How To Install Nginx Mainline Version on Rocky Linux 10
If you manage Linux servers, choosing the right version of Nginx matters more than most people realize. The Nginx Mainline branch is the active development branch maintained by the Nginx team — and contrary to what the name might suggest, it is not experimental. It is the branch Nginx officially recommends for most deployments because it receives all new features, all bug fixes, and all security patches as soon as they are available.
Rocky Linux 10 is one of the most popular enterprise-grade Linux distributions today, built as a downstream rebuild of Red Hat Enterprise Linux (RHEL) 10. However, its default AppStream repository ships the stable Nginx branch, which lags behind on features. If you want HTTP/3 support, improved load balancing, and the latest security modules, you need to install Nginx Mainline from the official nginx.org repository — and that is exactly what this guide covers.
In this tutorial, you will learn how to install Nginx Mainline Version on Rocky Linux 10 step by step — from adding the official repo to configuring the firewall, verifying your installation, and understanding the key directory structure. By the end, you will have a fully operational Nginx Mainline server ready to serve web traffic.
What Is Nginx and Why Choose the Mainline Version?
Nginx (pronounced “engine-x”) is an open-source, high-performance web server originally released in 2004. Today it powers over one-third of all websites globally, and it does far more than serve static files.
Nginx handles a wide range of server roles:
- Web server — Serves static HTML, CSS, JavaScript, and media files at scale
- Reverse proxy — Routes incoming requests to backend applications (Node.js, PHP-FPM, Python)
- Load balancer — Distributes traffic across multiple backend servers
- HTTP cache — Reduces load on upstream servers with built-in caching
- TLS/SSL terminator — Manages HTTPS connections efficiently
The Nginx project maintains two public branches simultaneously. Here is what differentiates them:
| Feature | Nginx Mainline | Nginx Stable |
|---|---|---|
| Current version (2026) | 1.29.x | 1.28.x |
| New features | ✅ Yes | ❌ No |
| Bug fixes | Frequent | Critical only |
| Security patches | All patches | Critical only |
| Nginx team recommendation | ✅ General use | Legacy/cautious use |
| HTTP/3 (QUIC) support | ✅ Updated | Limited |
According to the official Nginx documentation, the mainline branch is “generally safe for production use.” The stable branch exists primarily for environments that rely on third-party Nginx modules that have not yet been tested against mainline — a scenario that is increasingly rare.
For most Rocky Linux 10 deployments, mainline is the right choice.
Prerequisites
Before you start, make sure you have everything in place. Skipping these will cause problems mid-installation.
System requirements:
- A server or VPS running Rocky Linux 10 (fresh install recommended, but existing installs work)
- A user account with sudo privileges or direct root access
- An active internet connection to download packages and GPG keys from
nginx.org - Basic familiarity with the Linux terminal and DNF package manager
Optional but recommended:
- A registered domain name if you plan to serve a live site
- Firewalld active (it is enabled by default on Rocky Linux 10)
- SSH access to your server if working remotely
Tools used in this guide:
dnf— Rocky Linux’s default package managerfirewall-cmd— Command-line interface for firewalldsystemctl— Systemd service managernano— Terminal text editor (you may substitutevim)
Step 1: Update Your Rocky Linux 10 System
The first step in any Linux server tutorial is updating your system. This avoids dependency conflicts and ensures you are installing Nginx on a clean, up-to-date base.
Run the following command:
sudo dnf upgrade --refreshThe --refresh flag forces DNF to sync the latest repository metadata before upgrading. This matters especially if you have not updated your system in a while.
Reboot if Necessary
If a kernel update was installed, reboot your system before proceeding:
sudo rebootVerify Your Rocky Linux Version
After logging back in, confirm you are on Rocky Linux 10:
cat /etc/os-releaseExpected output will include:
NAME="Rocky Linux"
VERSION="10 (Blue Onyx)"This confirms your system is ready for the next steps.
Step 2: Install yum-utils for Repository Management
The yum-utils package provides the dnf config-manager command. You will use this tool to enable and disable Nginx repository branches cleanly — without manually editing .repo files each time.
Install it with:
sudo dnf install yum-utils -yThe -y flag automatically confirms the installation prompt so you do not need to type “yes.”
Confirm Installation
Verify the tool is available:
dnf config-manager --helpIf you see a help menu, the tool is installed correctly. This is a small but important step — skipping it means the config-manager subcommand will not be available later.
