Nginx-more is a build of Nginx with additional modules such as HTTP/2, HTTP/3, PageSpeed, Brotli, More Headers, Cache Purge, VTS, GeoIP2, Echo and ModSecurity. It's compiled using recent GCC version and latest OpenSSL sources. It also includes some built-in configurations such as WordPress and Laravel php-fpm setup. More information about this package can be found here however this post is be a bit outdated at this time. Nginx-more is supported since 2014 and used on a thousand of servers.
There's packages available for Enterprise Linux 6, 7, 8 and 9. The easiest way to install nginx-more is by using Aeris yum repository:
EL6 > yum install -y https://repo.aerisnetwork.com/pub/aeris-release-6.rpm
EL7 > yum install -y https://repo.aerisnetwork.com/pub/aeris-release-7.rpm
EL8 > dnf install -y https://repo.aerisnetwork.com/pub/aeris-release-8.rpm
EL9 > dnf install -y https://repo.aerisnetwork.com/pub/aeris-release-9.rpm
Once the repository is configured, you can proceed with installing nginx-more:
> yum install nginx-more
All configurations will be installed in default directory which is /etc/nginx/
. The package already includes a bunch of PHP-FPM configurations in conf.d/custom/
for WordPress, Laravel, Drupal, OpenCart, PrestaShop and Sendy, so you can get started in few seconds with your website hosting.
Clean vhost example for WordPress:
server {
listen 80;
listen 443 ssl;
http2 on;
server_name example.com;
root /home/www/example.com/public_html;
access_log /var/log/nginx/example.com-access_log main;
error_log /var/log/nginx/example.com-error_log warn;
if ($bad_bot) { return 444; }
include conf.d/custom/ssl.global.conf;
include conf.d/custom/restrictions.conf;
include conf.d/custom/fpm-wordpress.conf;
}
All nginx-more builds are kept in the repository. If you upgrade to a newest version and it has any issues that you don't have time to troubleshoot by looking at the nginx error_log
, you can downgrade to an older version with yum:
> yum downgrade nginx-more
Note that you cannot install nginx-more if nginx package is already installed on your system because both packages provide nginx binary and configurations. You need to choose between nginx-more OR nginx from CentOS / EPEL / Nginx repository. Nginx-more is compiled using a more recent GCC version than the others and it provides lots of ready-to-go WordPress / Laravel configurations. If nginx is already installed, it's possible to swap from nginx to nginx-more with a simple yum command, although be careful with your inplace configurations. A new install is recommended.
> yum swap nginx nginx-more
Full output of nginx configure:
> nginx -V
nginx version: nginx/1.26.2
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 11.4.1 20231218 (Red Hat 11.4.1-3) (GCC)
built with OpenSSL 3.4.0 22 Oct 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.4.0 --with-openssl-opt=enable-ktls --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_headers_more-0.37 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_brotli-1.0.0rc-2-g6e97 --add-module=modules/ngx_module_vts-0.2.2 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.63
- OpenSSL
- PageSpeed (removed ≥ el9)
- Brotli
- Virtual host traffic status
- Headers more
- Cache purge
- GeoIP2
- Echo
- ModSecurity (dynamic)
- Cloudflare TLS Dynamic Record
- Cloudflare full HPACK implementation (removed ≥ nginx 1.26.0)
Third-party modules such as PageSpeed will cause trouble while SELinux enforced. To get nginx-more works with SELinux, you need at least to turn on httpd_execmem
policy:
> yum -y install policycoreutils && setsebool -P httpd_execmem 1
> systemctl start nginx
It's possible to temporarily disable SELinux for Nginx to get started quickly:
> semanage permissive -a httpd_t
Here's two nice external blogs to help you troubleshoot SELinux with Nginx:
A simple Ansible role is available to install nginx-more and keep it updated.
Example of playbook:
- hosts: servers
roles:
- { role: karljohns0n.nginx-more }
As of writing, only one package outside EL default repositories is required to build nginx-more RPM, which is libmaxminddb-devel for module GeoIP2. It's available in EPEL however a newer version is available in Aeris repository so it's recommended to add Aeris repository in your mock configuration. We try to avoid packages that aren't available in EL but if it's the case we will build and include them in Aeris repository therefore no other third-party repository is required to build nginx-more.