How to install and use Nginx on CentOS 8

ADVERTISEMENTS



How to install Nginx on CentOS 8

How do I Install Nginx on CentOS 8 Linux server? How can configure the latest version of Nginx web server on a CentOS Linux 8 server using the CLI and host a static site?Nginx [engine X] is a free and open-source high-performance web server. It also acts as a reverse proxy server and load balancer. This page shows how to install Nginx on CentOS 8 and configure a static web site using the CLI.

The procedure to install Nginx web server on a CentOS Linux 8 is as follows:

Login to your cloud server or bare metal server using ssh command:

ssh user@cloud-server-ip Search for Nginx package:

sudo yum search nginx Install nginx package using the yum command on CentOS 8:

sudo yum update

sudo yum install nginx Update firewall settings and open TCP port 80 and 443. Run:

sudo firewall-cmd --permanent --zone=public --add-service=https --add-service=http

sudo firewall-cmd --reload

Let us see all commands and examples in details.

Step 1 – Update the system

Keeping your system, kernel, and update all installed packages for security is an essential sysadmin task. So update the system, run:

$ sudo yum updateinfo

$ sudo yum update

## Reboot the system if a new kernel update was installed ##

$ sudo reboot

Step 2 – Search for Nginx package

Is web server available in my Linux distro? Let us find out:

$ sudo yum search nginx

$ sudo yum list nginx

Sample outputs:

Last metadata expiration check: 1 :09:02 ago on Sun Nov 24 17 : 24 : 15 2019 . ============================== Name Exactly Matched: nginx = ============================= nginx.x86_64 : A high performance web server and reverse proxy server = ============================ Name & Summary Matched: nginx ============================= nginx-mod-mail.x86_64 : Nginx mail modules nginx-mod-stream.x86_64 : Nginx stream modules collectd-nginx.x86_64 : Nginx plugin for collectd nginx-mod-http-perl.x86_64 : Nginx HTTP perl module nginx-mod-http-xslt-filter.x86_64 : Nginx XSLT module nginx-mod-http-image-filter.x86_64 : Nginx HTTP image filter module nginx-filesystem.noarch : The basic directory layout for the Nginx server pcp-pmda-nginx.x86_64 : Performance Co-Pilot ( PCP ) metrics for the Nginx Webserver nginx-all-modules.noarch : A meta package that installs all available Nginx modules Last metadata expiration check: 1:09:02 ago on Sun Nov 24 17:24:15 2019. ============================== Name Exactly Matched: nginx ============================== nginx.x86_64 : A high performance web server and reverse proxy server ============================= Name & Summary Matched: nginx ============================= nginx-mod-mail.x86_64 : Nginx mail modules nginx-mod-stream.x86_64 : Nginx stream modules collectd-nginx.x86_64 : Nginx plugin for collectd nginx-mod-http-perl.x86_64 : Nginx HTTP perl module nginx-mod-http-xslt-filter.x86_64 : Nginx XSLT module nginx-mod-http-image-filter.x86_64 : Nginx HTTP image filter module nginx-filesystem.noarch : The basic directory layout for the Nginx server pcp-pmda-nginx.x86_64 : Performance Co-Pilot (PCP) metrics for the Nginx Webserver nginx-all-modules.noarch : A meta package that installs all available Nginx modules

What version of Nginx am I going to install? Get Nginx version information that you are going to install, execute:

$ sudo yum info nginx

Sample outputs:

Last metadata expiration check: 0 : 16 : 18 ago on Mon Jun 8 10 :07:04 2020 . Available Packages Name : nginx Epoch : 1 Version : 1.14.1 Release : 9 .module_el8.0.0+ 184 +e34fea82 Architecture : x86_64 Size : 570 k Source : nginx-1.14.1- 9 .module_el8.0.0+ 184 +e34fea82.src.rpm Repository : AppStream Summary : A high performance web server and reverse proxy server URL : http://nginx.org/ License : BSD Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, : POP3 and IMAP protocols, with a strong focus on high : concurrency, performance and low memory usage. Last metadata expiration check: 0:16:18 ago on Mon Jun 8 10:07:04 2020. Available Packages Name : nginx Epoch : 1 Version : 1.14.1 Release : 9.module_el8.0.0+184+e34fea82 Architecture : x86_64 Size : 570 k Source : nginx-1.14.1-9.module_el8.0.0+184+e34fea82.src.rpm Repository : AppStream Summary : A high performance web server and reverse proxy server URL : http://nginx.org/ License : BSD Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, : POP3 and IMAP protocols, with a strong focus on high : concurrency, performance and low memory usage.

