How to install and use Nginx on CentOS 8

How to install Nginx on CentOS 8

The procedure to install Nginx web server on a CentOS Linux 8 is as follows:

1. Login to your cloud server or bare metal server using ssh command:
   ssh user@cloud-server-ip
2. Search for Nginx package:
   sudo yum search nginx
3. Install nginx package using the yum command on CentOS 8:
   sudo yum update
   sudo yum install nginx
4. Update firewall settings and open TCP port 80 and 443. Run:
   sudo firewall-cmd --permanent --zone=public --add-service=https --add-service=http
   sudo firewall-cmd --reload

Let us see all commands and examples in details.

Step 1 – Update the system

Keeping your system, kernel, and update all installed packages for security is an essential sysadmin task. So update the system, run:
$ sudo yum updateinfo
$ sudo yum update
## Reboot the system if a new kernel update was installed ##
$ sudo reboot

Step 2 – Search for Nginx package

Is web server available in my Linux distro? Let us find out:
$ sudo yum search nginx
$ sudo yum list nginx
Sample outputs:

 Last metadata expiration check: 1:09:02 ago on Sun Nov 24 17:24:15 2019.
============================== Name Exactly Matched: nginx ==============================
nginx.x86_64 : A high performance web server and reverse proxy server
============================= Name & Summary Matched: nginx =============================
nginx-mod-mail.x86_64 : Nginx mail modules
nginx-mod-stream.x86_64 : Nginx stream modules
collectd-nginx.x86_64 : Nginx plugin for collectd
nginx-mod-http-perl.x86_64 : Nginx HTTP perl module
nginx-mod-http-xslt-filter.x86_64 : Nginx XSLT module
nginx-mod-http-image-filter.x86_64 : Nginx HTTP image filter module
nginx-filesystem.noarch : The basic directory layout for the Nginx server
pcp-pmda-nginx.x86_64 : Performance Co-Pilot (PCP) metrics for the Nginx Webserver
nginx-all-modules.noarch : A meta package that installs all available Nginx modules

What version of Nginx am I going to install? Get Nginx version information that you are going to install, execute:
$ sudo yum info nginx
Sample outputs:

Last metadata expiration check: 0:16:18 ago on Mon Jun  8 10:07:04 2020.
Available Packages
Name         : nginx
Epoch        : 1
Version      : 1.14.1
Release      : 9.module_el8.0.0+184+e34fea82
Architecture : x86_64
Size         : 570 k
Source       : nginx-1.14.1-9.module_el8.0.0+184+e34fea82.src.rpm
Repository   : AppStream
Summary      : A high performance web server and reverse proxy server
URL          : http://nginx.org/
License      : BSD
Description  : Nginx is a web server and a reverse proxy server for HTTP, SMTP,
             : POP3 and IMAP protocols, with a strong focus on high
             : concurrency, performance and low memory usage.

We can lists all Nginx module streams, their profiles and states using the following dnf command:
$ sudo yum module list nginx
The default version is 1.14 but we can install version 1.16 too. Here is what it says:

Last metadata expiration check: 0:18:57 ago on Mon Jun  8 10:07:04 2020.
CentOS-8 - AppStream
Name            Stream            Profiles            Summary                 
nginx           1.14 [d]          common [d]          nginx webserver         
nginx           1.16              common              nginx webserver         

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

Want to try out version 1.16? Try the following commands:
$ sudo yum module reset nginx
$ sudo yum module enable nginx:1.16
## verify it version set to 1.16 ##
$ sudo yum module list nginx

Enable and install Nginx version 1.16 on CentOS 8

Step 3 – Installing Nginx on CentOS 8

To install the latest stable nginx server, run the following yum command:
$ sudo yum install nginx

Step 4 – Enable nginx server

First, enable nginx service by running systemctl command so that it starts at server boot time:
$ sudo systemctl enable nginx
Sample outputs:

Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service ? /usr/lib/systemd/system/nginx.service.