Step 3: Add the Official Nginx Repository
Rocky Linux 10’s default AppStream repository includes Nginx Stable, not Mainline. To get the Nginx Mainline Version on Rocky Linux 10, you must add the official nginx.org repository.
Create the Nginx Repository File
Create the .repo file using the tee command, which writes directly to the target file without needing a text editor:
sudo tee /etc/yum.repos.d/nginx.repo <<'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOFUnderstanding the Repository Directives
Here is what each line does:
baseurl— The URL where DNF fetches packages.$releaseverauto-detects your Rocky Linux version;$basearchauto-detects your CPU architecture (x86_64 or aarch64)gpgcheck=1— Enables GPG signature verification to ensure packages are authenticgpgkey— URL of the Nginx signing key, used to verify package integritymodule_hotfixes=true— Required on modular RHEL-based systems to bypass module stream conflictsenabled=0(mainline) — The mainline repo is disabled by default; you will enable it in the next step
Verify the Repo File Was Created
cat /etc/yum.repos.d/nginx.repoYou should see both [nginx-stable] and [nginx-mainline] blocks in the output. If the file is empty or missing, re-run the tee command above.
Step 4: Enable the Nginx Mainline Repository
By default, the repo file you just created has nginx-stable enabled and nginx-mainline disabled. Flip this configuration using dnf config-manager:
sudo dnf config-manager --set-enabled nginx-mainline
sudo dnf config-manager --set-disabled nginx-stableThis modifies the enabled= value inside the repo file directly — no manual editing required. The change is persistent and survives reboots.
Confirm Your Repository State
Check which repositories are active:
sudo dnf repolistExpected output should include:
repo id repo name
nginx-mainline nginx mainline repoThe nginx-stable repo should not appear in the list. If it does, double-check that you ran the --set-disabled command above.
Step 5: How To Install Nginx Mainline Version on Rocky Linux 10
With the mainline repository active, you are ready to install. Run:
sudo dnf install nginx -yDNF will resolve dependencies, download the Nginx Mainline package (approximately 823 KB), and prompt you to import the Nginx GPG signing key.
Verify the GPG Key Fingerprint
Before accepting the GPG key, verify its fingerprint matches the official key published by Nginx:
573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62This step protects you against supply chain attacks. Only accept the key if the fingerprint matches exactly.
Confirm the Mainline Version Is Installed
After installation, check the version:
nginx -vExpected output:
nginx version: nginx/1.29.4If you see 1.28.x, the stable repository is still active. Go back to Step 4 and re-run the config-manager commands.
Step 6: Start and Enable the Nginx Service
Installing the package does not start the service automatically. You need to start it and enable it to launch at boot.
Run both in a single command:
sudo systemctl enable --now nginxThe --now flag combines start and enable into one operation — efficient and clean.
Verify the Service Is Running
Check the service status:
sudo systemctl status nginxA healthy output looks like this:
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
Active: active (running) since Mon 2026-03-09 04:00:00 UTC; 5s ago
Main PID: 1234 (nginx)
Tasks: 2 (limit: 23160)
CGroup: /system.slice/nginx.service
├─1234 nginx: master process /usr/sbin/nginx
└─1235 nginx: worker processTwo things confirm a healthy service: Active: active (running) in green, and enabled in the Loaded line. If you see failed or inactive, scroll down to the Troubleshooting section.
Step 7: Configure the Firewall for Web Traffic
Rocky Linux 10 ships with firewalld enabled by default, which means ports 80 (HTTP) and 443 (HTTPS) are blocked until you explicitly open them. Without this step, no one can reach your server from a browser.
Open HTTP and HTTPS Ports
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=httpsThe --permanent flag makes these rules persist across reboots. Without it, the rules disappear after the next restart.
Reload the Firewall
Apply the new rules immediately:
sudo firewall-cmd --reloadVerify the Firewall Configuration
sudo firewall-cmd --list-allYour output should show:
services: cockpit dhcpv6-client http https sshBoth http and https must appear in the services list.
Cloud server users: If you are running on AWS, DigitalOcean, Atlantic.Net, or another cloud provider, you also need to open ports 80 and 443 in your provider’s security group or network firewall — firewalld alone is not enough.
Step 8: Verify Nginx Is Accessible
With the service running and the firewall configured, test that Nginx is actually serving web traffic.
