Installing NGINX on CentOS 7

This a quick note on how to install the latest NGINX server on my CentOS 7, using the pakages provided by the NGINX team. Β I share this post as it mayΒ help any visitor.

The official info about the official NGINX packages is in NGINX’s site

As root you can add the repository file for mainline version:

cat << EOT > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOT

If you want to use the stable version you’d execute:

cat << EOT > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOT

Then just use yum:

yum install -y nginx

And manage the service as usual (start the service, enable it at boot time and check the status):

service start nginx

service enable nginx

service status nginx

If you want to check the version you’ve just installed (e.g I’m using the latest mainline version July/2016):

# nginx -v
nginx version: nginx/1.11.2

And that’s all, just a note for my reference for the future, hope it helps you too πŸ™‚

 

Advertisements

CentOS 7 – Installing NGINX + Phusion Passenger

Update: Please read the instructions provided by the Phusion Passenger developers for a detailed and updated how-to.

Today, I’m sharing with you how I’ve installed NGINX and Phusion Passenger in my CentOS 7 lab using the RPM packages provided kindly by Ulyaoth. Β Phusion Passenger offers an installer (passenger-install-nginx-module) that helps you to install NGINX and Passenger easily and in five minutes, but Ulyaoth’s sbagmeijer does an impressive work packaging so many useful tools and servers and it’s always a good idea to use RPMs.

We’ll start configuring the EPEL and Ulyaoth repositories:

cat <<EOT > /etc/yum.repos.d/uylaoth.repo
[ulyaoth]
name=Ulyaoth Repository
baseurl=https://repos.ulyaoth.net/CentOS/\$releasever/\$basearch/
enabled=1
gpgcheck=1
gpgkey=https://raw.githubusercontent.com/sbagmeijer/ulyaoth/master/Repository/ulyaoth/SOURCES/RPM-GPG-KEY-ulyaoth
EOT

yum install -y epel-release

Now we’ll install the nginx-passenger package from the Ulyaoth repository:

yum install -y ulyaoth-nginx-passenger5

We’ll set the server name in the /etc/nginx/conf.d/default.conf file:

server_name tornasol.artemit.local;

We’ll change the following line in the /etc/nginx/conf.d/passenger.conf

passenger_instance_registry_dir /var/run/passenger;

We’ll add the following line in the /root/.bash_profile file to add a new environment var needed by passenger-status (remember to open a new session to load the new var :-D):

echo 'export PASSENGER_INSTANCE_REGISTRY_DIR=/var/run/passenger' >> /root/.bash_profile

We’ll create the /var/run/passenger directory and set permissions and ownership:

mkdir /var/run/passenger
chmod -R 755 /var/run/passenger
chown -R nginx:nginx /var/run/passenger

We’ll add the following config file so /var/run/passenger temporary directory is created after a system restart:

cat <<EOT > /etc/tmpfiles.d/passenger.conf
d /var/run/passenger 0755 nginx nginx
EOT

We should add a rule to the firewall allowing http traffic:

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="80" protocol="tcp" accept'

firewall-cmd --reload

We should enable the service to start at boot time:

systemctl enable nginx.service

Finally we’ll start the service and check that it’s running (we’ll see nginx and Passenger binaries):

systemctl start nginx.service
systemctl status nginx.service

[...]
nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: active (running) since vie 2015-04-03 12:41:52 CEST; 8s ago
...
CGroup: /system.slice/nginx.service
β”œβ”€20924 PassengerAgent watchdog
β”œβ”€20927 PassengerAgent server
β”œβ”€20932 PassengerAgent logger
β”œβ”€20942 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
└─20944 nginx: worker process
[...]

And don’t forget to test your NGINX server listening by default in port 80:

captura_nginx_running

Of course if you’re using SELinux you may run the following commands.

yum install -y policycoreutils-python

We’ll change the context for the root html directory (we set read and write permissions, you can set readonly permissiones using httpd_sys_content_t instead) :

semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/html(/.*)?"
restorecon -Rv /usr/share/nginx/html

We’ll change the context for the passenger log directory :

semanage fcontext -a -t httpd_log_t "/var/log/passenger(/.*)?"
restorecon -Rv /var/log/passenger

We’ll change the context for the PassengerAgent binary:

semanage fcontext -a -t httpd_exec_t "/etc/nginx/modules/passenger/buildout/support-binaries/PassengerAgent"
restorecon -v /etc/nginx/modules/passenger/buildout/support-binaries/PassengerAgent

We’ll change the context for Passenger’s native support:

semanage fcontext -a -t httpd_exec_t /etc/nginx/modules/passenger/buildout/ruby/ruby-2.0.0-x86_64-linux/passenger_native_support.so
restorecon -v /etc/nginx/modules/passenger/buildout/ruby/ruby-2.0.0-x86_64-linux/passenger_native_support.so

We’ll change the context for passenger-status and passenger-memory-stats:

semanage fcontext -a -t bin_t "/etc/nginx/modules/passenger/bin/passenger-memory-stats"
semanage fcontext -a -t bin_t "/etc/nginx/modules/passenger/bin/passenger-status"
restorecon -v /etc/nginx/modules/passenger/bin/passenger-memory-stats
restorecon -v /etc/nginx/modules/passenger/bin/passenger-status

We’ll set the following SELinux boolean variables:

setsebool -P httpd_run_stickshift 1
setsebool -P httpd_setrlimit 1
setsebool -P httpd_tmp_exec 1

We’ll add an SELinux policy so PassengerAgent runs fine:

yum install -y policycoreutils-devel

mkdir /root/policy
cd /root/policy

cat < /root/policy/passengeragent.te
policy_module(passengeragent, 1.0)
gen_require(\`
type httpd_t;
type httpd_tmp_t;
type httpd_var_run_t;
type kernel_t;
class capability2 block_suspend;
class capability sys_ptrace;')

allow httpd_t self:capability2 block_suspend;
allow httpd_t self:capability sys_ptrace;
allow httpd_t httpd_tmp_t:file execute;
allow httpd_t httpd_var_run_t:file execute;
EOT

make -f /usr/share/selinux/devel/Makefile passengeragent.pp

semodule -i passengeragent.pp

And that’s all, I hope this post helps you and I wait for your feedback about errors and suggestions.

Thanks for reading!