Start the service, run:
$ sudo systemctl start nginx

Commands to start/stop/restart nginx server

Run command as per your needs.
$ sudo systemctl start nginx ## <-- start the server ##
$ sudo systemctl stop nginx ## <-- stop the server ##
$ sudo systemctl restart nginx ## <-- restart the server ##
$ sudo systemctl reload nginx ## <-- reload the server ##
$ sudo systemctl status nginx ## <-- get status of the server ##

Step 5 – Open port 80 and 443 using firewall-cmd

You must open and enable port 80 and 443 using the firewall-cmd command:
$ sudo firewall-cmd --permanent --zone=public --add-service=http --add-service=https
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-services --zone=public

Firewall configuration to open http/https port

See “how to set up a firewall using FirewallD on CentOS 8” for more info

Step 6 – Test it

Verify that TCP port 80 or 443 opened using ss command command:
$ sudo ss -tulpn
Sample outputs (look out for :80 and :443 lines) :

Netid       State         Recv-Q        Send-Q                    Local Address:Port               Peer Address:Port                                                                                               
udp         UNCONN        0             0                     10.147.164.2%eth0:68                      0.0.0.0:*           users:(("NetworkManager",pid=50,fd=15))                                                
tcp         LISTEN        0             128                             0.0.0.0:80                      0.0.0.0:*           users:(("nginx",pid=1316,fd=6),("nginx",pid=1315,fd=6),("nginx",pid=1314,fd=6))        
tcp         LISTEN        0             128                                [::]:80                         [::]:*           users:(("nginx",pid=1316,fd=7),("nginx",pid=1315,fd=7),("nginx",pid=1314,fd=7)) 
tcp         LISTEN        0             128                                [::]:443                         [::]:*           users:(("nginx",pid=1316,fd=7),("nginx",pid=1315,fd=7),("nginx",pid=1314,fd=7))

If you do not know your server IP address run the following ip command:
$ ip a
Sample outputs:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:6b:8d:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.147.164.2/24 brd 10.147.164.255 scope global dynamic noprefixroute eth0
       valid_lft 3067sec preferred_lft 3067sec
    inet6 fe80::216:3eff:fe6b:8df7/64 scope link 
       valid_lft forever preferred_lft forever

For example my IP address reported as 10.147.164.2. Fire a web browser and type the URL(domain name)/IP address:
http://10.147.164.2

Nginx running on a CentOS Enterprise Linux 8 server

One can also use the curl command to get same info using the cli:
$ curl -I http://10.147.164.2
$ curl http://10.147.164.2

Step 7 – Configure Nginx server

Now you know how to install Nginx on a CentOS 8 server. It is time to learn about configuration options:

• Config directory – /etc/nginx/
• Maibn global config file – /etc/nginx/nginx.conf
• TCP ports opened by Nginx – 80 (HTTP), 443 (HTTPS)
• Default web document root directory – /usr/share/nginx/html
• Access log file – /var/log/nginx/access.log
• Error log file – /var/log/nginx/error.log

To edit files use a text editor such as vi command/nano command:
$ sudo vi /etc/nginx/nginx.conf
Sample outputs:

# For more information on configuration, see:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
 
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
 
events {
    worker_connections 1024;
}
 
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    access_log  /var/log/nginx/access.log  main;
 
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
 
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
 
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
 
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;
 
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
 
        location / {
        }
 
        error_page 404 /404.html;
            location = /40x.html {
        }
 
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

See Nginx server docs here.
You can upload or copy your html/css/js and images to /usr/share/nginx/html/
$ cd /usr/share/nginx/html/
$ sudo cp /backups/cyberciti.biz/*.html .
$ sudo cp /backups/cyberciti.biz/*.css .
Copy from local desktop to the remote server using the rsync command or scp command/sftp command:
$ rsync ~/projects/static/www.cyberciti.biz/prod/* your-username@10.147.164.2:/usr/share/nginx/html/

Step 8 – Setting up virtual domain/host

Let us create a new user for our virtual host by typing the following useradd command:
$ sudo useradd -d /home/cyberciti.biz -m -k /dev/null -s /usr/sbin/nologin cbz-www
Where,

• -d /home/cyberciti.biz : Home directory to store all files for our virtual domain named cyberciti.biz
• -m : Make a new directory to store files.
• -k /dev/null : Do not create any dot files in the directory.
• -s /usr/sbin/nologin : Do not allow cbz-www user to log in into the server. This is a security feature.
• cbz-www : User name for my virtual domain called cyberciti.biz

Lock the Linux user account, enter:
$ sudo passwd -l cbz-www
Next make html dir using the mkdir command:
$ sudo mkdir -pv /home/cyberciti.biz/html
mkdir: created directory '/home/cyberciti.biz/html'
Finally, make a sample html page as follows for testing purpose using a text editor such as vim command/nano command:
$ sudo vim /home/cyberciti.biz/html/index.html

