Building a Custom Nginx Server From Source on Debian Wheezy Print

  • 87

Article submitted by: Mike Mallek

If you're looking for an SSH client to connnect to your VPS host, try the MobaXterm free Xserver and tabbed SSH client for Windows.

It's the complete toolbox for remote computing and you can find out more information at: MobaXterm free Xserver and tabbed SSH client for Windows

 

Activate X11 Forwarding using SSH

X11 Forwarding enforces traffic security through SSH by the way of X11 tunneling or port forwarding.

:~# cd;sudo chmod 0600 ~/.Xauthority;sudo grep X11Forwarding /etc/ssh/sshd_config
 

Update Debian Repositories

Debian wheezy doesn't include the backports the software repository listing, so we must manually add it. Edit the Debian repository list file with your favorite text editor.

:~# sudo nano /etc/apt/sources.list

Copy and paste the following into the bottom of the repository list file.

deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free
deb http://ftp.us.debian.org/debian wheezy-backports main
deb-src http://ftp.us.debian.org/debian wheezy-backports main

deb http://packages.dotdeb.org wheezy all
deb-src http://packages.dotdeb.org wheezy all

deb http://packages.dotdeb.org wheezy-php55 all
deb-src http://packages.dotdeb.org wheezy-php55 all

Add repository public software keys.

:~# cd;sudo apt-key adv --recv-keys --keyserver keys.gnupg.net add 4D722217
:~# cd;sudo wget http://www.dotdeb.org/dotdeb.gpg;sudo apt-key add dotdeb.gpg
:~# cd;sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 627220E7
:~# cd;sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A;sudo gpg -a --export CD2EFD2A | apt-key add -
:~# cd;sudo wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Public-Key;sudo mv Public-Key pcrelib.gpg;sudo apt-key add pcrelib.gpg

Update Debian repositories package lists with the following.

:~# sudo apt-get -y update
:~# sudo apt-get -y upgrade
 

Time Zone and Swap File Configuration

Configure the desired time zone data.

:~# sudo dpkg-reconfigure tzdata

Set up the swap file (optional).

:~# sudo apt-get install dphys-swapfile;sudo /sbin/swapon -s;sudo reboot
 

Debian Essential Packages

Install Debian essential building packages, which is essential to build any Debian package on the system.

:~# sudo apt-get -y install dpkg-dev build-essential zlib1g-dev libpcre3 libpcre3-dev libpcrecpp0 libssl-dev unzip git curl
 

Nginx Build Dependencies

Install nginx build dependencies from the backports repository.

:~# sudo apt-get -t wheezy-backports build-dep nginx;sudo mkdir /var/lib/nginx;sudo mkdir /var/lib/nginx/body
 

Nginx Custom Build

Nginx doesn't natively support "Dynamic Loading of Modules," which basically gives you the freedom of adding plug-ins or modules to software after it's been installed. The only way to add modules to nginx is by adding them during compile-time. The following modules have been proven to enhance the performance of Nginx. The version of Nginx being build is known as Tengine, a web server originated by Taobao, the largest e-commerce website in Asia. It's based on the Nginx HTTP server and includes many advanced features. Tengine has proven to be very stable, efficient and hosts many of the top 100 websites in the world.

