Log In

By:

ososoba

Best PPA for Nginx with Google Pagespeed

February 18, 2017 1k

Nginx WordPress Ubuntu 16.04

I've been trying to install PageSpeed on an existing Nginx server for the last 12 hrs with no luck, I keep running into different errors and having to read over and again to solve them. This is my first VPS

But I understand that some PPAs have this inbuilt. I don't mind starting a new server to have this installed from the scratch and rebuild WP on it. I know that Easyengine had it but took Pagespeed out in Ver 3.6

Any other PPA suggestions will be welcome

Log In to Comment

22 Answers

jtittle February 18, 2017

You don't specifically need a PPA as they have their own auto-installer that's available. It'll automate a source build of NGINX w/ ngx_pagespeed as a module. All you need to do is run:

bash <(curl -f -L -sS https://ngxpagespeed.com/install) --nginx-version latest

... and follow the on-screen prompts.

Keep in mind, this is a very barebones installation of NGINX. If you need specific modules compiled in, you'll need to specify those when the script prompts you.

References

https://modpagespeed.com/doc/buildngxpagespeedfromsource

https://modpagespeed.com/doc/configuration

http://wiki.nginx.org/InitScripts

jtittle February 21, 2017

Before We Get Started

This is meant to be a copy and paste command, meaning you copy it from top to bottom and paste it to the CLI, then hit enter and let it run its course.

This installs NGINX w/Pagespeed, PHP 7.1, and MariaDB, but it will take a little bit of time to complete, so be patient; source compiles take time.

I've provided configuration samples for NGINX and your first Server Block below the command with a few details. This should get you started with a working build environment. You'll still need to create your database(s), upload your PHP files, etc.

Finally ... this is a long post. Take your time :-).

The One-Liner

apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install autoconf automake bc bison build-essential ccache cmake curl dh-systemd flex gcc geoip-bin google-perftools g++ icu-devtools libacl1-dev libbz2-dev libcap-ng-dev libcap-ng-utils libcurl4-openssl-dev libdmalloc-dev libenchant-dev libevent-dev libexpat1-dev libfontconfig1-dev libfreetype6-dev libgd-dev libgeoip-dev libghc-iconv-dev libgmp-dev libgoogle-perftools-dev libice-dev libice6 libicu-dev libjbig-dev libjpeg-dev libjpeg-turbo8-dev libjpeg8-dev libluajit-5.1-2 libluajit-5.1-common libluajit-5.1-dev liblzma-dev libmhash-dev libmhash2 libmm-dev libncurses5-dev libnspr4-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng-dev libpng12-dev libpthread-stubs0-dev libreadline-dev libselinux1-dev libsm-dev libsm6 libssl-dev libtidy-dev libtiff5-dev libtiffxx5 libunbound-dev libvpx-dev libvpx3 libwebp-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev libxml2-dev libxpm-dev libxslt1-dev libxt-dev libxt6 make nano perl pkg-config software-properties-common systemtap-sdt-dev unzip webp wget xtrans-dev zip zlib1g-dev zlibc \
&& add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& apt-get -y install php7.1-cli php7.1-dev php7.1-fpm php7.1-bcmath php7.1-bz2 php7.1-common php7.1-curl php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mysql php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-xml php7.1-xmlrpc php7.1-zip php7.1-opcache php7.1-xsl php-yaml \
&& mkdir -p /usr/local/src/packages/{modules,nginx,openssl,pcre,zlib} \
&& mkdir -p /etc/nginx/{cache/{client,fastcgi,proxy,uwsgi,scgi},config/php,lock,logs,modules,pid,sites,ssl} \
&& useradd -d /etc/nginx nginx \
&& cd /usr/local/src/packages/nginx \
&& wget https://nginx.org/download/nginx-1.11.10.tar.gz \
&& tar xvf nginx-1.11.10.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/openssl \
&& wget https://www.openssl.org/source/openssl-1.1.0e.tar.gz \
&& tar xvf openssl-1.1.0e.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/pcre \
&& wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz \
&& tar xvf pcre-8.40.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/zlib \
&& wget http://www.zlib.net/zlib-1.2.11.tar.gz \
&& tar xvf zlib-1.2.11.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/modules \
&& wget https://github.com/openresty/headers-more-nginx-module/archive/v0.32.tar.gz \
&& tar zxf v0.32.tar.gz \
&& wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz \
&& tar zxf v0.3.0.tar.gz \
&& wget https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz \
&& tar zxf 2.3.tar.gz \
&& NPS_VERSION="1.12.34.2" \
&& cd /usr/local/src/packages/modules/ \
&& wget https://github.com/pagespeed/ngx_pagespeed/archive/v${NPS_VERSION}-beta.zip \
&& unzip v${NPS_VERSION}-beta.zip \
&& cd /usr/local/src/packages/modules/ngx_pagespeed-${NPS_VERSION}-beta \
&& psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz \
&& [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) \
&& wget ${psol_url} \
&& tar -xzvf $(basename ${psol_url}) \
&& cd /usr/local/src/packages/nginx \
&& ./configure --prefix=/etc/nginx \
               --sbin-path=/usr/sbin/nginx \
               --conf-path=/etc/nginx/config/nginx.conf \
               --lock-path=/etc/nginx/lock/nginx.lock \
               --pid-path=/etc/nginx/pid/nginx.pid \
               --error-log-path=/etc/nginx/logs/error.log \
               --http-log-path=/etc/nginx/logs/access.log \
               --http-client-body-temp-path=/etc/nginx/cache/client \
               --http-proxy-temp-path=/etc/nginx/cache/proxy \
               --http-fastcgi-temp-path=/etc/nginx/cache/fastcgi \
               --http-uwsgi-temp-path=/etc/nginx/cache/uwsgi \
               --http-scgi-temp-path=/etc/nginx/cache/scgi \
               --user=nginx \
               --group=nginx \
               --with-poll_module \
               --with-threads \
               --with-file-aio \
               --with-http_ssl_module \
               --with-http_v2_module \
               --with-http_realip_module \
               --with-http_addition_module \
               --with-http_xslt_module \
               --with-http_image_filter_module \
               --with-http_sub_module \
               --with-http_dav_module \
               --with-http_flv_module \
               --with-http_mp4_module \
               --with-http_gunzip_module \
               --with-http_gzip_static_module \
               --with-http_auth_request_module \
               --with-http_random_index_module \
               --with-http_secure_link_module \
               --with-http_degradation_module \
               --with-http_slice_module \
               --with-http_stub_status_module \
               --with-stream \
               --with-stream_ssl_module \
               --with-stream_realip_module \
               --with-stream_geoip_module \
               --with-stream_ssl_preread_module \
               --with-google_perftools_module \
               --with-pcre=/usr/local/src/packages/pcre \
               --with-pcre-jit \
               --with-zlib=/usr/local/src/packages/zlib \
               --with-openssl=/usr/local/src/packages/openssl \
               --add-module=/usr/local/src/packages/modules/ngx_devel_kit-0.3.0 \
               --add-module=/usr/local/src/packages/modules/headers-more-nginx-module-0.32 \
               --add-module=/usr/local/src/packages/modules/ngx_cache_purge-2.3 \
               --add-module=/usr/local/src/packages/modules/ngx_pagespeed-1.12.34.2-beta \
&& make \
&& make install

