How is Nginx installed

Nginx is dynamically configured and optimized out of the box based on the detected server's resources available (cpu, memory, disk etc). Currently, Nginx 1.27 mainline branch is used which is generally recommended by Nginx as it's more reliable due to all bug fixes ported to Nginx 1.27 mainline branch and not just major critical fixes which applied to the Nginx 1.26 stable branch.

You can see the developer overview of the Nginx install process here.

Use menu option #2 to add new domain's Nginx Virtual Host (vhost). Full details here. Some additional Nginx modules are compiled in by default. Read FAQ item 18 as to why source compiled vs RPM.

An example Nginx configuration compiled with GCC 13.2.1 compiler as follows with latest Centmin Mod on AlmaLinux and with optional Lua Nginx modules enabled:

nginx -V
nginx version: nginx/1.27.0 (150724-105315-almalinux9-kvm-3ff7980)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC) 
built with OpenSSL 3.0.7 1 Nov 2022
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/nginx-dep/lib -ljemalloc -lpcre -Wl,-z,relro,-z,now -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/nginx-dep/lib -pie -flto=2 -flto-compression-level=1 -fuse-ld=gold' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/nginx-dep/include -m64 -march=native -fPIC -g -O3 -fstack-protector-strong -flto=2 -flto-compression-level=1 -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Wno-pointer-sign -Wimplicit-fallthrough=0 -Wno-implicit-function-declaration -Wno-cast-align -Wno-builtin-declaration-mismatch -Wno-deprecated-declarations -Wno-int-conversion -Wno-unused-result -Wno-vla-parameter -Wno-maybe-uninitialized -Wno-return-local-addr -Wno-array-parameter -Wno-alloc-size-larger-than -Wno-address -Wno-array-bounds -Wno-discarded-qualifiers -Wno-stringop-overread -Wno-stringop-truncation -Wno-missing-field-initializers -Wno-unused-variable -Wno-format -Wno-error=unused-result -Wno-missing-profile -Wno-stringop-overflow -Wno-free-nonheap-object -Wno-discarded-qualifiers -Wno-bad-function-cast -Wno-dangling-pointer -Wno-array-parameter -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wp,-D_FORTIFY_SOURCE=2' --prefix=/usr/local/nginx --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=150724-105315-almalinux9-kvm-3ff7980 --with-compat --without-pcre2 --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-module=../zstd-nginx-module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5.3 --add-dynamic-module=../ngx_devel_kit-0.3.2 --add-dynamic-module=../set-misc-nginx-module-0.33 --add-dynamic-module=../echo-nginx-module-0.63 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.4.0-cmm --add-dynamic-module=../lua-nginx-module-0.10.26 --add-module=../stream-lua-nginx-module-0.0.14 --add-module=../memc-nginx-module-0.20 --add-module=../srcache-nginx-module-0.33 --add-dynamic-module=../headers-more-nginx-module-0.37 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.3 --with-zlib-opt=-fPIC --with-http_ssl_module --with-http_v2_module


Nginx HTTP/2 & HTTP/3 QUIC HTTPS Support

Centmin Mod added Nginx HTTP/2 SSL support with Application Layer Protocol Negotiation (ALPN) extension to TLS. Centmin Mod Nginx supports HTTP/2 HTTPS by default (with optional HTTP/3 QUIC support) via OpenSSL, LibreSSL, BoringSSL, quicTLS OpenSSL fork, and Amazon AWS-LC crypto libraries that end user can choose from and override via placing the variables outlined here in their persistent config file /etc/centminmod/custom_config.inc prior to Nginx recompiles using centmin.sh menu option 4. Source compiling allows Centmin Mod Nginx the flexibility of support more than one crypto library as outlined below.

For HTTP/3 QUIC support, you need to switch from default OpenSSL to either BoringSSL, LibreSSL, quicTLS OpenSSL fork or Amazon AWS-LC crypto libraries as outlined here.

If you switch Nginx to either BoringSSL or Amazon AWS-LC crypto libraries as outlined here, you can also optionally support Cloudflare Post-Quantum X25519Kyber768 KEM connections to Centmin Mod Nginx origin servers.