  • Automatic PageSpeed optimization module for Nginx speeds up site and reduces page load time.
:~# cd;sudo wget https://github.com/pagespeed/ngx_pagespeed/archive/v1.8.31.3-beta.zip;sudo unzip v1.8.31.3-beta.zip;sudo rm -f v1.8.31.3-beta.zip
:~# cd ngx_pagespeed-1.8.31.3-beta/
:~# sudo wget https://dl.google.com/dl/page-speed/psol/1.8.31.3.tar.gz;sudo tar -xzvf 1.8.31.3.tar.gz;sudo rm -f 1.8.31.3.tar.gz
  • NginxHttpHeadersMoreModule allows for more control of output or input headers.
:~# cd;sudo wget https://github.com/agentzh/headers-more-nginx-module/archive/v0.25.tar.gz;sudo tar -xvzf v0.25.tar.gz;sudo rm -f v0.25.tar.gz
  • NAXSI means Nginx Anti Xss & Sql Injection. NAXSI is an open-source, high performance, low rules maintenance web application firewall for Nginx.
:~# cd;sudo wget https://github.com/nbs-system/naxsi/archive/master.zip;sudo unzip master.zip;sudo rm -f master.zip
  • Enhanced Nginx Memached Module uses memcached to do cache into nginx, with many advanced features.
:~# cd;sudo git clone git://github.com/bpaquet/ngx_http_enhanced_memcached_module.git
  • FRiCKLE Ngx_cache_purge module adds the ability to purge content from FastCGI, proxy, SCGI and uWSGI caches.
:~# cd;sudo git clone http://github.com/FRiCKLE/ngx_cache_purge
  • Masterzen Nginx-upload-progress-module implements an upload progress system, that monitors RFC1867 POST uploads as they are transmitted to upstream servers.
:~# cd;sudo wget https://github.com/masterzen/nginx-upload-progress-module/archive/master.zip;sudo unzip master.zip;sudo rm -f master.zip
  • PCRE - Perl Compatible Regular Expressions library. The PCRE library is a set of functions that implement regular expression pattern matching using the same syntax and semantics as Perl 5.
:~# cd;sudo wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.35.tar.gz;sudo tar -xvzf pcre-8.35.tar.gz;sudo rm -f pcre-8.35.tar.gz
  • Zlib - A Massively Spiffy Yet Delicately Unobtrusive Compression Library Unencumbered by Patents.
:~# cd;sudo wget http://zlib.net/zlib-1.2.8.tar.gz;sudo tar -xvzf zlib-1.2.8.tar.gz;sudo rm -f zlib-1.2.8.tar.gz
  • Openresty Lua-nginx-module embeds the power of Lua into Nginx. OpenResty is a web application server that bundles the standard Nginx core, 3rd-party Nginx modules and most of their external dependencies. OpenResty runs your server-side web apps completely in the Nginx server.
:~# cd;sudo wget https://github.com/openresty/lua-nginx-module/archive/master.zip;sudo unzip master.zip;sudo rm -f master.zip
  • Cloudflare Lua-upstream-cache-nginx-module for ngx_lua to provide Lua API to inspect upstream http cache meta-data. This module extends the lua-nginx Lua module. It adds the ability to read and set values from nginx's internal cache metadata.
:~# cd;sudo wget https://github.com/cloudflare/lua-nginx-cache-module/archive/master.zip;sudo unzip master.zip;sudo rm -f master.zip
  • Tengine has developed their own Nginx version because they have strong requirements to enhance it. Their website is the largest e-commerce website in Asia and ranked #14 on Alexa's top sites list. Many of the features they need can't be implemented by writing modules.
:~# cd;sudo wget http://tengine.taobao.org/download/tengine-2.0.3.tar.gz;sudo tar -xvzf tengine-2.0.3.tar.gz;sudo rm -f tengine-2.0.3.tar.gz
 

Host Directory and Permissions

Create a directory where the web site files will be stored and we need to grant permissions so the files can be accessed.

:~# sudo mkdir -p /srv/www;sudo chmod 755 /srv/www;sudo chown -R  www-data:www-data /srv/www
 

Building the Custom Nginx Package

If you enter the following commands ...

:~# cd /root/tengine-2.0.3;sudo ./configure --help

You will receive the following output ... (gives an idea of the variety of Nginx build configuration settings)

======================================================================
./configure --help

  --help                             print this message

  --prefix=PATH                      set installation prefix
  --sbin-path=PATH                   set nginx binary pathname
  --conf-path=PATH                   set nginx.conf pathname
  --error-log-path=PATH              set error log pathname
  --pid-path=PATH                    set nginx.pid pathname
  --lock-path=PATH                   set nginx.lock pathname

  --user=USER                        set non-privileged user for
                                     worker processes
  --group=GROUP                      set non-privileged group for
                                     worker processes

  --builddir=DIR                     set build directory

  --enable-mods-shared=all           enable all the modules to be shared
  --enable-mods-static=all           enable all the modules to be static

  --dso-path=DIR                     set dso default load path
  --dso-tool-path=DIR                set dso_tool pathname
  --dso-max-modules=*)               set max dso module(default is 256)
  --includedir=DIR                   set C header files[PREFIX/include]

  --with-rtsig_module                enable rtsig module
  --with-select_module               enable select module
  --without-select_module            disable select module
  --with-poll_module                 enable poll module
  --without-poll_module              disable poll module

  --without-procs                    disable procs module

  --with-file-aio                    enable file AIO support
  --with-ipv6                        enable IPv6 support