Once the above completes, we need to run the following, which will delete our existing NGINX config and files we don't need.

rm -rf /etc/nginx/config/nginx.conf \
&& rm -rf /etc/nginx/config/*.default

Now, we'll implement our actual NGINX configuration by creating a new NGINX configuration file.

nano /etc/nginx/config/nginx.conf

and paste in:

user                                                    nginx nginx;
worker_processes                                        1;
worker_priority                                         -10;

worker_rlimit_nofile                                    260000;
timer_resolution                                        100ms;

pcre_jit                                                on;

events {
    worker_connections                                  10000;
    accept_mutex                                        off;
    accept_mutex_delay                                  200ms;
    use                                                 epoll;
}


http {
    map_hash_bucket_size                                128;
    map_hash_max_size                                   4096;
    server_names_hash_bucket_size                       128;
    server_names_hash_max_size                          2048;
    variables_hash_max_size                             2048;

    index                                               index.php index.html index.htm;
    include                                             mime.types;
    default_type                                        application/octet-stream;
    charset                                             utf-8;

    sendfile                                            on;
    sendfile_max_chunk                                  512k;
    tcp_nopush                                          on;
    tcp_nodelay                                         on;
    server_tokens                                       off;
    server_name_in_redirect                             off;

    keepalive_timeout                                   5;
    keepalive_requests                                  500;
    lingering_time                                      20s;
    lingering_timeout                                   5s;
    keepalive_disable                                   msie6;

    gzip                                                on;
    gzip_vary                                           on;
    gzip_disable                                        "MSIE [1-6]\.";
    gzip_static                                         on;
    gzip_min_length                                     1400;
    gzip_buffers                                        32 8k;
    gzip_http_version                                   1.0;
    gzip_comp_level                                     5;
    gzip_proxied                                        any;
    gzip_types                                          text/plain
                                                        text/css
                                                        text/xml
                                                        application/javascript
                                                        application/x-javascript
                                                        application/xml
                                                        application/xml+rss
                                                        application/ecmascript
                                                        application/json
                                                        image/svg+xml;

    client_body_buffer_size                             256k;
    client_body_in_file_only                            off;
    client_body_timeout                                 10s;
    client_header_buffer_size                           64k;
    client_header_timeout                               5s;
    client_max_body_size                                50m;
    connection_pool_size                                512;
    directio                                            4m;
    ignore_invalid_headers                              on;
    large_client_header_buffers                         8 64k;
    output_buffers                                      8 256k;
    postpone_output                                     1460;
    proxy_temp_path                                     /etc/nginx/cache/proxy;
    request_pool_size                                   32k;
    reset_timedout_connection                           on;
    send_timeout                                        10s;
    types_hash_max_size                                 2048;

    open_file_cache                                     max=50000 inactive=60s;
    open_file_cache_valid                               120s;
    open_file_cache_min_uses                            2;
    open_file_cache_errors                              off;
    open_log_file_cache                                 max=10000 inactive=30s min_uses=2;

    include                                             /etc/nginx/sites/*.conf;
}

Now we'll create our PHP FastCGI Params file, much like we did the above.

nano /etc/nginx/config/php/fastcgi_params.conf

and paste in:

    fastcgi_param  SCRIPT_FILENAME    $request_filename;

    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors off;

    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;

    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";

    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;

    fastcgi_param  REDIRECT_STATUS    200;

Ok, now we need to create a server block for your domain, so we'll create that now. Simply replace yourdomain.com with your actual domain.

nano /etc/nginx/sites/yourdomain.com.conf

and paste in:

server
{
    listen                          80 default_server;
    listen                          [::]:80;
    server_name                     yourdomain.com www.yourdomain.com;

    root                            /home/username/htdocs/public;

    location /
    {
        try_files $uri $uri/ =404;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   /run/php/php7.1-fpm.sock;
        fastcgi_index  index.php;

        include /etc/nginx/config/php/fastcgi_params.conf;
    }
}

Change /home/username/htdocs/public to the actual directory where you're installing WordPress (i.e. where the WordPress index.php file resides).