This example is built with system OpenSSL 1.1.1k FIPS on AlmaLinux 8. System OpenSSL versions usually will also be labelled with FIPS:

nginx -V
nginx version: nginx/1.27.0 (200624-001808-almalinux8-kvm-42a6e88-br-a71f931)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
built with OpenSSL 1.1.1k  FIPS 25 Mar 2021

This example is built with system OpenSSL 3.07 on AlmaLinux 9. System OpenSSL versions without the FIPS label:

nginx -V
nginx version: nginx/1.27.0 (140724-004656-almalinux9-kvm-2425f5d)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC) 
built with OpenSSL 3.0.7 1 Nov 2022

This example built with Amazon AWS-LC 1.32.0 - OpenSSL 1.1.1 (compatible; AWS-LC 1.32.0) (running with AWS-LC 1.32.0) on AlmaLinux 9 for additional Nginx HTTP/3:

nginx -V
nginx version: nginx/1.27.0 (180724-003427-almalinux9-kvm-3ff7980)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC) 
built with OpenSSL 1.1.1 (compatible; AWS-LC 1.32.0) (running with AWS-LC 1.32.0)

With OpenSSL 3.2.1 on AlmaLinux 8:

nginx -V
nginx version: nginx/1.27.0 (200624-155110-almalinux8-kvm-af1a938-br-a71f931)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
built with OpenSSL 3.2.1 30 Jan 2024

With BoringSSL on AlmaLinux 8 for additional Nginx HTTP/3:

nginx -V
nginx version: nginx/1.27.0 (200624-160228-almalinux8-kvm-af1a938-br-a71f931)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)

With LibreSSL on AlmaLinux 8 for additional Nginx HTTP/3:

nginx -V
nginx version: nginx/1.27.0 (200624-161343-almalinux8-kvm-af1a938-br-a71f931)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
built with LibreSSL 3.9.2

With quicTLS OpenSSL 3.1.5 QUIC fork for additional Nginx HTTP/3:

nginx -V
nginx version: nginx/1.27.0 (270624-020317-almalinux9-kvm-7e168f1)
built by gcc 13.2.1 20231205 (Red Hat 13.2.1-6) (GCC)
built with OpenSSL 3.1.5+quic 30 Jan 2024


Nginx Vhost Statistics

Centmin Mod also optionally supports nginx-module-vts Nginx module to provide per Nginx vhost site domain traffic statistics. You can check out how to configure and set this up on the forum here.

Below screenshot also shows up the new multiple PHP-FPM pool support in Centmin Mod 1.2.3-eva2000.08+ and higher releases.

Nginx Vhost Traffic Statistics


Enabled Nginx Modules

Nginx is compiled against Nginx 1.9 branch (which will soon support HTTP/2) with the following modules and options enabled by default:


Supported Nginx Modules Disabled By Default

The following Nginx modules are optionally supported and can be enabled via recompiling Nginx and switching on their relevant option variable in centmin.sh:


Nginx Lua & LuaJIT

Centmin Mod 1.2.3-eva2000.08+ and higher also added Openresty's Nginx Lua and LuaJIT modules. Changing centmin.sh variable from ORESTY_LUANGINX='y' to ORESTY_LUANGINX='n' and recompiling Nginx via centmin.sh menu option 4 will disable all those below listed Nginx modules if you do not want them compiled into Nginx.

ORESTY_LUANGINX='y'          # enable or disable or ORESTY_LUA* nginx modules below
ORESTY_LUANGINXVER='0.9.16'  # openresty lua-nginx-module https://github.com/openresty/lua-nginx-module
ORESTY_LUAGITVER='2.0.4'        # luagit http://luajit.org/
ORESTY_LUAMEMCACHEDVER='0.13'   # openresty https://github.com/openresty/lua-resty-memcached
ORESTY_LUAMYSQLVER='0.15'       # openresty https://github.com/openresty/lua-resty-mysql
ORESTY_LUAREDISVER='0.20'       # openresty https://github.com/openresty/lua-resty-redis
ORESTY_LUADNSVER='0.14'         # openresty https://github.com/openresty/lua-resty-dns
ORESTY_LUAUPLOADVER='0.09'      # openresty https://github.com/openresty/lua-resty-upload
ORESTY_LUAWEBSOCKETVER='0.05'   # openresty https://github.com/openresty/lua-resty-websocket
ORESTY_LUALOCKVER='0.04'        # openresty https://github.com/openresty/lua-resty-lock
ORESTY_LUASTRINGVER='0.09'      # openresty https://github.com/openresty/lua-resty-string
ORESTY_LUAREDISPARSERVER='0.10'    # openresty https://github.com/openresty/lua-redis-parser
ORESTY_LUAUPSTREAMCHECKVER='0.03'  # openresty https://github.com/openresty/lua-resty-upstream-healthcheck
ORESTY_LUALRUCACHEVER='0.04'       # openresty https://github.com/openresty/lua-resty-lrucache
ORESTY_LUARESTYCOREVER='0.1.0'     # openresty https://github.com/openresty/lua-resty-core
ORESTY_LUAUPSTREAMVER='0.03'       # openresty https://github.com/openresty/lua-upstream-nginx-module
ORESTY_LUALOGGERSOCKETVER='0.1'    # cloudflare openresty https://github.com/cloudflare/lua-resty-logger-socket
ORESTY_LUACOOKIEVER='master'       # cloudflare openresty https://github.com/cloudflare/lua-resty-cookie
ORESTY_LUAUPSTREAMCACHEVER='0.1.1' # cloudflare openresty https://github.com/cloudflare/lua-upstream-cache-nginx-module