  --without-syslog                   disable syslog logging

  --without-dso                      disable dso module load

  --with-http_spdy_module            enable ngx_http_spdy_module
  --with-http_realip_module          enable ngx_http_realip_module
  --with-http_addition_module        enable ngx_http_addition_filter_module
  --with-http_xslt_module            enable ngx_http_xslt_filter_module
  --with-http_image_filter_module    enable ngx_http_image_filter_module
  --with-http_geoip_module           enable ngx_http_geoip_module
  --with-http_sub_module             enable ngx_http_sub_filter_module
  --with-http_dav_module             enable ngx_http_dav_module
  --with-http_flv_module             enable ngx_http_flv_module
  --with-http_slice_module           enable ngx_http_slice_module
  --with-http_mp4_module             enable ngx_http_mp4_module
  --with-http_gunzip_module          enable ngx_http_gunzip_module
  --with-http_gzip_static_module     enable ngx_http_gzip_static_module
  --with-http_concat_module          enable ngx_http_concat_module
  --with-http_random_index_module    enable ngx_http_random_index_module
  --with-http_secure_link_module     enable ngx_http_secure_link_module
  --with-http_degradation_module     enable ngx_http_degradation_module
  --with-http_sysguard_module        enable ngx_http_sysguard_module

  --with-http_addition_module=shared enable ngx_http_addition_filter_module (shared)
  --with-http_xslt_module=shared     enable ngx_http_xslt_filter_module (shared)
  --with-http_image_filter_module=shared
                                     enable ngx_http_image_filter_module (shared)
  --with-http_geoip_module=shared    enable ngx_http_geoip_module
  --with-http_sub_module=shared      enable ngx_http_sub_filter_module (shared)
  --with-http_flv_module=shared      enable ngx_http_flv_module (shared)
  --with-http_slice_module=shared    enable ngx_http_slice_module (shared)
  --with-http_mp4_module=shared      enable ngx_http_mp4_module (shared)
  --with-http_concat_module=shared   enable ngx_http_concat_module (shared)
  --with-http_random_index_module=shared
                                     enable ngx_http_random_index_module (shared)
  --with-http_secure_link_module=shared
                                     enable ngx_http_secure_link_module (shared)
  --with-http_sysguard_module=shared enable ngx_http_sysguard_module (shared)
  --with-http_charset_filter_module=shared
                                     enable ngx_http_charset_filter_module (shared)
  --with-http_userid_filter_module=shared
                                     enable ngx_http_userid_filter_module (shared)
  --with-http_footer_filter_module=shared
                                     enable ngx_http_footer_filter_module (shared)
  --with-http_trim_filter_module=shared
                                     enable ngx_http_trim_filter_module (shared)
  --with-http_access_module=shared   enable ngx_http_access_module (shared)
  --with-http_autoindex_module=shared
                                     enable ngx_http_autoindex_module (shared)
  --with-http_map_module=shared      enable ngx_http_map_module (shared)
  --with-http_split_clients_module=shared
                                     enable ngx_http_split_clients_module (shared)
  --with-http_referer_module=shared  enable ngx_http_referer_module (shared)
  --with-http_rewrite_module=shared  enable ngx_http_rewrite_module (shared)
  --with-http_fastcgi_module=shared  enable ngx_http_fastcgi_module (shared)
  --with-http_uwsgi_module=shared    enable ngx_http_uwsgi_module (shared)
  --with-http_scgi_module=shared     enable ngx_http_scgi_module (shared)
  --with-http_memcached_module=shared
                                     enable ngx_http_memcached_module (shared)
  --with-http_limit_conn_module=shared
                                     enable ngx_http_limit_conn_module (shared)
  --with-http_limit_req_module=shared
                                     enable ngx_http_limit_req_module (shared)
  --with-http_empty_gif_module=shared
                                     enable ngx_http_empty_gif_module (shared)
  --with-http_browser_module=shared  enable ngx_http_browser_module (shared)
  --with-http_user_agent_module=shared
                                     enable ngx_http_user_agent_module (shared)
  --with-http_upstream_ip_hash_module=shared
                                     enable ngx_http_upstream_ip_hash_module (shared)
  --with-http_upstream_least_conn_module=shared
                                     enable ngx_http_upstream_least_conn_module (shared)
  --with-http_upstream_session_sticky_module=shared
                                     enable ngx_http_upstream_session_sticky_module (shared)
  --with-http_reqstat_module=shared  enable ngx_http_reqstat_module (shared)