Finally, we need to make sure PHP-FPM can read/write on your files, so whichever directory you set as the root above, i.e. /home/username/htdocs/public, we need to change ownership of everything to www-data.

chown -R www-data:www-data /home/username/htdocs/public

That'll make all files and directories owned by www-data, as they should be. Now we just need to start NGINX and restart PHP-FPM for good measure.

Type in nginx and hit enter, then:

system php7.1-fpm restart

jtittle February 21, 2017

The last restart should be service php7.1-fpm restart (system => service).
- zash April 28, 2017
  
  @jtittle
  
  got stucked at the step where i typed in nginx.
  Gotten this error. Any clue what could be the problem ?
  tried changing to /var/run/php/php7.1-fpm.sock still no luck.
  
  nginx: [emerg] invalid host in upstream "/run/php/php7.1-fpm.sock" in /etc/nginx/sites/mydomain.com.conf:17
  
  jtittle April 28, 2017
  
  @zash
  
  Change:
  
  fastcgi_pass /run/php/php7.1-fpm.sock;
  
  To:
  
  fastcgi_pass unix:/run/php/php7.1-fpm.sock;
  
  As a general note, the above guide is a little outdated (i.e. compiling NGINX) as there have been updates to NGINX, PCRE, and OpenSSL since.
  
  For the most up-to-date version of the compiler as of now, I'd recommend cloning the repo I setup and running the installer. It's a far more in-depth compile and includes example configurations.
  
  cd /opt \ && git clone https://github.com/serveradminsh/installers \ && cd installers/nginx \ && chmod +x installer.sh \ && ./installer.sh
  
  The current release compiles Brotli, Pagespeed, and a few other modules as well as updated versions of PCRE, OpenSSL, and ZLIB.
  
  zash April 28, 2017
  
  @jtittle
  
  Thanks for the prompt reply ! Tried your installer and got this error at the end.
  
  checking for OS + Linux 4.8.0-45-generic x86_64 checking for C compiler ... not found ./auto/configure: error: C compiler cc is not found
  
  jtittle April 28, 2017
  
  @zash
  
  Was this on a Droplet with Ubuntu 16.04 or 16.10? If not, that's what I would use as that's what the installer is designed to be used on. It may work on Ubuntu 14.04, though I've not tested it there since 16.04 is the latest LTS release.
  
  As a general note, the installer should be ran on a clean droplet (nothing else installed, just freshly deployed).
  
  zash April 28, 2017
  
  @jtittle
  
  i ran it on a fresh Ubuntu 16.10 x64 droplet, only thing i added was a swap space . maybe i could try again on a fresh 16.04x64 droplet see if it works.
  
  This prompt came up and i chose the " keep the local version currently installed" option.
  
  A new version of /boot/grub/menu.lst is available, but the version installed currently has been locally modified. What would you like to do about menu.lst? install the package maintainer's version keep the local version currently installed show the differences between the versions show a side-by-side difference between the versions show a 3-way difference between available versions do a 3-way merge between available versions (experimental) start a new shell to examine the situation

ososoba February 20, 2017

@jtittle thanks for the response. Got around to trying it and stumbled on the second part of your response

"Keep in mind, this is a very barebones installation of NGINX. If you need specific modules compiled in, you'll need to specify those when the script prompts you."

I tried to run the additional modules with this command

./configure
--sbin-path=/usr/local/nginx/nginx
--conf-path=/usr/local/nginx/nginx.conf
--pid-path=/usr/local/nginx/nginx.pid
--with-httpsslmodule
--with-pcre=../pcre-8.40
--with-httprewritemodule
--with-httpgzipmodule
--with-zlib=../zlib-1.2.11

Based on information on this page - http://nginx.org/en/docs/configure.html

But I get the following error

> ./configure
About to configure nginx with:
    --sbin-path=/usr/local/nginx/nginx
    --conf-path=/usr/local/nginx/nginx.conf
    --pid-path=/usr/local/nginx/nginx.pid
    --with-http_ssl_module
    --with-pcre=../pcre-8.40
    --with-http_rewrite_module
    --with-http_gzip_module
    --with-zlib=../zlib-1.2.11   ./configure --add-module=/home/osaze/ngx_pagespeed-latest-stable ./configure
Does this look right? [Y/n] ./configure: error: invalid option "./configure"
Error: Failure running './configure --add-module=/home/osaze/ngx_pagespeed-latest-stable ./configure', exiting.
osaze@intelisight-beta:/root$     --conf-path=/usr/local/nginx/nginx.conf
bash: --conf-path=/usr/local/nginx/nginx.conf: Permission denied
osaze@intelisight-beta:/root$     --pid-path=/usr/local/nginx/nginx.pid
bash: --pid-path=/usr/local/nginx/nginx.pid: Permission denied
osaze@intelisight-beta:/root$     --with-http_ssl_module
--with-http_ssl_module: command not found
osaze@intelisight-beta:/root$     --with-pcre=../pcre-8.40
bash: --with-pcre=../pcre-8.40: Permission denied
osaze@intelisight-beta:/root$     --with-http_rewrite_module
--with-http_rewrite_module: command not found
osaze@intelisight-beta:/root$     --with-http_gzip_module
--with-http_gzip_module: command not found

I'm certain I'm doing something wrong, I'd appreciate any help on fixing this.

