CentOSRHEL Based

How To Install Nginx on CentOS Stream 10

r00t

Install Nginx on CentOS Stream 10

Nginx, pronounced “engine-x,” is a powerful, open-source web server that has gained immense popularity due to its high performance, stability, and rich feature set. As websites and web applications continue to evolve, the demand for efficient and reliable web servers has never been greater. In this comprehensive guide, we’ll walk you through the process of installing Nginx 1.26, the latest stable version, on CentOS Stream 10, a cutting-edge Linux distribution that offers a perfect balance between stability and innovation.

Whether you’re a seasoned system administrator or a curious beginner, this tutorial will provide you with the knowledge and steps necessary to get Nginx up and running on your CentOS Stream 10 system. We’ll cover everything from initial setup to advanced configuration, ensuring that you have a solid foundation for hosting your web projects.

Prerequisites

Before we dive into the installation process, let’s ensure you have everything you need to follow along smoothly:

  • A CentOS Stream 10 installation (physical or virtual machine)
  • Root access or a user account with sudo privileges
  • Basic familiarity with the Linux command line interface
  • A stable internet connection for downloading packages

If you’re new to CentOS Stream 10, it’s worth noting that this distribution is designed to be a midstream between CentOS Linux and Red Hat Enterprise Linux (RHEL). It offers a rolling-release model, which means you’ll always have access to the latest packages and features.

Updating the System

Before installing any new software, it’s crucial to ensure your system is up-to-date. This practice helps prevent potential conflicts and ensures you have the latest security patches. To update your CentOS Stream 10 system, open a terminal and run the following command:

sudo dnf update -y

The -y flag automatically answers “yes” to any prompts, streamlining the update process. Once the update is complete, it’s a good idea to reboot your system to ensure all changes take effect:

sudo reboot

Installing EPEL Repository

The Extra Packages for Enterprise Linux (EPEL) repository is a valuable resource that provides additional packages not found in the default CentOS repositories. While Nginx is available in the default repositories, installing EPEL gives you access to a wider range of software and dependencies that might be useful in the future.

To install the EPEL repository, execute the following command:

sudo dnf install epel-release -y

After the installation is complete, verify that EPEL has been successfully added by listing the enabled repositories:

sudo dnf repolist

You should see “epel” listed among the enabled repositories. If it’s not there, you may need to enable it manually:

sudo dnf config-manager --set-enabled epel

Adding Nginx Repository

While Nginx is available in the default and EPEL repositories, it’s often recommended to use the official Nginx repository to ensure you have access to the latest stable version and all its features. Let’s add the official Nginx repository to your system.

First, create a new file named nginx.repo in the /etc/yum.repos.d/ directory:

sudo nano /etc/yum.repos.d/nginx.repo

In this file, add the following content:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Save the file and exit the text editor. This configuration adds both the stable and mainline repositories, with the stable repository enabled by default. If you want to use the mainline version, which includes the latest features and developments, you can enable it by changing enabled=0 to enabled=1 in the [nginx-mainline] section.

Installing Nginx

With the repository set up, we’re now ready to install Nginx 1.26. Run the following command to begin the installation:

sudo dnf install nginx -y

During the installation process, you may be prompted to accept the GPG key for the Nginx repository. This key is used to verify the authenticity of the packages you’re installing. Accept the key to continue the installation.

Once the installation is complete, you can verify that Nginx has been installed correctly by checking its version:

nginx -v

This should display the version number of Nginx, confirming that version 1.26 (or the latest available version) has been successfully installed on your CentOS Stream 10 system.

Configuring Firewall

CentOS Stream 10 comes with a firewall enabled by default, which is excellent for security but may block access to your web server. To allow incoming HTTP and HTTPS traffic, you need to open ports 80 and 443.

First, check if the firewall is running:

sudo firewall-cmd --state

If it’s running, open the necessary ports with these commands:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

These commands add permanent rules for HTTP and HTTPS services and then reload the firewall to apply the changes. You can verify the new settings by listing all allowed services:

sudo firewall-cmd --list-services

Starting and Enabling Nginx Service

Now that Nginx is installed and the firewall is configured, it’s time to start the Nginx service and enable it to start automatically on system boot.

To start the Nginx service, run:

sudo systemctl start nginx

To enable Nginx to start on boot:

sudo systemctl enable nginx

You can check the status of the Nginx service to ensure it’s running correctly:

sudo systemctl status nginx

If everything is working correctly, you should see “active (running)” in the output. You can also test if Nginx is serving pages by opening a web browser and navigating to your server’s IP address or domain name. You should see the default Nginx welcome page.

Basic Nginx Configuration

Understanding Nginx’s configuration structure is crucial for managing your web server effectively. The main configuration file for Nginx is located at /etc/nginx/nginx.conf. However, it’s a good practice to keep your site-specific configurations in separate files within the /etc/nginx/conf.d/ directory.

Let’s take a look at some basic configuration options:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    
    access_log /var/log/nginx/access.log main;
    
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    
    include /etc/nginx/conf.d/*.conf;
}

This configuration sets up basic logging, performance optimizations, and includes any additional configuration files from the conf.d directory.

To test your Nginx configuration for syntax errors, use:

sudo nginx -t

If there are no errors, you’ll see a message indicating that the configuration test is successful.

Creating a Virtual Host

Virtual hosts allow you to host multiple websites on a single server. Let’s create a basic virtual host configuration for a website.

Create a new configuration file in the /etc/nginx/conf.d/ directory:

sudo nano /etc/nginx/conf.d/example.com.conf

Add the following configuration, adjusting the server_name and root to match your domain and desired web root:

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com;
    index index.html index.htm;

    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;

    location / {
        try_files $uri $uri/ =404;
    }
}

Save the file and exit the editor. Now, create the root directory for your website and add a simple HTML file:

sudo mkdir -p /var/www/example.com
sudo nano /var/www/example.com/index.html

Add some basic HTML content to the file:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Welcome to example.com</title>
</head>
<body>
    <h1>Hello, World!</h1>
    <p>This is the default page for example.com.</p>
</body>
</html>

Save the file and exit. Finally, test the Nginx configuration and reload the service:

sudo nginx -t
sudo systemctl reload nginx

Your virtual host should now be active. If you’ve set up your domain’s DNS to point to your server, you should be able to access your new website by visiting http://example.com in a web browser.

Install Nginx on CentOS Stream 10
This example is the default nginx web page on CentOS Stream 10

Securing Nginx

Security should always be a top priority when setting up a web server. Here are some basic steps to enhance the security of your Nginx installation:

Disabling Server Tokens

Server tokens reveal information about your server software, which can be exploited by attackers. To disable them, add the following line to the http block in your nginx.conf file:

server_tokens off;

Configuring SSL/TLS

While a full SSL/TLS setup is beyond the scope of this article, here’s a basic configuration to enable HTTPS:

server {
    listen 443 ssl;
    server_name example.com www.example.com;
    
    ssl_certificate /path/to/your/certificate.crt;
    ssl_certificate_key /path/to/your/private.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    
    # ... rest of your server block configuration
}

Setting Up Basic Authentication

For sensitive areas of your website, you can set up basic authentication:

sudo yum install httpd-tools
sudo htpasswd -c /etc/nginx/.htpasswd user1

Then, add the following to your server block or location that you want to protect:

location /protected {
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

Congratulations! You have successfully installed Nginx. Thanks for using this tutorial for installing the Nginx web server on CentOS Stream 10 system. For additional help or useful information, we recommend you check the official Nginx website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button