NGINX from scratch

Requirements

debian/ubuntu

apt install build-essential libpcre2-dev zlib1g-dev libssl-dev
# PCRE2, zlib and openssl libs
# libpcre3-dev

slackware

slackpkg install pcre zlib

netbsd

pkg_add pcre
pkg_add zlib
pkg_add wget mozilla-rootcerts
#mozilla-rootcerts-openssl
mozilla-rootcerts install
pkg_add gnupg

OPTIONAL - otherwise runs as nobody:nobody - let’s take same UID GID as from official repo

grep ^nginx /etc/group
grep ^nginx /etc/passwd

groupadd nginx

# gnu/linux
useradd -g nginx --system -M -d /data/www -s /sbin/nologin nginx

# netbsd
#? useradd -g nginx -M -d /data/www -s /sbin/nologin nginx

Building

fetch latest stable NGINX source

v=1.26.2
wget https://nginx.org/download/nginx-$v.tar.gz
wget https://nginx.org/download/nginx-$v.tar.gz.asc

import the appropriate key

wget https://nginx.org/keys/arut.key
wget https://nginx.org/keys/pluknet.key
wget https://nginx.org/keys/sb.key
wget https://nginx.org/keys/thresh.key

gpg1 --import arut.key
gpg1 --import pluknet.key
gpg1 --import sb.key
gpg1 --import thresh.key

gpg1 --verify nginx-$v.tar.gz.asc

prepare modules e.g. brotli

git clone --recurse-submodules https://github.com/google/ngx_brotli
cd ngx_brotli/deps/brotli/
mkdir out/
cd out/
apt install cmake
cmake -DCMAKE_BUILD_TYPE=Release \
    -DBUILD_SHARED_LIBS=OFF \
    -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops \
    -ffunction-sections -fdata-sections -Wl,--gc-sections" \
    -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto \
    -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" \
    -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd ../../../..

extract and build

tar xzf nginx-$v.tar.gz
cd nginx-$v/

we want NGINX to be available in our known PATH and MANPATH. we absolutely need that /etc/nginx/ folder as many files get deployed there.

./configure --help | less

# gnu/linux
lock=/var/lock/nginx.lock

# netbsd
mkdir /var/db/nginx/
lock=/var/db/nginx/nginx.lock

# sometimes, freshly installed systems don't have it
mkdir -p /usr/local/

user=nginx
group=nginx

./configure --prefix=/usr/local \
    --modules-path=/etc/nginx/modules \
    --add-module=../ngx_brotli \
    --conf-path=/etc/nginx/nginx.conf \
    --pid-path=/var/run/nginx.pid \
    --lock-path=$lock \
    --user=$user --group=$group \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_addition_module \
    --with-http_sub_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module

note http_ssi_module is enabled by default already.

make sure you’ve got those

adding module in ../ngx_brotli
 + ngx_brotli was configured

Configuration summary
  + using system PCRE2 library
  + using system OpenSSL library
  + using system zlib library

Build

echo $MAKEFLAGS
make > ../nginx.log && echo BUILT
make install

which nginx
nginx -V

ls -alF /etc/nginx/
ls -alF /var/log/nginx/

mkdir /etc/nginx/modules/
mkdir /etc/nginx/conf.d/

Final fixes

this is how we do it - that’s up to you.

mkdir -p /var/www/
mv /usr/local/html/ /var/www/
rm -f /var/www/html/*
    echo '<p>nothing here' > /var/www/html/index.html

and don’t forget to setup log rotation accordingly, either with logrotage –or– with newsyslog.

Ready to go

you can now proceed with the setup

Additional notes

for ngx_http_xslt_module

#slackpkg install libxml2 libxslt

git clone https://github.com/aperezdc/ngx-fancyindex.git

    #--with-http_addition_module --add-module=../ngx-fancyindex \
    #--with-http_xslt_module \
    #--with-mail --with-mail_ssl_module --with-mail_smtp_module --with-mail_imap_module