PS: This is for a WordPress site, so any additional modules you think I might need, won't mind exploring them too.

jtittle February 21, 2017

For the purpose of the bash script I posted, you don't need to use ./configure -- you'd only use that when you're compiling from source on your own. This bash script is already running with that, so the only thing you'd need to pass is the rest of the commands.

i.e.

When you see:

About to build nginx.  Do you have any additional ./configure
arguments you would like to set?  For example, if you would like
to build nginx with https support give --with-http_ssl_module
If you don't have any, just press enter.

You should only be passing:

--with-http_ssl_module \
... \
... \
... \

where ... is other modules and the trailing \ allows you to break it over multiple lines. Without that trailing slash, all arguments need to be on a single line separated by a space.

So the above is valid, as is:

--with-http_ssl_module --with=... --with=...

where --with=... is the actual arguments.

That said, unless you physically downloaded the PCRE, OpenSSL, or ZLIB taball and extracted them, you don't need to use:

--with-pcre=../pcre-8.40

Additionally, you'll need to specify direct paths. So instead of ../pcre-8.40, you'd use:

/direct/path/to/pcre-8.40

I'll follow up with a second reply here shortly. It may be better to simply do a source compile without the script. I'll share one of my working examples and you can use that as a testbed. Upfront, I don't use the normal paths that a standard NGINX installation uses as I like to keep things a little more organized on my builds.

ososoba February 21, 2017

Thanks a lot for the detailed description of the install process.

I ran into two issues during the install but was able to fix them, putting it here incase someone else runs into this

a. E: Sub-process /usr/bin/dpkg exited unexpectedly
Had to reconfigure dpkg in this case with dpkg --configure -a

b. cc: internal compiler error: Killed (program cc1plus)
Seemed to be a memory issue, so I created a 1GB swapfile
Worked after that

Thanks again @jtittle, going to install WP with ServerPilot on this server and see how well I can get PageSpeed to work.

How To Add Swap Space on Ubuntu 16.04

One of the easiest way of increasing the responsiveness of your server and guarding against out of memory errors in your applications is to add some swap space. In this guide, we will cover how to add a swap file to an Ubuntu 16.04 server. <$>[warning] [label...

ososoba February 21, 2017

@jtittle I'd like to ask something else.

In some other tutorials I see, users recommend pinning the current nginx build with pagespeed so as not to have it overwritten on a update. Is that necessary here? And how do I do that?

Thank you

jtittle February 21, 2017

@ososoba

If you use the PPA, or the "one-liner" that I posted, updates and upgrades shouldn't overwrite any configuration or changes you've performed as they are source builds, thus unaffected by the apt-get commands that upgrade, update, purge, or remove packages.

The only thing that will overwrite a source build is if you run another source build using the same commands -- i.e. run the installer again, or use my build. Even if you did, the "one-liner" that I posted won't overwrite your server blocks for your websites or any of your website data. You'd need to recreate the nginx.conf file since the last part of that command deletes the existing, but other than that, it won't change anything else.

That being said, I've never used ServerPilot, so you may or may not be able to use a custom build with them (whether it's the PPA or my "one-liner"). I believe they perform their own install which sets up NGINX as a reverse proxy to Apache.

Personally, NGINX works just fine on its own and unless you have an absolute need for Apache, then I'd simply run with NGINX as the only web server as it reduces troubleshooting.

stephgiguere March 21, 2017

@jtittle
Would it be possible to add naxsi to that installation script?
If so where and how?

Thank you.

jtittle March 21, 2017
@stephgiguere

Absolutely! If you take a look at what I posted, towards the bottom, you'll see this:

--add-module=/usr/local/src/packages/modules/ngx_devel_kit-0.3.0 \ --add-module=/usr/local/src/packages/modules/headers-more-nginx-module-0.32 \ --add-module=/usr/local/src/packages/modules/ngx_cache_purge-2.3 \ --add-module=/usr/local/src/packages/modules/ngx_pagespeed-1.12.34.2-beta \

With NGINX, modules are added using --add-module= which accepts a directory. So if we clone the repo from GitHub, we can simply pass the path to the module to the build and recompile.

IIRC, naxsi needs to be the first module in the list, so you'd simply add it to the top of the list above.

To start:

cd /usr/local/src

Then we'll clone the repo:

git clone https://github.com/nbs-system/naxsi.git

Now we'll end up with a path to naxsi that we can use and pass to --add-module=, which would be:

/usr/local/src/naxsi

So the line we'd add to the top would be:

--add-module=/usr/local/src/naxsi

That being said, I'm actually working on a much cleaner, updated version of the above. While the modules are not out of date, that's not the latest version of NGINX, OpenSSL, PCRE, or ZLIB. It also does not provide much in the way of example configuration for server blocks.