<html>
<head>
 <title>www.cyberciti.biz - welcome to my sweet home page</title>
</head>
<body>
 <h2>www.cyberciti.biz - virtual domain</h2>
 <p>This is a test page running on:</p>
 <ul>
	 <li>CentOS Linux 8.0</li>
	 <li>Nginx web server</li>
 </ul>
 <hr>
 <small>Send all feedback and errors to me @ webmaster@cyberciti.biz</small>
</body>
</html>

Set permission using the chown command/[nicmd name=”chmod”] and correct SELinux permissions using the chcon command:
$ sudo chmod -R 0555 /home/cyberciti.biz/
$ sudo chown -R cbz-www:cbz-www /home/cyberciti.biz/
changed ownership of '/home/cyberciti.biz/html/index.html' from root:root to cbz-www:cbz-www
changed ownership of '/home/cyberciti.biz/html' from root:root to cbz-www:cbz-www
ownership of '/home/cyberciti.biz/' retained as cbz-www:cbz-www
## avoid errors when SELinux enabled and root is outside /usr/local/share/www OR /var/www ##
$ sudo chcon -vR system_u:object_r:httpd_sys_content_t:s0 /home/cyberciti.biz/
Create a virtual domain/host block file with the correct config options:
$ sudo vim /etc/nginx/conf.d/cyberciti.biz.conf
Append the following directives:

server {
   ## Listen to TCP port 80 ##
        listen 80;
        listen [::]:80;
 
   ## Set document web root to directory ##
        root /home/cyberciti.biz/html;
        index index.html;
 
   ## Set virtual domain/host name here ##
        server_name cyberciti.biz www.cyberciti.biz;
 
   ## Set default access and error log file ##
        access_log  /var/log/nginx/cyberciti.biz_access.log  main;
        error_log /var/log/nginx/cyberciti.biz_error.log;
 
   ## Set default error ##
        location / {
                try_files $uri $uri/ =404;
        }
}

Check Nginx for syntax errors:
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If not erros means reload the Nginx server:
$ sudo nginx -s reload
## or ##
$ sudo systemcl reload nginx
Start a web-browser and type virtual domain url. For instance:
http://your-domain-name-here
http://www.cyberciti.biz

Step 9 – View log files

Use the tail command/cat command or grep command/egrep command as follows:
$ sudo cat /var/log/nginx/cyberciti.biz_access.log
$ sudo grep 'GET /foo' /var/log/nginx/cyberciti.biz_access.log
$ sudo tail -f /var/log/nginx/cyberciti.biz_error.log
Sample session

10.147.164.2 - - [08/Jun/2020:12:12:37 +0000] "HEAD /index.html HTTP/1.1" 404 0 "-" "curl/7.61.1" "-"
10.147.164.2 - - [08/Jun/2020:12:13:12 +0000] "HEAD /index.html HTTP/1.1" 200 0 "-" "curl/7.61.1" "-"
10.147.164.2 - - [08/Jun/2020:12:13:14 +0000] "HEAD /index.html HTTP/1.1" 200 0 "-" "curl/7.61.1" "-"
10.147.164.2 - - [08/Jun/2020:12:13:19 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.61.1" "-"
10.147.164.2 - - [08/Jun/2020:12:15:21 +0000] "GET /index.html HTTP/1.1" 200 348 "-" "curl/7.61.1" "-"
10.147.164.1 - - [08/Jun/2020:12:15:49 +0000] "HEAD /index.html HTTP/1.1" 200 0 "-" "curl/7.68.0" "-"
139.151.zzz.yyy - - [08/Jun/2020:12:28:04 +0000] "GET / HTTP/1.1" 200 348 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/83.0.4103.61 Chrome/83.0.4103.61 Safari/537.36" "-"
139.151.zzz.yyy- - [08/Jun/2020:12:28:04 +0000] "GET /favicon.ico HTTP/1.1" 404 571 "http://52.44.236.32/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/83.0.4103.61 Chrome/83.0.4103.61 Safari/537.36" "-"

How to secure Nginx server

See “Top 25 Nginx Web Server Best Security Practices” and “40 Linux server security tips” for more info.

Conclusion

You just learned how to install, set up and configure Nginx server on a CentOS Enterprise Linux 8 server. Further we explained how to open TCP ports and configure virtual hosting. Next you can install PHP/MySQL or Python/Perl to run your webapps. See nginx docs here for more information.