45 
            --with-pcre-jit 
            --with-zlib=../zlib-1.2.11 
            --with-openssl=../openssl-3.1.0 
            --with-openssl-opt=no-nextprotoneg 
            --with-debug

Step 5: Build (Compile) and Install NGINX

After custom configuration complete we can now compile NGINX source code by using this command :

[samm@nginx nginx-1.24.0]$ sudo make

This process will require a bit of time. Once completed, proceed to install the compiled source code using the following command.

[samm@nginx nginx-1.24.0]$ sudo make install

To verify the installation, you can check the Nginx version

[samm@nginx ~]$ sudo nginx -V
nginx version: nginx/1.24.0 (CentOS)
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 3.1.0 14 Mar 2023
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --build=CentOS --builddir=nginx-1.24.0 --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-perl_modules_path=/usr/share/perl/5.26.1 --with-perl=/usr/bin/perl --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-compat --with-pcre=../pcre-8.44 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-3.1.0 --with-openssl-opt=no-nextprotoneg --with-debug

Step 6: Set Up Folder and User NGINX

[samm@nginx ~]$ sudo mkdir -p /var/cache/nginx/{client_temp,fastcgi_temp,proxy_temp,scgi_temp,uwsgi_temp}

[samm@nginx ~]$ sudo chmod 700 /var/cache/nginx/*
[samm@nginx ~]$ sudo chown nginx:nginx /var/cache/nginx/*

[samm@nginx ~]$ sudo mkdir /etc/nginx/{conf.d,snippets,ssl}
[samm@nginx ~]$ sudo chmod 640 /var/log/nginx/*
[samm@nginx ~]$ sudo chown nginx:nginx /var/log/nginx/access.log
[samm@nginx ~]$ sudo chown nginx:nginx /var/log/nginx/error.log

[samm@nginx ~]$ mkdir ~/.vim/
[samm@nginx ~]$ sudo cp -r /var/source/nginx-1.24.0/contrib/vim/* ~/.vim/
[samm@nginx ~]$ sudo mkdir /root/.vim/
[samm@nginx ~]$ sudo cp -r /var/source/nginx-1.24.0/contrib/vim/* /root/.vim/

Symlink /usr/lib64/nginx/modules to /etc/nginx/modules directory. /etc/nginx/modules is a standard place for Nginx modules:

[samm@nginx ~]$ sudo ln -s /usr/lib64/nginx/modules /etc/nginx/modules

Create user nginx

[samm@nginx ~]$ sudo useradd --system --home /var/cache/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx

[samm@nginx ~]$ sudo tail -n 1 /etc/passwd /etc/group /etc/shadow
==> /etc/passwd <==
saslauth:x:992:76:Saslauthd user:/run/saslauthd:/sbin/nologin

==> /etc/group <==
screen:x:84:

==> /etc/shadow <==
saslauth:!!:19128::::::

Step 7: Create an Nginx Systemd unit file

To enable the service, we’re going to have to add a script with following lines:

[samm@nginx ~]$ sudo vi /usr/lib/systemd/system/nginx.service
[Unit]
Description= Nginx High Performance Webserver
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

After that enable nginx on boot

[samm@nginx ~]$ sudo systemctl enable nginx.service
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /etc/systemd/system/nginx.service.

[samm@nginx ~]$ sudo systemctl start nginx.service
[samm@nginx ~]$ sudo systemctl is-enabled nginx.service
enabled

samm@nginx:~$ sudo systemctl status nginx.service
● nginx.service - Nginx - High Performance Webserver
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2022-12-08 02:36:58 WIB; 21s ago
     Docs: https://nginx.org/en/docs/
  Process: 16571 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
  Process: 16572 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 16573 (nginx)
    Tasks: 2 (limit: 4699)
   Memory: 1.9M
   CGroup: /system.slice/nginx.service
           ├─16573 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           └─16574 nginx: worker process

Dec 08 02:36:58 nginx systemd[1]: Starting Nginx - High Performance Webserver...
Dec 08 02:36:58 nginx nginx[16571]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Dec 08 02:36:58 nginx nginx[16571]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Dec 08 02:36:58 nginx systemd[1]: Started Nginx - High Performance Webserver.

Step 8: Create Custom “nginx.conf” File

[samm@nginx ~]$ sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.ori
[samm@nginx ~]$ sudo vi /etc/nginx/nginx.conf

user            nginx;
worker_processes    2;

error_log       /var/log/nginx/error.log warn;
pid         /var/run/nginx.pid;


events {
  worker_connections    1024;
}


http {
    include     /etc/nginx/mime.types;
    default_type    application/octet-stream;

    ## Block spammers and other unwanted visitors  ##
    #  include block-ip.conf;

    server_tokens   off;

    proxy_http_version  1.1;
    proxy_set_header    Connection "";

    proxy_set_header    Host $host;
    proxy_set_header    Upgrade $http_upgrade;
    proxy_set_header    Connection "upgrade";
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

    add_header      "Strict-Transport-Security" "max-age=31536000";
    add_header      "X-XSS-Protection" "1; mode=block";
    add_header      "X-Content-Type-Options" "nosniff";
    add_header      "X-Permitted-Cross-Domain-Policies" "none";

    log_format  main    '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';

    access_log          /dev/null;
    error_log           /dev/null;

    sendfile        on;
   #tcp_nopush      on;

    keepalive_timeout   65;

    client_body_buffer_size     50M;
    client_max_body_size        50M;

        gzip            on;
        gzip_http_version   1.1;
        gzip_comp_level     5;
        gzip_min_length     256;
        gzip_proxied        any;
        gzip_vary       on;
        gzip_types
                application/atom+xml
                application/javascript
                application/json
                application/rss+xml
                application/vnd.ms-fontobject
                application/x-font-ttf
                application/x-web-app-manifest+json
                application/xhtml+xml
                application/xml
                font/opentype
                image/svg+xml
                image/x-icon
                text/css
                text/plain
                text/x-component;
        gzip_disable        "MSIE [1-6].";

    include /etc/nginx/conf.d/*.conf;
}

Then restart Nginx web server after the configuration.

[samm@nginx ~]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[samm@nginx ~]$ sudo systemctl restart nginx

Step 9: Create Logrotate File

Logrotate is useful for rotating the Nginx log so it will not write on a single file continuously. First, create a new file on the logrotate folder.

[samm@nginx ~]$ sudo vi /etc/logrotate.d/nginx

Copy & Paster this code

/var/log/nginx/*.log {
    daily
    missingok
    rotate 52
    compress
    delaycompress
    notifempty
    create 0644 nginx nginx
    sharedscripts
    postrotate
            if [ -f /var/run/nginx.pid ]; then
                    kill -USR1 `cat /var/run/nginx.pid`
            fi
    endscript
}

[samm@nginx ~]$sudo logrotate -f /etc/logrotate.d/nginx

Step 10: Adjusting Firewall Rules

If you’re using a firewall, allow HTTP (80) and HTTPS (443) traffic, use following commands:

[samm@nginx ~]$ sudo firewall-cmd --zone=public --permanent --add-service=http
[samm@nginx ~]$ sudo firewall-cmd --zone=public --permanent --add-service=https
[samm@nginx ~]$ sudo firewall-cmd --reload

Step 11: Testing NGINX

Finally, verify that NGINX is running by accessing your server’s IP address or domain name in a web browser. You should see the default NGINX welcome page.

http://<your-nginx-ip-address>

Conclusion

The process of building NGINX from source on Centos 7 empowers you to harness the true potential of this high-performance web server, leading to optimized website. This guide has taken you through a step-by-step journey, ensuring you’re equipped to optimize your online presence through NGINX customization. Remember to stay updated with NGINX releases and configurations to continue enjoying the benefits of a finely tuned and high-performing web server.

Also Read Our Other Guides :

• How To Install Nginx on CentOS 7: A Comprehensive Guide
• How To Build NGINX from Source on Ubuntu Server 22.04
• How To Build NGINX from Source (Compile) on Rocky Linux 9
• How To Build NGINX from Source (Compile) on Debian 11

That’s it! Now you build NGINX from source (compile) and put in modules that you want to include in Nginx.

Finally, now you have learned how to Build NGINX from Source Centos7.