Enabling and Adding additional Nginx module support

Not all Nginx core or 3rd party modules are enabled or added by default. So for additional functionality, you may need to add or enable certain Nginx modules to Nginx web server. For Centmin Mod users, example of how to enable Nginx WebDAV module support and add nginx-dav-ext-module support can be read here.


Nginx upgrade

If you are upgrading a server which already previously had Centmin Mod installed, you DO NOT need to run option #1 (in fact as of Centmin Mod v1.2.2-eva2000.14 it will be impossible to run centmin.sh menu option 1 as the script will detect previous install of Centmin Mod and abort the script), instead run centmin.sh menu option 4 and then centmin.sh menu option 5 for upgrading Nginx web server and upgrading PHP. You only need to run these if you upgrading to new Nginx or PHP version. If your existing Centmin Mod install has the same versions for Nginx and PHP, no need to even run those menu options.


Right way to upgrade Nginx

The centmin.sh menu option 4 will upgrade (or downgrade/recompile) Nginx web server by prompting you to enter the Nginx version you want to install. From Centmin Mod 1.2.3-eva2000.08 stable or higher, you'll also have a new centmin.sh menu option 23 for git updates. If you setup git environment via centmin.sh menu option 23, you may want to run centmin.sh menu option 23 submenu option 2, prior to running centmin.sh menu option 4 so as to ensure you're using latest Centmin Mod branch code prior to upgrading Nginx. You can see an example on the forums here.

You may receive 404 Not Found errors on php pages after Nginx upgrade. If you do, run Menu option #5 to upgrade/reinstall PHP version. You will find the latest stable and development versions on Nginx.org. The Nginx upgrade routine will do a preliminary YUM update check to make sure any new Centmin Mod options have their required YUM installed software prior to the upgrade.

You can also use the centmin.sh menu option 4 to downgrade Nginx versions as well just by entering a Nginx version you want. For Centmin Mod, I would stick with the stable version Nginx v1.9.* as there are changes to nginx.conf etc which Centmin Mod caters to in it's configuration files, which earlier Nginx versions won't support.


Automatic Nginx Config Backup

Nginx upgrade process will also backup your existing Nginx conf directory and file via 3 options in centmin.sh: NGINXBACKUP='y', NGINXCONFDIR='/usr/local/nginx/conf', NGINXBACKUPDIR='/usr/local/nginxbackup'. You will find backups of previous Nginx versions in timestamped directories located within /usr/local/nginxbackup.


Nginx upgrade - Error checking routine

Centmin Mod has an inbuilt Nginx upgrade error checking routine which checks at Nginx configure, make and make install stages for errors. If any of 3 stages have errors, the script will abort and give you an idea where and what the error is.

For example Nginx configure stage error and script abort due to missing Nginx module file for nginx-http-concat module:

configuring additional modules
adding module in ../ngx-fancyindex-ngx-fancyindex
 + ngx_http_fancyindex_module was configured
adding module in ../ngx_cache_purge-2.0
 + ngx_http_cache_purge_module was configured
adding module in ../nginx-accesskey-2.0.3
 + ngx_http_accesskey_module was configured
adding module in ../nginx-http-concat-master
./configure: error: no ../nginx-http-concat-master/config was found
***********************************************

Sat Feb 23 22:15:41 CET 2013
Error: 1, Nginx configure failed

For more detailed troubleshooting for failed upgrades, you can also check the automated logs when Nginx upgrade runs. The log directory is defined by variable CENTMINLOGDIR='/root/centminlogs' in inc/centminlogs.inc. When you run a menu option, the entire process will be logged to a time stamped text log file named ${CENTMINLOGDIR}/centminmod_${SCRIPT_VERSION}_${DT}_*.log so you can review the logs for error messages etc

Example log listing:

ls -lhrt /root/centminlogs/

total 7.3M
4.3M Apr 14 17:14 centminmod_1.2.2-eva2000.15_140412-151749_install.log
1.7M Apr 14 17:44 centminmod_1.2.2-eva2000.15_140412-173219_php_upgrade.log
 30K Apr 14 17:44 centminmod_1.2.2-eva2000.15_140412-173219_apc_reinstall.log
 89K Apr 14 17:45 centminmod_1.2.2-eva2000.15_140412-173219_memcached_reinstall.log
 24K Apr 14 17:46 centminmod_1.2.2-eva2000.15_140412-173219_suhosin_install.log
 17K Apr 14 17:49 centminmod_1.2.2-eva2000.15_140412-173219_ffmpeg_install.log
1.3M Apr 14 18:02 centminmod_1.2.2-eva2000.15_140412-173219_nginx_upgrade.log
 23K Apr 14 18:31 centminmod_1.2.2-eva2000.15_140412-183136_nsd_reinstall.log


Checking Domain's Nginx Access Log

Sometimes you need to check your domain's Nginx access log for specific error codes i.e. 404, 502, 503, 200, 301, 302 etc. Here's how you can quickly do it for Centmin Mod servers.

First go to domain's log directory (may content rotated logs (rotates at 100M sizes)

  cd /home/nginx/domains/domainname.com/log

Full output filtered on status code you enter i.e. 404, 500, 502, 503 etc

  read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' { print $0 }' access.log

Filtered on unique url accessed minus ip address and date info

  read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' {for(i=7;i<=22;i++)printf "%s ",$i;print ""}' access.log | sort -u

Filtered IP count

  read -ep "Filter which status code ? i.e. 404 : " var ; awk -v errno=${var} '$9 == 'errno' { print $1 }' access.log | sort | uniq -c | sort -n

nginx-http-concat module

For nginx-http-concat module to work, you need to compile Nginx with support for it. Centmin Mod v1.2.3-eva2000.01 leading up to 123.09beta01, would have compiled and enabled nginx-http-concat module support by default. However, Centmin Mod 123.09beta01 and newer have it disabled by default. For Centmin Mod 123.09beta01 and newer to enable nginx-http-concat module support, set NGINX_HTTPCONCAT='y' in persistent config file /etc/centminmod/custom_config.inc prior to centmin.sh menu option 4 recompiles of nginx.

Note: you may not need to use nginx-http-concat module if you are using Centmin Mod v1.2.3-eva2000.01 beta or higher as Nginx Pagespeed ngx_pagespeed module support has been added which supports combining and minifying CSS and JS url links with rewrite_css, rewrite_js, combine_css and combine_js filter options.

nginx-http-concat module is very useful for speeding up and optimizing page loading times. By combining several css or js files together you reduce page load latency by cutting down the number http requests and thus reduce the round trip time (RTT).


Example on centminmod.com

Below is an illustrated example from Centmin Mod's front index page webpagetest.org page load tests.

You will need to add to Nginx vhost configuration settings. For centminmod.com site, the following was used:

        location /css {
        concat on;
        concat_max_files 20;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
        }

        location /js {
        concat on;
        concat_max_files 20;
    add_header Pragma private;
    add_header Cache-Control "private, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
        }

Then to change the way you call the css and js files within your html code to the following - note the double ??

/css/??bootstrap.css,bootstrap-responsive.css

/js/??jquery.js,bootstrap-transition.js,bootstrap-alert.js,bootstrap-button.js,bootstrap-collapse.js


Before - no nginx-http-concat module usage:

Before number of http requests without nginx http concat


After - with nginx-http-concat module used:

After number of http requests with nginx http concat

After number of http requests with nginx http concat

After number of http requests with nginx http concat