Find Your Server IP
curl -4 idroot.usTest from the Command Line
curl -I http://localhostExpected output includes:
HTTP/1.1 200 OK
Server: nginx/1.29.4Test from a Browser
Open a browser and navigate to:
http://your-server-ipYou should see the default “Welcome to nginx!” page — a plain white page confirming the server is up and responding to HTTP requests.
If the page does not load, re-check firewall rules with sudo firewall-cmd --list-all and confirm the service is running with sudo systemctl status nginx.
Understanding Nginx Directory Structure on Rocky Linux 10
Before you start configuring Nginx Mainline Version on Rocky Linux 10, get familiar with the key paths:
| Path | Purpose |
|---|---|
/etc/nginx/ |
Main Nginx configuration directory |
/etc/nginx/nginx.conf |
Global configuration file |
/etc/nginx/conf.d/ |
Directory for site-specific server block configs |
/usr/share/nginx/html/ |
Default document root (web files go here) |
/var/log/nginx/access.log |
Records all incoming requests |
/var/log/nginx/error.log |
Records errors and warnings |
Best practice: Never edit nginx.conf directly for site-specific configurations. Instead, create separate .conf files inside /etc/nginx/conf.d/. This keeps your configuration modular, easier to debug, and safe from being overwritten during package updates.
Test Your Configuration Before Reloading
Always validate your configuration before reloading the service:
sudo nginx -tExpected healthy output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulReload Nginx gracefully (no dropped connections) after any configuration change:
sudo systemctl reload nginxHow to Switch Between Mainline and Stable Branches
One advantage of the nginx.org repository setup is that switching branches is straightforward. Both nginx-stable and nginx-mainline are defined in the same .repo file.
Switch to Stable
sudo systemctl stop nginx
sudo dnf remove nginx -y
sudo dnf config-manager --set-disabled nginx-mainline
sudo dnf config-manager --set-enabled nginx-stable
sudo dnf install nginx -y
sudo systemctl enable --now nginxSwitch Back to Mainline
sudo systemctl stop nginx
sudo dnf remove nginx -y
sudo dnf config-manager --set-enabled nginx-mainline
sudo dnf config-manager --set-disabled nginx-stable
sudo dnf install nginx -y
sudo systemctl enable --now nginxImportant: Switching branches removes your current Nginx installation. Back up your configuration files in /etc/nginx/ before switching: sudo cp -r /etc/nginx /etc/nginx.backup
Keeping Nginx Mainline Updated
Since the nginx.org repo is now permanently configured on your system, updating Nginx is as simple as running your standard system upgrade:
sudo dnf upgrade nginxOr update everything at once:
sudo dnf upgrade --refreshAfter a package upgrade, always restart the service to load the new binary:
sudo systemctl restart nginxNote: reload only re-reads the configuration file. To load a new Nginx binary after a version upgrade, you must use restart.
Troubleshooting Common Issues
Even with a clean installation, a few things can go wrong. Here are the most common problems and how to fix them.
1. Nginx fails to start — port 80 already in use
Another service (often Apache/httpd) is occupying port 80. Identify it:
sudo ss -tlnp | grep :80Stop the conflicting service and start Nginx:
sudo systemctl stop httpd
sudo systemctl start nginx2. Wrong version installed (shows 1.28.x instead of 1.29.x)
The stable repository is still active. Re-run Step 4:
sudo dnf config-manager --set-enabled nginx-mainline
sudo dnf config-manager --set-disabled nginx-stable
sudo dnf reinstall nginx -y3. Configuration syntax error — Nginx fails to reload
Test your config and read the error output carefully:
sudo nginx -tNginx will report the exact file and line number of the syntax error. Fix it, then run nginx -t again before reloading.
4. 502 Bad Gateway when using Nginx as a reverse proxy
This is almost always a SELinux policy issue on Rocky Linux 10. Run:
sudo setsebool -P httpd_can_network_connect 1This allows Nginx to make outbound network connections to upstream backends (Node.js, PHP-FPM, etc.).
5. GPG key import fails during installation
Manually import the Nginx signing key:
sudo rpm --import https://nginx.org/keys/nginx_signing.keyThen retry the installation with sudo dnf install nginx -y.
Congratulations! You have successfully installed Nginx mainline version. Thanks for using this tutorial for installing the latest version of the Nginx web server on Rocky Linux 10 system. For additional help or useful information, we recommend you check the official Nginx website.