I'm working on wrapping up the initial release of the updated version on GitHub, and when I do, I'll post it. You'd still need to modify the source and add naxsi, but it's far cleaner than the one shot I provided above.

stephgiguere March 21, 2017

So would the oneliner work like this:

apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install autoconf automake bc bison build-essential ccache cmake curl dh-systemd flex gcc geoip-bin google-perftools g++ icu-devtools libacl1-dev libbz2-dev libcap-ng-dev libcap-ng-utils libcurl4-openssl-dev libdmalloc-dev libenchant-dev libevent-dev libexpat1-dev libfontconfig1-dev libfreetype6-dev libgd-dev libgeoip-dev libghc-iconv-dev libgmp-dev libgoogle-perftools-dev libice-dev libice6 libicu-dev libjbig-dev libjpeg-dev libjpeg-turbo8-dev libjpeg8-dev libluajit-5.1-2 libluajit-5.1-common libluajit-5.1-dev liblzma-dev libmhash-dev libmhash2 libmm-dev libncurses5-dev libnspr4-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng-dev libpng12-dev libpthread-stubs0-dev libreadline-dev libselinux1-dev libsm-dev libsm6 libssl-dev libtidy-dev libtiff5-dev libtiffxx5 libunbound-dev libvpx-dev libvpx3 libwebp-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev libxml2-dev libxpm-dev libxslt1-dev libxt-dev libxt6 make nano perl pkg-config software-properties-common systemtap-sdt-dev unzip webp wget xtrans-dev zip zlib1g-dev zlibc \
&& add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& apt-get -y install php7.1-cli php7.1-dev php7.1-fpm php7.1-bcmath php7.1-bz2 php7.1-common php7.1-curl php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mysql php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-xml php7.1-xmlrpc php7.1-zip php7.1-opcache php7.1-xsl php-yaml \
&& mkdir -p /usr/local/src/packages/{modules,nginx,openssl,pcre,zlib} \
&& mkdir -p /etc/nginx/{cache/{client,fastcgi,proxy,uwsgi,scgi},config/php,lock,logs,modules,pid,sites,ssl} \
&& useradd -d /etc/nginx nginx \
&& cd /usr/local/src/packages/nginx \
&& wget https://nginx.org/download/nginx-1.11.10.tar.gz \
&& tar xvf nginx-1.11.10.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/openssl \
&& wget https://www.openssl.org/source/openssl-1.1.0e.tar.gz \
&& tar xvf openssl-1.1.0e.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/pcre \
&& wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz \
&& tar xvf pcre-8.40.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/zlib \
&& wget http://www.zlib.net/zlib-1.2.11.tar.gz \
&& tar xvf zlib-1.2.11.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/modules \
&& wget https://github.com/openresty/headers-more-nginx-module/archive/v0.32.tar.gz \
&& tar zxf v0.32.tar.gz \
&& wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz \
&& tar zxf v0.3.0.tar.gz \
&& wget https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz \
&& tar zxf 2.3.tar.gz \
&& NPS_VERSION="1.12.34.2" \
&& cd /usr/local/src/packages/modules/ \
&& wget https://github.com/pagespeed/ngx_pagespeed/archive/v${NPS_VERSION}-beta.zip \
&& unzip v${NPS_VERSION}-beta.zip \
&& cd /usr/local/src/packages/modules/ngx_pagespeed-${NPS_VERSION}-beta \
&& psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz \
&& [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) \
&& wget ${psol_url} \
&& tar -xzvf $(basename ${psol_url}) \
&& cd /usr/local/src
&& git clone https://github.com/nbs-system/naxsi.git
&& cd /usr/local/src/packages/nginx \
&& ./configure --prefix=/etc/nginx \
               --sbin-path=/usr/sbin/nginx \
               --conf-path=/etc/nginx/config/nginx.conf \
               --lock-path=/etc/nginx/lock/nginx.lock \
               --pid-path=/etc/nginx/pid/nginx.pid \
               --error-log-path=/etc/nginx/logs/error.log \
               --http-log-path=/etc/nginx/logs/access.log \
               --http-client-body-temp-path=/etc/nginx/cache/client \
               --http-proxy-temp-path=/etc/nginx/cache/proxy \
               --http-fastcgi-temp-path=/etc/nginx/cache/fastcgi \
               --http-uwsgi-temp-path=/etc/nginx/cache/uwsgi \
               --http-scgi-temp-path=/etc/nginx/cache/scgi \
               --user=nginx \
               --group=nginx \
               --with-poll_module \
               --with-threads \
               --with-file-aio \
               --with-http_ssl_module \
               --with-http_v2_module \
               --with-http_realip_module \
               --with-http_addition_module \
               --with-http_xslt_module \
               --with-http_image_filter_module \
               --with-http_sub_module \
               --with-http_dav_module \
               --with-http_flv_module \
               --with-http_mp4_module \
               --with-http_gunzip_module \
               --with-http_gzip_static_module \
               --with-http_auth_request_module \
               --with-http_random_index_module \
               --with-http_secure_link_module \
               --with-http_degradation_module \
               --with-http_slice_module \
               --with-http_stub_status_module \
               --with-stream \
               --with-stream_ssl_module \
               --with-stream_realip_module \
               --with-stream_geoip_module \
               --with-stream_ssl_preread_module \
               --with-google_perftools_module \
               --with-pcre=/usr/local/src/packages/pcre \
               --with-pcre-jit \
               --with-zlib=/usr/local/src/packages/zlib \
               --with-openssl=/usr/local/src/packages/openssl \
           --add-module=/usr/local/src/naxsi
               --add-module=/usr/local/src/packages/modules/ngx_devel_kit-0.3.0 \
               --add-module=/usr/local/src/packages/modules/headers-more-nginx-module-0.32 \
               --add-module=/usr/local/src/packages/modules/ngx_cache_purge-2.3 \
               --add-module=/usr/local/src/packages/modules/ngx_pagespeed-1.12.34.2-beta \
&& make \
&& make install

Looking forward to a better solution.

jtittle March 21, 2017
@ososoba

You'll need to add a \ to the end of this line:

--add-module=/usr/local/src/naxsi

So that it looks like:

--add-module=/usr/local/src/naxsi \

This is how we go about breaking the command over multiple lines. Without those \, everything would have to be on a single line :-). Without that one \, it won't compile.

I'm running tests on the updated version now, so if you want to wait a few minutes while the test completes, I should have it online shortly.

Just waiting on the Droplet to go online and then uploading the script to let it run.

stephgiguere March 21, 2017

Oh and thank you :)

stephgiguere March 21, 2017

I will defenatly wait got to feed the kids anyway lol

Thank you again

jtittle March 21, 2017

Ok, here we go :-). What you'll want to do is login to your Droplet using SSH, then choose a directory. I often use /opt or /usr/local/src. It doesn't really matter, though these two are the ones I prefer since there's generally nothing in these directories and they aren't used for web-based access.

Once logged in, cd to your directory, like so:

cd /usr/local/src

Then run:

git clone https://github.com/serveradminsh/installers.git

Once git is done:

cd installers/nginx

chmod +x installer.sh

Now we'll let the auto-installer take care of the rest for you by simply typing in:

./installer.sh

The screen will clear and it will update/sync packages, upgrade any packages that need to be, and then install all packages required for the build environment as well as for building NGINX.

The installation is a build from source and compile, and dhparam.pem is generated for SSL, so it will take a while to finish up. On a 4GB Droplet, it took about 32 minutes -- much of that is because of the dhparam.pem file (it's 4096 bits), though that file is needed for SSL if you plan on enabling it at some point.

jtittle March 21, 2017
@stephgiguere

To add naxsi, you'd want to open installer.sh and find Line 208, which should be:

--add-module=/usr/local/src/github/ngx_devel_kit

Above that, add:

--add-module=/usr/local/src/naxsi

Now close out and save, then:

cd /usr/local/src

Followed by:

git clone https://github.com/nbs-system/naxsi.git

You can now run the auto-installer as noted before and that'll compile naxsi in with it. It'll add to the final time, but shouldn't be by much.

Once done, you'll need to check:

https://github.com/nbs-system/naxsi/wiki

I've not deal with naxsi that much just yet, so I don't have a full setup on it.

stephgiguere March 21, 2017

Thank you, wiil try.

Does it include naxsi or do I need to add the naxsi script?

jtittle March 22, 2017

@stephgiguere - See my reply directly below it :-).

stephgiguere March 22, 2017

@jtittle
Thank you, It is building on a new 2gb droplet. I will report back when it is done.

BTW I added the \ at the end of --add-module=/usr/local/src/naxsi so it looks like :

--add-module=/usr/local/src/naxsi \

stephgiguere March 22, 2017

Got this error
adding module in /usr/local/src/naxsi
./auto/configure: error: no /usr/local/src/naxsi/config was found

jtittle March 22, 2017
@stephgiguere

Looks like they've changed the src directory. To fix that, change:

/usr/local/src/naxsi

to

/usr/local/src/naxsi/naxsi_src

stephgiguere March 23, 2017

@jtittle
Got it installed with no errors.

But when I try to access ip address I get
NGINX - Access Denied
Probably just need a few config

jtittle March 23, 2017
@stephgiguere

That's normal until you setup your own server blocks. By default, there's a _.conf file located in:

/etc/nginx/sites

This file serves as the default for the server and pulls data from:

/home/nginx/htdocs/public

So the reason you're seeing NGINX - Access Denied is because of the index.html file that's in the above directory :-). Nothing is actually wrong with NGINX or the setup -- as long as you didn't see any errors when running the script and you do see that page, you're good.

To add additional sites, you'd look in:

./installers/nginx/examples

There's a few examples including Load Balancing, Proxy, PHP, and SSL. All of the examples are setup to require as few changes as possible and I'm working on better documentation to detail how they can be used.

Essentially you should only need to change server_name and root in each of the config files (where root exists -- proxy setups won't use that directive). The only other directive that needs changing will be fastcgi_pass on PHP sites as that needs to be specific to your FPM config.

You can then copy one of those configuration files over to:

/etc/nginx/sites

... and then edit it to fit your needs. So If I wanted to setup a new PHP site, while in ./installers, I'd run:

cp nginx/examples/php/php.conf /etc/nginx/sites/mydomain.com.conf

I'd then change server_name, root, and fastcgi_pass to match my needs.

If you have any questions, feel free to ask.

jtittle April 28, 2017

The issue was the libpng12-dev package. Since that package doesn't exist on 16.10, it caused the install command to fail for the majority of the packages needed to build NGINX.

I've since updated the repository. To start, run:

rm -rf /usr/local/src/*

Then:

rm -rf /opt/installers \
&& cd /opt \
&& git clone https://github.com/serveradminsh/installers.git \
&& chmod +x /opt/installers/nginx/installer.sh \
&& /opt/installers/nginx/installer.sh

or modify installer.sh and remove libpng12-dev. Once that's removed, it'll allow the installer to run as intended.

zash April 29, 2017

@jtittle
got this error for a fresh Ubuntu 16.10 droplet

make[1]: Leaving directory '/usr/local/src/github/nginx'
cp: cannot stat '/opt/html/index.html': No such file or directory
Failed to enable unit: No such file or directory

now trying on a fresh Ubuntu 16.04, see how it goes.

update: same error for 16.04

jtittle April 29, 2017

This seems to be an issue with the directory variable, which I'll update once I return to my desk so this isn't an issue.

In the mean time, if you cd in to the ./nginx directory directly, that should allow the script to run without throwing that error.

cd /opt/installers/nginx \
&& ./installer.sh

I'll get that updated pushed through shortly.

zash April 29, 2017

Awesome it works now, thanks for the help!
Any command i can run to verify the modules were installed successfully?