  --without-http_charset_module      disable ngx_http_charset_filter_module
  --without-http_gzip_module         disable ngx_http_gzip_filter_module
  --without-http_ssi_module          disable ngx_http_ssi_module
  --without-http_ssl_module          disable ngx_http_ssl_module
  --without-http_userid_module       disable ngx_http_userid_filter_module
  --without-http_footer_filter_module
                                     disable ngx_http_footer_filter_module
  --without-http_trim_filter_module  disable ngx_http_trim_filter_module
  --without-http_access_module       disable ngx_http_access_module
  --without-http_auth_basic_module   disable ngx_http_auth_basic_module
  --without-http_autoindex_module    disable ngx_http_autoindex_module
  --without-http_geo_module          disable ngx_http_geo_module
  --without-http_map_module          disable ngx_http_map_module
  --without-http_split_clients_module
                                     disable ngx_http_split_clients_module
  --without-http_referer_module      disable ngx_http_referer_module
  --without-http_rewrite_module      disable ngx_http_rewrite_module
  --without-http_proxy_module        disable ngx_http_proxy_module
  --without-http_fastcgi_module      disable ngx_http_fastcgi_module
  --without-http_uwsgi_module        disable ngx_http_uwsgi_module
  --without-http_scgi_module         disable ngx_http_scgi_module
  --without-http_memcached_module    disable ngx_http_memcached_module
  --without-http_limit_conn_module   disable ngx_http_limit_conn_module
  --without-http_limit_req_module    disable ngx_http_limit_req_module
  --without-http_empty_gif_module    disable ngx_http_empty_gif_module
  --without-http_browser_module      disable ngx_http_browser_module
  --without-http_upstream_check_module
                                     disable ngx_http_upstream_check_module
  --without-http_upstream_least_conn_module
                                     disable ngx_http_upstream_least_conn_module
  --without-http_upstream_session_sticky_module
                                     disable ngx_http_upstream_session_sticky_module
  --without-http_upstream_keepalive_module
                                     disable ngx_http_upstream_keepalive_module
  --without-http_upstream_ip_hash_module
                                     disable ngx_http_upstream_ip_hash_module
  --without-http_upstream_consistent_hash_module
                                     disable ngx_http_upstream_consistent_hash_module
  --without-http_user_agent_module   disable ngx_http_user_agent_module
  --without-http_stub_status_module  disable ngx_http_stub_status_module
  --without-http_reqstat_module      disable ngx_http_reqstat_module

  --with-http_perl_module            enable ngx_http_perl_module
  --with-perl_modules_path=PATH      set Perl modules path
  --with-perl=PATH                   set perl binary pathname

  --without-http-upstream-rbtree     disable using rbtree for upstream lookup

  --with-http_lua_module             enable ngx_http_lua_module (will also enable --with-md5 and --with-sha1)
  --with-http_lua_module=shared      enable ngx_http_lua_module (shared) (will also enable --with-md5 and --with-sha1)
  --with-luajit-inc=PATH             set LuaJIT headers path (where lua.h/lauxlib.h/... are located)
  --with-luajit-lib=PATH             set LuaJIT library path (where libluajit-5.1.{a,so} are located)
  --with-lua-inc=PATH                set Lua headers path (where lua.h/lauxlib.h/... are located)
  --with-lua-lib=PATH                set Lua library path (where liblua.{a,so} are located, only support Lua-5.1.x)

  --with-http_tfs_module             enable ngx_http_tfs_module (will also enable --with-md5)
  --with-http_tfs_module=shared      enable ngx_http_tfs_module (shared) (will also enable --with-md5)
  --with-libyajl-inc=PATH            set libyajl headers path (where yajl.h is located)
  --with-libyajl-lib=PATH            set libyajl library path (where libyajl.{a,so} is located)

  --http-log-path=PATH               set http access log pathname
  --http-client-body-temp-path=PATH  set path to store
                                     http client request body temporary files
  --http-proxy-temp-path=PATH        set path to store
                                     http proxy temporary files
  --http-fastcgi-temp-path=PATH      set path to store
                                     http fastcgi temporary files
  --http-uwsgi-temp-path=PATH        set path to store
                                     http uwsgi temporary files
  --http-scgi-temp-path=PATH         set path to store
                                     http scgi temporary files

  --without-http                     disable HTTP server
  --without-http-cache               disable HTTP cache

  --with-mail                        enable POP3/IMAP4/SMTP proxy module
  --with-mail_ssl_module             enable ngx_mail_ssl_module
  --without-mail_pop3_module         disable ngx_mail_pop3_module
  --without-mail_imap_module         disable ngx_mail_imap_module
  --without-mail_smtp_module         disable ngx_mail_smtp_module

  --with-google_perftools_module     enable ngx_google_perftools_module
  --with-cpp_test_module             enable ngx_cpp_test_module
  --with-backtrace_module            enable ngx_backtrace_module

