nginx: Linux packages

Currently, nginx packages are available for the following distributions and versions:

RHEL/CentOS:

Version Supported Platforms
5.x x86_64, i386
6.x x86_64, i386
7.x x86_64

Debian:

Version Codename Supported Platforms
6.x squeeze x86_64, i386
7.x wheezy x86_64, i386
8.x jessie x86_64, i386

Ubuntu:

Version Codename Supported Platforms
10.04 lucid x86_64, i386
12.04 precise x86_64, i386
14.04 trusty x86_64, i386, aarch64/arm64
14.10 utopic x86_64, i386

SLES:

Version Supported Platforms
12 x86_64

To enable automatic updates of Linux packages set up the yum repository for the RHEL/CentOS distributions, the apt repository for the Debian/Ubuntu distributions, or the zypper repository for SLES.

Pre-Built Packages for Stable version

To set up the yum repository for RHEL/CentOS, choose the corresponding nginx-release package from the list:

This package contains yum configuration file and a public PGP key necessary to authenticate signed RPMs. Download and install it, then run the following:

yum install nginx

Alternatively, a repository configuration can be added manually without installing the nginx-release package. Create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1

Replace “OS” with “rhel” or “centos”, depending on the distribution used, and “OSRELEASE” with “5”, “6”, or “7”, for 5.x, 6.x, or 7.x versions, respectively.

For Debian/Ubuntu, in order to authenticate the nginx repository signature and to eliminate warnings about missing PGP key during installation of the nginx package, it is necessary to add the key used to sign the nginx packages and repository to the apt program keyring. Please download this key from our web site, and add it to the apt program keyring with the following command:

sudo apt-key add nginx_signing.key

For Debian replace codename with Debian distribution codename, and append the following to the end of the /etc/apt/sources.list file:

deb http://nginx.org/packages/debian/ codename nginx
deb-src http://nginx.org/packages/debian/ codename nginx

For Ubuntu replace codename with Ubuntu distribution codename, and append the following to the end of the /etc/apt/sources.list file:

deb http://nginx.org/packages/ubuntu/ codename nginx
deb-src http://nginx.org/packages/ubuntu/ codename nginx

For Debian/Ubuntu then run the following commands:

apt-get update
apt-get install nginx

For SLES run the following command:

zypper addrepo -G -t yum -c 'http://nginx.org/packages/sles/12' nginx

Pre-Built Packages for Mainline version

To set up the yum repository for RHEL/CentOS, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1

Replace “OS” with “rhel” or “centos”, depending on the distribution used, and “OSRELEASE” with “5”, “6”, or “7”, for 5.x, 6.x, or 7.x versions, respectively.

For Debian/Ubuntu, in order to authenticate the nginx repository signature and to eliminate warnings about missing PGP key during installation of the nginx package, it is necessary to add the key used to sign the nginx packages and repository to the apt program keyring. Please download this key from our web site, and add it to the apt program keyring with the following command:

sudo apt-key add nginx_signing.key

For Debian replace codename with Debian distribution codename, and append the following to the end of the /etc/apt/sources.list file:

deb http://nginx.org/packages/mainline/debian/ codename nginx
deb-src http://nginx.org/packages/mainline/debian/ codename nginx

For Ubuntu replace codename with Ubuntu distribution codename, and append the following to the end of the /etc/apt/sources.list file:

deb http://nginx.org/packages/mainline/ubuntu/ codename nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ codename nginx

For Debian/Ubuntu then run the following commands:

apt-get update
apt-get install nginx

For SLES run the following command:

zypper addrepo -G -t yum -c 'http://nginx.org/packages/mainline/sles/12' nginx

Configure Arguments

Configure arguments common for nginx binaries from pre-built packages for stable version:

--prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_stub_status_module
--with-http_auth_request_module
--with-mail
--with-mail_ssl_module
--with-file-aio
--with-http_spdy_module
--with-ipv6

Packages for mainline version also have the following arguments:

--with-threads
--with-stream
--with-stream_ssl_module

Package are built with all modules that do not require additional libraries to avoid extra dependencies.

Signatures

Both RPM packages and Debian/Ubuntu repositories use digital signatures to verify the integrity and origin of the downloaded package. In order to check a signature it is necessary to download nginx signing key and import it to the rpm or apt program’s keyring:

On Debian/Ubuntu/SLES signatures are checked by default, but on RHEL/CentOS it is necessary to set

gpgcheck=1

in the /etc/yum.repos.d/nginx.repo file.

Since our PGP keys and packages are located on the same server, they are equally trusted. It is highly advised to additionally verify the authenticity of the downloaded PGP key. PGP has the “Web of Trust” concept, when a key is signed by someone else’s key, that in turn is signed by another key and so on. It often makes possible to build a chain from an arbitrary key to someone’s key who you know and trust personally, thus verify the authenticity of the first key in a chain. This concept is described in details in GPG Mini Howto. Our keys have enough signatures, and their authenticity is relatively easy to check.