We can lists all Nginx module streams, their profiles and states using the following dnf command:

$ sudo yum module list nginx

The default version is 1.14 but we can install version 1.16 too. Here is what it says:

Last metadata expiration check: 0:18:57 ago on Mon Jun 8 10:07:04 2020. CentOS-8 - AppStream Name Stream Profiles Summary nginx 1.14 [d] common [d] nginx webserver nginx 1.16 common nginx webserver Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

Want to try out version 1.16? Try the following commands:

$ sudo yum module reset nginx

$ sudo yum module enable nginx:1.16

## verify it version set to 1.16 ##

$ sudo yum module list nginx



Step 3 – Installing Nginx on CentOS 8

To install the latest stable nginx server, run the following yum command:

$ sudo yum install nginx

Step 4 – Enable nginx server

First, enable nginx service by running systemctl command so that it starts at server boot time:

$ sudo systemctl enable nginx

Sample outputs:

Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service ? /usr/lib/systemd/system/nginx.service.

Start the service, run:

$ sudo systemctl start nginx

Commands to start/stop/restart nginx server

Run command as per your needs.

$ sudo systemctl start nginx ## <-- start the server ##

$ sudo systemctl stop nginx ## <-- stop the server ##

$ sudo systemctl restart nginx ## <-- restart the server ##

$ sudo systemctl reload nginx ## <-- reload the server ##

$ sudo systemctl status nginx ## <-- get status of the server ##



Step 5 – Open port 80 and 443 using firewall-cmd

You must open and enable port 80 and 443 using the firewall-cmd command:

$ sudo firewall-cmd --permanent --zone=public --add-service=http --add-service=https

$ sudo firewall-cmd --reload

$ sudo firewall-cmd --list-services --zone=public

See “how to set up a firewall using FirewallD on CentOS 8” for more info

Step 6 – Test it

Verify that TCP port 80 or 443 opened using ss command command:

$ sudo ss -tulpn

Sample outputs (look out for :80 and :443 lines) :

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 10.147.164.2%eth0: 68 0.0.0.0:* users: ( ( "NetworkManager" ,pid = 50,fd=15 ) ) tcp LISTEN 0 128 0.0.0.0: 80 0.0.0.0:* users: ( ( "nginx" ,pid = 1316,fd=6 ) , ( "nginx" ,pid = 1315,fd=6 ) , ( "nginx" ,pid = 1314,fd=6 ) ) tcp LISTEN 0 128 [ :: ] :80 [ :: ] :* users: ( ( "nginx" ,pid = 1316,fd=7 ) , ( "nginx" ,pid = 1315,fd=7 ) , ( "nginx" ,pid = 1314,fd=7 ) ) tcp LISTEN 0 128 [ :: ] :443 [ :: ] :* users: ( ( "nginx" ,pid = 1316,fd=7 ) , ( "nginx" ,pid = 1315,fd=7 ) , ( "nginx" ,pid = 1314,fd=7 ) ) Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 10.147.164.2%eth0:68 0.0.0.0:* users:(("NetworkManager",pid=50,fd=15)) tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=1316,fd=6),("nginx",pid=1315,fd=6),("nginx",pid=1314,fd=6)) tcp LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=1316,fd=7),("nginx",pid=1315,fd=7),("nginx",pid=1314,fd=7)) tcp LISTEN 0 128 [::]:443 [::]:* users:(("nginx",pid=1316,fd=7),("nginx",pid=1315,fd=7),("nginx",pid=1314,fd=7))

If you do not know your server IP address run the following ip command:

$ ip a

Sample outputs:

1 : lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/ 8 scope host lo valid_lft forever preferred_lft forever inet6 :: 1 / 128 scope host valid_lft forever preferred_lft forever 6 : eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00: 16 :3e:6b:8d:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.147.164.2/ 24 brd 10.147.164.255 scope global dynamic noprefixroute eth0 valid_lft 3067sec preferred_lft 3067sec inet6 fe80:: 216 :3eff:fe6b:8df7/ 64 scope link valid_lft forever preferred_lft forever 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:16:3e:6b:8d:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.147.164.2/24 brd 10.147.164.255 scope global dynamic noprefixroute eth0 valid_lft 3067sec preferred_lft 3067sec inet6 fe80::216:3eff:fe6b:8df7/64 scope link valid_lft forever preferred_lft forever