  --add-module=PATH                  enable an external module

  --with-cc=PATH                     set C compiler pathname
  --with-cpp=PATH                    set C preprocessor pathname
  --with-cc-opt=OPTIONS              set additional C compiler options
  --with-ld-opt=OPTIONS              set additional linker options
  --with-cpu-opt=CPU                 build for the specified CPU, valid values:
                                     pentium, pentiumpro, pentium3, pentium4,
                                     athlon, opteron, sparc32, sparc64, ppc64

  --without-pcre                     disable PCRE library usage
  --with-pcre                        force PCRE library usage
  --with-pcre=DIR                    set path to PCRE library sources
  --with-pcre-opt=OPTIONS            set additional build options for PCRE
  --with-pcre-jit                    build PCRE with JIT compilation support

  --with-md5=DIR                     set path to md5 library sources
  --with-md5-opt=OPTIONS             set additional build options for md5
  --with-md5-asm                     use md5 assembler sources

  --with-sha1=DIR                    set path to sha1 library sources
  --with-sha1-opt=OPTIONS            set additional build options for sha1
  --with-sha1-asm                    use sha1 assembler sources

  --with-zlib=DIR                    set path to zlib library sources
  --with-zlib-opt=OPTIONS            set additional build options for zlib
  --with-zlib-asm=CPU                use zlib assembler sources optimized
                                     for the specified CPU, valid values:
                                     pentium, pentiumpro

  --with-libatomic                   force libatomic_ops library usage
  --with-libatomic=DIR               set path to libatomic_ops library sources

  --with-jemalloc                    force jemalloc library usage
  --with-jemalloc=DIR                set path to jemalloc library files

  --with-openssl=DIR                 set path to OpenSSL library sources
  --with-openssl-opt=OPTIONS         set additional build options for OpenSSL

  --with-debug                       enable debug logging

======================================================================
  

It's time to build your custom package, which includes the modules you downloaded.

:~# cd /root/tengine-2.0.3

Copy the entire block of text below and paste it into your server terminal window.

:~# Begin copy here: >sudo ./configure --prefix=/srv/www --sbin-path=/usr/local/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --without-http_proxy_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --with-http_spdy_module --with-http_gzip_static_module --with-http_stub_status_module --with-pcre=$HOME/pcre-8.35 --with-pcre-jit --with-zlib=$HOME/zlib-1.2.8 --add-module=$HOME/lua-nginx-module-master --add-module=$HOME/lua-upstream-cache-nginx-module-master --add-module=$HOME/ngx_pagespeed-1.8.31.3-beta --add-module=$HOME/ngx_cache_purge --add-module=$HOME/naxsi-master/naxsi_src --add-module=$HOME/ngx_http_enhanced_memcached_module --add-module=$HOME/nginx-upload-progress-module-master --add-module=$HOME/headers-more-nginx-module-0.25< End copy here:

Your configuration summary should look something like this:

Configuration summary
  + using PCRE library: /root/pcre-8.35
  + using system OpenSSL library
  + md5: using OpenSSL library
  + sha1: using OpenSSL library
  + using zlib library: /root/zlib-1.2.8
  + jemalloc library is disabled

  nginx path prefix: "/srv/www"
  nginx binary file: "/usr/local/sbin/nginx"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx dso module path: "/srv/www/modules/"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
  

The following commands will actually install your compiled version of Nginx.

:~# cd /root/tengine-2.0.3;sudo make;sudo make install
 

Enable Nginx

Now, it's time to fire this thing up.

:~# cd;sudo git clone https://github.com/Fleshgrinder/nginx-sysvinit-script.git;sudo cp nginx-sysvinit-script/nginx /etc/init.d/nginx
:~# sudo chmod +x /etc/init.d/nginx;sudo chown root:root /etc/init.d/nginx;sudo chmod 755 /etc/init.d/nginx;sudo /usr/sbin/update-rc.d -f nginx defaults
:~# sudo mkdir /etc/nginx/conf.d/;sudo mkdir /etc/nginx/sites-enabled/;sudo mkdir /var/cache/nginx/;sudo mkdir /var/cache/nginx/microcache
:~# sudo service nginx start;sudo nginx -t -c /etc/nginx/nginx.conf;sudo nginx -v

If everything worked as desired, the output will be as follows:

[ ok ] nginx: starting.
the configuration file /etc/nginx/nginx.conf syntax is ok
configuration file /etc/nginx/nginx.conf test is successful
Tengine version: Tengine/2.0.3 (nginx/1.4.7)

Congratulations, you have successfully installed your very own high performance Nginx custom-built web server.


Was this answer helpful?

« Back