Next I want to add http2, SSL and phpMyAdmin.

so i should head go to /etc/nginx/sites/_.conf

replace the first 3 lines with these

       # SSL configuration
        #
         listen 443 ssl http2 default_server;
         listen [::]:443 ssl http2  default_server;
        #

        ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;

        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:$
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

       # Phpmyadmin Configurations
                location /phpmyadmin {
       root /usr/share/;
       index index.php index.html index.htm;
       location ~ ^/phpmyadmin/(.+\.php)$ {
               try_files $uri =404;
               root /usr/share/;
               #fastcgi_pass 127.0.0.1:9000;
               #fastcgi_param HTTPS on; 
               fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
               fastcgi_index index.php;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               include fastcgi_params;
       }
       location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
               root /usr/share/;
       }

Is this correct ?

jtittle April 29, 2017
@zash

If the installer completed, they are installed, otherwise it'd fail and NGINX wouldn't be running :-). That said, you can run nginx -V which will output the configuration.

As for the server block, there are example configurations in:

./installers/nginx/examples

So for SSL, we'd open up:

./installers/nginx/examples/ssl/ssl.conf

You'll want to change server_name on both blocks to your domain, such as:

server_name domain.com www.domain.com;

From there, we'd need to replace the location block with some of the configuration from the examples provided for PHP. Those are in:

./installers/nginx/examples/php

I'd recommend using:

./installers/nginx/examples/php/php.conf

... as you need to know what you're doing when using FastCGI Caching (the other file provided as an example).

What we'd end up with is something that looks like this:

server { listen 80; listen [::]:80; server_name domain.com www.domain.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name domain.com www.domain.com; include /etc/nginx/config/sites/headers.conf; include /etc/nginx/config/ssl/resolver.conf; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; include /etc/nginx/config/ssl/ssl.conf; root /home/nginx/htdocs/public; location / { try_files $uri $uri/ /index.php?$args; } location /phpmyadmin { root /usr/share/; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; include /etc/nginx/config/php/fastcgi_params; } include /etc/nginx/config/cache/static.conf; }

...

More and better examples are coming in the next release, which will cover more types of setups and configurations. For now, the examples cover most of the basics including some of the more complex setups.

To avoid redundancy in server blocks, include is used to reference configuration files that would otherwise need to be placed inside each block. This can be a pain to manage and it's far easier to manage one file than X blocks copy and pasted.
- zash April 30, 2017
  
  @jtittle
  Thanks so much ! finally managed to migrate my website to the new server.
  All works fine except this package https://github.com/thephpleague/glide.
  
  example https://mydomain.com/img/uploads/502/1493523757demo_upload.jpeg?w=200&h=150&fit=crop
  
  What its suppose to do is when i do a mydomain.com/img/{path} it would look into the cache folder inside my public folder for the particular file, if its not found it will go to Amazon S3 and fetch the image, do the image manipulation and copy it into the cache folder.
  
  checked the nginx error logs and it gives me this.
  
  [error] 12278#12278: *369 open() "/home/nginx/htdocs/public/img/uploads/502/1493523757demo_upload.jpeg" failed (2: No such file or directory),
  
  It works fine on my localhost and previous server so i thought it had something to do with the google pagespeed. Turned it off in the nginx.conf still no luck. Wondering if you have any idea what could the issue be .

jtittle April 29, 2017

@zash

Just pushed the update through to the GitHub repository after testing on Ubuntu 16.10 -- should be working correctly as of now without any issues.

jtittle April 30, 2017

Pagespeed isn't enabled by default, that requires additional setup which isn't a part of the script just yet (mainly as not all options work equally for everyone).

The module is active if you wish to configure Pagespeed, but without those specific settings, it does nothing.

As for the error, it may be permissions related or it could be that the GD or Imagick PHP package is not installed. When working with PHP-FPM, all directories and files need to be owned by the user + group defined in the pool configuration file.

For example, if you're running PHP 7.1, that should be here:

/etc/php/7.1/fpm/pool.d/www.conf

If you've setup a custom pool file, then you'd need to check that specific file. By default, the above is setup to use www-data as the user and group, so that's the user and group that needs to own the files and directories you've serving content from.

Since you're using the default directory in the examples, that means you need to chown all files and directories from:

/home/nginx/htdocs/public

... down, to www-data or the user in your pool configuration. We can do that by:

chown -R www-data:www-data /home/nginx/htdocs/public

Any file or directory created by your PHP script should chown to that user and group automatically, but if you add any files or create directories from the CLI, you'll need to make sure they are owned by that user and group, otherwise PHP/PHP-FPM can't read/write since they would effectively be owned by root or another user.

...

That being said, the /home/nginx directory is actually meant for the default configuration and the host as it's setup to be owned by the nginx user, not for sites you create, so if you're going to use that directory, I would:

1). Set ownership of /home/nginx back to root as it should be using:

chown root:root /home/nginx

2). Set ownership of /home/nginx/htdocs to www-data.

chown -R www-data:www-data /home/nginx/htdocs

...

The auto-installer is meant as a starting point. Ideally, you should create individual directories for each site, such as:

/home/username01/htdocs/public
/home/username02/htdocs/public
/home/username03/htdocs/public
/home/username04/htdocs/public

or

/home/domain01.com/htdocs/public
/home/domain02.com/htdocs/public
/home/domain03.com/htdocs/public
/home/domain04.com/htdocs/public

Each site would have it's own pool file and user, so you'd copy:

/etc/php/7.1/fpm/pool.d/www.conf

to something such as:

/etc/php/7.1/fpm/pool.d/domain01.conf
/etc/php/7.1/fpm/pool.d/domain02.conf
/etc/php/7.1/fpm/pool.d/domain03.conf
/etc/php/7.1/fpm/pool.d/domain04.conf

And modify each of those to use a non-root, non-sudo user.