For example my IP address reported as 10.147.164.2. Fire a web browser and type the URL(domain name)/IP address:

http://10.147.164.2

One can also use the curl command to get same info using the cli:

$ curl -I http://10.147.164.2

$ curl http://10.147.164.2



Step 7 – Configure Nginx server

Now you know how to install Nginx on a CentOS 8 server. It is time to learn about configuration options:

Config directory – /etc/nginx/

Maibn global config file – /etc/nginx/nginx.conf

TCP ports opened by Nginx – 80 (HTTP), 443 (HTTPS)

(HTTP), (HTTPS) Default web document root directory – /usr/share/nginx/html

Access log file – /var/log/nginx/access.log

Error log file – /var/log/nginx/error.log

To edit files use a text editor such as vi command/nano command:

$ sudo vi /etc/nginx/nginx.conf

Sample outputs:

# For more information on configuration, see: user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024 ; } http { log_format main '$remote_addr - $remote_user [ $time_local ] "$request" ' '$status $body_bytes_sent "$http_referer" ' ' "$http_user_agent" "$http_x_forwarded_for" '; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65 ; types_hash_max_size 2048 ; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [ :: ] : 80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 / 404 .html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } # For more information on configuration, see: user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }

See Nginx server docs here.

You can upload or copy your html/css/js and images to /usr/share/nginx/html/

$ cd /usr/share/nginx/html/

$ sudo cp /backups/cyberciti.biz/*.html .

$ sudo cp /backups/cyberciti.biz/*.css .

Copy from local desktop to the remote server using the rsync command or scp command/sftp command:

$ rsync ~/projects/static/www.cyberciti.biz/prod/* your-username@10.147.164.2:/usr/share/nginx/html/

Step 8 – Setting up virtual domain/host

Let us create a new user for our virtual host by typing the following useradd command:

$ sudo useradd -d /home/cyberciti.biz -m -k /dev/null -s /usr/sbin/nologin cbz-www

Where,

-d /home/cyberciti.biz : Home directory to store all files for our virtual domain named cyberciti.biz

: Home directory to store all files for our virtual domain named cyberciti.biz -m : Make a new directory to store files.

: Make a new directory to store files. -k /dev/null : Do not create any dot files in the directory.

: Do not create any dot files in the directory. -s /usr/sbin/nologin : Do not allow cbz-www user to log in into the server. This is a security feature.

: Do not allow cbz-www user to log in into the server. This is a security feature. cbz-www : User name for my virtual domain called cyberciti.biz

Lock the Linux user account, enter:

$ sudo passwd -l cbz-www

Next make html dir using the mkdir command:

$ sudo mkdir -pv /home/cyberciti.biz/html

mkdir: created directory '/home/cyberciti.biz/html'

Finally, make a sample html page as follows for testing purpose using a text editor such as vim command/nano command:

$ sudo vim /home/cyberciti.biz/html/index.html

< html > < head > < title > www.cyberciti.biz - welcome to my sweet home page < / title > < / head > < body > < h2 > www.cyberciti.biz - virtual domain < / h2 > < p > This is a test page running on: < / p > < ul > < li > CentOS Linux 8.0 < / li > < li > Nginx web server < / li > < / ul > < hr > < small > Send all feedback and errors to me @ webmaster@cyberciti.biz < / small > < / body > < / html > <html> <head> <title>www.cyberciti.biz - welcome to my sweet home page</title> </head> <body> <h2>www.cyberciti.biz - virtual domain</h2> <p>This is a test page running on:</p> <ul> <li>CentOS Linux 8.0</li> <li>Nginx web server</li> </ul> <hr> <small>Send all feedback and errors to me @ webmaster@cyberciti.biz</small> </body> </html>

Set permission using the chown command/[nicmd name=”chmod”] and correct SELinux permissions using the chcon command:

$ sudo chmod -R 0555 /home/cyberciti.biz/

$ sudo chown -R cbz-www:cbz-www /home/cyberciti.biz/

changed ownership of '/home/cyberciti.biz/html/index.html' from root:root to cbz-www:cbz-www

changed ownership of '/home/cyberciti.biz/html' from root:root to cbz-www:cbz-www

ownership of '/home/cyberciti.biz/' retained as cbz-www:cbz-www

## avoid errors when SELinux enabled and root is outside /usr/local/share/www OR /var/www ##

$ sudo chcon -vR system_u:object_r:httpd_sys_content_t:s0 /home/cyberciti.biz/

Create a virtual domain/host block file with the correct config options:

$ sudo vim /etc/nginx/conf.d/cyberciti.biz.conf

Append the following directives:

server { ## Listen to TCP port 80 ## listen 80 ; listen [ :: ] : 80 ; ## Set document web root to directory ## root /home/cyberciti.biz/html; index index.html; ## Set virtual domain/host name here ## server_name cyberciti.biz www.cyberciti.biz; ## Set default access and error log file ## access_log /var/log/nginx/cyberciti.biz_access.log main; error_log /var/log/nginx/cyberciti.biz_error.log; ## Set default error ## location / { try_files $uri $uri/ = 404 ; } } server { ## Listen to TCP port 80 ## listen 80; listen [::]:80; ## Set document web root to directory ## root /home/cyberciti.biz/html; index index.html; ## Set virtual domain/host name here ## server_name cyberciti.biz www.cyberciti.biz; ## Set default access and error log file ## access_log /var/log/nginx/cyberciti.biz_access.log main; error_log /var/log/nginx/cyberciti.biz_error.log; ## Set default error ## location / { try_files $uri $uri/ =404; } }

Check Nginx for syntax errors:

$ sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

If not erros means reload the Nginx server:

$ sudo nginx -s reload

## or ##

$ sudo systemcl reload nginx

Start a web-browser and type virtual domain url. For instance:

http://your-domain-name-here

http://www.cyberciti.biz



Step 9 – View log files

Use the tail command/cat command or grep command/egrep command as follows:

$ sudo cat /var/log/nginx/cyberciti.biz_access.log

$ sudo grep 'GET /foo' /var/log/nginx/cyberciti.biz_access.log

$ sudo tail -f /var/log/nginx/cyberciti.biz_error.log

Sample session

10.147.164.2 - - [08/Jun/2020:12:12:37 +0000] "HEAD /index.html HTTP/1.1" 404 0 "-" "curl/7.61.1" "-" 10.147.164.2 - - [08/Jun/2020:12:13:12 +0000] "HEAD /index.html HTTP/1.1" 200 0 "-" "curl/7.61.1" "-" 10.147.164.2 - - [08/Jun/2020:12:13:14 +0000] "HEAD /index.html HTTP/1.1" 200 0 "-" "curl/7.61.1" "-" 10.147.164.2 - - [08/Jun/2020:12:13:19 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.61.1" "-" 10.147.164.2 - - [08/Jun/2020:12:15:21 +0000] "GET /index.html HTTP/1.1" 200 348 "-" "curl/7.61.1" "-" 10.147.164.1 - - [08/Jun/2020:12:15:49 +0000] "HEAD /index.html HTTP/1.1" 200 0 "-" "curl/7.68.0" "-" 139.151.zzz.yyy - - [08/Jun/2020:12:28:04 +0000] "GET / HTTP/1.1" 200 348 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/83.0.4103.61 Chrome/83.0.4103.61 Safari/537.36" "-" 139.151.zzz.yyy- - [08/Jun/2020:12:28:04 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://52.44.236.32/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/83.0.4103.61 Chrome/83.0.4103.61 Safari/537.36" "-"

How to secure Nginx server

See “Top 25 Nginx Web Server Best Security Practices” and “40 Linux server security tips” for more info.

Conclusion

You just learned how to install, set up and configure Nginx server on a CentOS Enterprise Linux 8 server. Further we explained how to open TCP ports and configure virtual hosting. Next you can install PHP/MySQL or Python/Perl to run your webapps. See nginx docs here for more information.



1 of 3 in the Linux, Nginx, MySQL, PHP (LEMP) Stack for CentOS 8 Tutorial series. Keep reading the rest of the series: Nginx on CentOS 8 PHP 7.x on CentOS 8 For Nginx Setup Let's Encrypt on CentOS 8 for Nginx This entry isofin theseries. Keep reading the rest of the series: