NGINX from scratch

RequirementsRequirements

debian/ubuntu

apt install build-essential libpcre2-dev zlib1g-dev libssl-dev
# PCRE2, zlib and openssl libs
# libpcre3-dev

slackware

slackpkg install pcre zlib

netbsd

pkg_add pcre
pkg_add zlib
pkg_add wget mozilla-rootcerts
#mozilla-rootcerts-openssl
mozilla-rootcerts install
pkg_add gnupg

OPTIONAL - otherwise runs as nobody:nobody - let’s take same UID GID as from official repo

grep ^nginx /etc/group
grep ^nginx /etc/passwd

groupadd nginx

# gnu/linux
useradd -g nginx --system -M -d /data/www -s /sbin/nologin nginx

# netbsd
#? useradd -g nginx -M -d /data/www -s /sbin/nologin nginx

BuildingBuilding

fetch latest stable NGINX source

v=1.26.2
wget https://nginx.org/download/nginx-$v.tar.gz
wget https://nginx.org/download/nginx-$v.tar.gz.asc

import the appropriate key

wget https://nginx.org/keys/arut.key
wget https://nginx.org/keys/pluknet.key
wget https://nginx.org/keys/sb.key
wget https://nginx.org/keys/thresh.key

gpg1 --import arut.key
gpg1 --import pluknet.key
gpg1 --import sb.key
gpg1 --import thresh.key

gpg1 --verify nginx-$v.tar.gz.asc

prepare modules e.g. brotli

git clone --recurse-submodules https://github.com/google/ngx_brotli
cd ngx_brotli/deps/brotli/
mkdir out/
cd out/
apt install cmake
cmake -DCMAKE_BUILD_TYPE=Release \
    -DBUILD_SHARED_LIBS=OFF \
    -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops \
    -ffunction-sections -fdata-sections -Wl,--gc-sections" \
    -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto \
    -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
    -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd ../../../..

extract and build

tar xzf nginx-$v.tar.gz
cd nginx-$v/

we want NGINX to be available in our known PATH and MANPATH. we absolutely need that /etc/nginx/ folder as many files get deployed there.

./configure --help | less

# gnu/linux
lock=/var/lock/nginx.lock

# netbsd
mkdir /var/db/nginx/
lock=/var/db/nginx/nginx.lock

# sometimes, freshly installed systems don't have it
mkdir -p /usr/local/

user=nginx
group=nginx

./configure --prefix=/usr/local \
    --modules-path=/etc/nginx/modules \
    --add-module=../ngx_brotli \
    --conf-path=/etc/nginx/nginx.conf \
    --pid-path=/var/run/nginx.pid \
    --lock-path=$lock \
    --user=$user --group=$group \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_addition_module \
    --with-http_sub_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module

note http_ssi_module is enabled by default already.

make sure you’ve got those

adding module in ../ngx_brotli
 + ngx_brotli was configured

Configuration summary
  + using system PCRE2 library
  + using system OpenSSL library
  + using system zlib library

BuildBuild

echo $MAKEFLAGS
make > ../nginx.log && echo BUILT
make install

which nginx
nginx -V

ls -alF /etc/nginx/
ls -alF /var/log/nginx/

mkdir /etc/nginx/modules/
mkdir /etc/nginx/conf.d/

Final fixesFinal fixes

this is how we do it - that’s up to you.

mkdir -p /var/www/
mv /usr/local/html/ /var/www/
rm -f /var/www/html/*
echo '<p>nothing here' > /var/www/html/index.html

and don’t forget to setup log rotation accordingly, either with logrotage –or– with newsyslog.

Ready to goReady to go

you can now proceed with the setup

Additional notesAdditional notes

for ngx_http_xslt_module

#slackpkg install libxml2 libxslt

git clone https://github.com/aperezdc/ngx-fancyindex.git

    #--with-http_addition_module --add-module=../ngx-fancyindex \
    #--with-http_xslt_module \
    #--with-mail --with-mail_ssl_module --with-mail_smtp_module --with-mail_imap_module