...

For example, if I wanted to create a new user, I'd do something like this:

mkdir -p /home/mynewuser/htdocs/public

useradd -d /home/mynewuser mynewuser

cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/mynewuser.conf

nano /etc/php/7.1/fpm/pool.d/mynewuser.conf

Change [www] to [mynewuser] and then replace www-data with mynewuser. I would then change the listen directive to create a new socket or use TCP and a port. Once the changes are made, restart PHP-FPM.

Then:

chown -R mynewuser:mynewuser /home/mynewuser/*

I would then change the socket in my NGINX server block to match the one I just set in the pool configuration file. This way each user has a socket.

...

My goal is to add some additional features and ways to do this to the script in the future, though for the time being, much of it still needs to be done by hand.

zash April 30, 2017

I managed to fix the issue . found the solution here. https://github.com/thephpleague/glide/issues/90
added this into .conf inside the server block.

# Pass request to Laravel if static image can not be found
location ~ ^/(img|photos)/ {
  location ~* \.(?:jpg|jpeg|gif|png)$ {
    expires 1y;
    access_log off;
    add_header Cache-Control "public";

    # It even checks for a directory but that isn't needed imo 🤔
    try_files $uri $uri/ /index.php?$query_string;
  }
}

# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
  expires 1y;
  access_log off;
  add_header Cache-Control "public";
}

Thanks for taking your time to write how to setup the nginx server correctly, think I should restart from a new droplet and set it up the right way again.

I think it would be good if you can include all that in your git readme, it would benefit newbies like me. :)

jtittle April 30, 2017

@zash

No problem at all :-).

The installers are just a starting point to a slightly larger project that I'm working on. The goal is to offer a complete LEMP Stack solution that goes beyond what most existing solutions provide.

I'm not looking to create a web-based control panel, but more of a control panel for the CLI. As the project comes along, there will definitely be documentation :-).

If you have any other questions, feel free to tag me!

nolybom May 6, 2017

WOW! This is by far the most reliable and amazing approach of setting up an nginx server...and trust me...i am looking around for a while.

I have followed each step and must admit that i struggled a little when setting up pagespeed and naxsi because of no documentation, but found solutions thru the web.

I can provide some handpicked pagespeed-configs if you'd like to integrate them in your examples.
Let me know if that's interesting.

My next step is to install different php versions (5.6, 7,0 7.1) and be able to switch between them in server blocks. Any idea how to achieve that without facing big troubles?

HHVM is also worth noticing and might be a good idea to integrate in your installers. What do you think?

jtittle May 6, 2017
@nolybom

Thanks! I'm actually working on a better version of it, which includes documentation (which the current version lacks).

Multiple PHP versions can be installed when using the repository that the PHP installer uses:

ppa:ondrej/php

Which is added using:

add-apt-repository -y ppa:ondrej/php

Once added, and you run apt-get update, you should be able to install multiple PHP versions. They would be structured like so:

/etc/php/5.6 /etc/php/7.0 /etc/php/7.1

You can search the packages using apt-cache search php5.6 or replace php5.6 with php7.0 or php7.1. Since you're using NGINX, you need to make sure the PHP-FPM package for each is installed.

You may not be able to use multiple CLI versions, though you would be able to use multiple FPM versions of PHP by setting up the pool files for each, which would be located in:

/etc/php/5.6/fpm/pool.d /etc/php/7.0/fpm/pool.d /etc/php/7.1/fpm/pool.d

The www.conf file in the above directories is what you'd want to modify and you'd create a new file like it (changing the users and groups within it) for each site and version you want.

The listen directive within the www.conf file is what you'll use for your PHP server block when setting up your NGINX server blocks. That'll either be a socket (which is the default) or you can swap that over to a TCP connection by replacing the socket path with something such as:

127.0.0.1:9000

You'd simply move up by one port for each site, i.e.

127.0.0.1:9000 127.0.0.1:9001 127.0.0.1:9002 127.0.0.1:9003 127.0.0.1:9004

etc.
- nolybom May 6, 2017
  
  @jtittle ..can't even tell you how much i appreciate your effort to support. THANK YOU!
  Add a donation link somewhere and i will be happy to buy you a beer or two. ;-)
  
  I just followed your instructions and ran these two commands:
  
  add-apt-repository -y ppa:ondrej/php apt-get update
  
  ...but i can't see any php folders in /etc.
  
  Although...
  
  apt-cache search php5.6 apt-cache search php7.0 apt-cache search php7.1
  
  lists the assets just right.
  
  Did i do something wrong?

jtittle May 6, 2017

You'll need to install the PHP packages that you require for your website(s). The apt-cache command only searches for packages -- it won't install them for you.

You'll need to choose which packages you want to install and use apt or apt-get to install.

i.e.

apt -y install php7.1-fpm php7.1-json php7.1-gd

etc.

You'd repeat this for each version that you wish to install.

nolybom 1 day ago

Hi @jtittle,
please don't let this project die.

jtittle 1 day ago

@nolybom - I don't intend to :-).

If you run in to any issues between now and the next release, feel free to let me know!
- nolybom 1 day ago
  
  Thank you @jtittle :-)
  Appreciate it very much!

Have another answer? Share your knowledge.