Monday 29 February 2016

Compiling NGINX 1.9.X on Debian 8 / CentOS 7 with TCP streaming support

With the introduction of NGINX 1.9.0 we now have TCP streaming support (for the opens-ource version of NGINX!) as well as NGINX plus. Unfortunately Debian 8 is still on 1.6.X - so in order enable this functionality we should compile NGINX from source:

sudo apt-get install libpcre3-dev build-essential libssl-dev libxslt-dev libxml2-dev libgd-dev libgeoip-dev

or for CentOS 7:

sudo yum install pcre-devel openssl-devel libxslt-devel libxml2-devel gd-devel geoip-devel
sudo yum groupinstall "Development Tools"

and then configure and compile:

useradd nginx
usermod -s /sbin/nologin nginx

cd /tmp
sudo wget
tar zxvf nginx*

Run configure (specifically with the '--with-stream --with-stream_ssl_module' reference - the configure command below has been taken from Debian 8 (with the omission of WebDAV support):

sudo ./configure --user=nginx --group=nginx  --sbin-path=/usr/sbin/nginx --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/ --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module  --add-module=/tmp/ngx_http_substitutions_filter_module-master --add-module=/tmp/nginx-upstream-fair-master --add-module=/tmp/headers-more-nginx-module-master

We should then run make and install:

sudo make
sudo make install

Systemctl script (CentOS7)

sudo vi /usr/lib/systemd/system/nginx.service

and add:
Description=The nginx HTTP and reverse proxy server

# Nginx will fail to start if /run/ already exists but has the wrong
# SELinux context. This might happen when running 'nginx -t' from the cmdline.
ExecStartPre=/usr/bin/rm -f /run/
ExecStartPre=/usr/sbin/nginx -t
ExecReload=/bin/kill -s HUP $MAINPID

and then reload the systemd daemon:

systemctl daemon-reload

and attempt to launch nginx with:

systemctl start nginx

Unfortuantely it failed first time around - by doing a 'systemctl status nginx' I could see it was failing thev testing portion. So we can replicate this step ourself to see if we can identify why it's failing:

sudo /usr/sbin/nginx -t

We find: 'nginx: [emerg] mkdir() "/var/lib/nginx/body" failed (No such file or directory)' - It looks like the make script did not create this for us!

To resolve this we simply need to create the directory:

mkdir /var/lib/nginx

and attempt to launch nginx again:

systemctl start nginx


Post a Comment