ososoba
By:
ososoba

Best PPA for Nginx with Google Pagespeed

February 18, 2017 388 views
Nginx WordPress Ubuntu 16.04

I've been trying to install PageSpeed on an existing Nginx server for the last 12 hrs with no luck, I keep running into different errors and having to read over and again to solve them. This is my first VPS

But I understand that some PPAs have this inbuilt. I don't mind starting a new server to have this installed from the scratch and rebuild WP on it. I know that Easyengine had it but took Pagespeed out in Ver 3.6

Any other PPA suggestions will be welcome

15 Answers

@ososoba

You don't specifically need a PPA as they have their own auto-installer that's available. It'll automate a source build of NGINX w/ ngx_pagespeed as a module. All you need to do is run:

bash <(curl -f -L -sS https://ngxpagespeed.com/install) --nginx-version latest

... and follow the on-screen prompts.

Keep in mind, this is a very barebones installation of NGINX. If you need specific modules compiled in, you'll need to specify those when the script prompts you.

References

https://modpagespeed.com/doc/buildngxpagespeedfromsource

https://modpagespeed.com/doc/configuration

http://wiki.nginx.org/InitScripts

@ososoba

Before We Get Started

This is meant to be a copy and paste command, meaning you copy it from top to bottom and paste it to the CLI, then hit enter and let it run its course.

This installs NGINX w/Pagespeed, PHP 7.1, and MariaDB, but it will take a little bit of time to complete, so be patient; source compiles take time.

I've provided configuration samples for NGINX and your first Server Block below the command with a few details. This should get you started with a working build environment. You'll still need to create your database(s), upload your PHP files, etc.

Finally ... this is a long post. Take your time :-).

The One-Liner

apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install autoconf automake bc bison build-essential ccache cmake curl dh-systemd flex gcc geoip-bin google-perftools g++ icu-devtools libacl1-dev libbz2-dev libcap-ng-dev libcap-ng-utils libcurl4-openssl-dev libdmalloc-dev libenchant-dev libevent-dev libexpat1-dev libfontconfig1-dev libfreetype6-dev libgd-dev libgeoip-dev libghc-iconv-dev libgmp-dev libgoogle-perftools-dev libice-dev libice6 libicu-dev libjbig-dev libjpeg-dev libjpeg-turbo8-dev libjpeg8-dev libluajit-5.1-2 libluajit-5.1-common libluajit-5.1-dev liblzma-dev libmhash-dev libmhash2 libmm-dev libncurses5-dev libnspr4-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng-dev libpng12-dev libpthread-stubs0-dev libreadline-dev libselinux1-dev libsm-dev libsm6 libssl-dev libtidy-dev libtiff5-dev libtiffxx5 libunbound-dev libvpx-dev libvpx3 libwebp-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev libxml2-dev libxpm-dev libxslt1-dev libxt-dev libxt6 make nano perl pkg-config software-properties-common systemtap-sdt-dev unzip webp wget xtrans-dev zip zlib1g-dev zlibc \
&& add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& apt-get -y install php7.1-cli php7.1-dev php7.1-fpm php7.1-bcmath php7.1-bz2 php7.1-common php7.1-curl php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mysql php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-xml php7.1-xmlrpc php7.1-zip php7.1-opcache php7.1-xsl php-yaml \
&& mkdir -p /usr/local/src/packages/{modules,nginx,openssl,pcre,zlib} \
&& mkdir -p /etc/nginx/{cache/{client,fastcgi,proxy,uwsgi,scgi},config/php,lock,logs,modules,pid,sites,ssl} \
&& useradd -d /etc/nginx nginx \
&& cd /usr/local/src/packages/nginx \
&& wget https://nginx.org/download/nginx-1.11.10.tar.gz \
&& tar xvf nginx-1.11.10.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/openssl \
&& wget https://www.openssl.org/source/openssl-1.1.0e.tar.gz \
&& tar xvf openssl-1.1.0e.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/pcre \
&& wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz \
&& tar xvf pcre-8.40.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/zlib \
&& wget http://www.zlib.net/zlib-1.2.11.tar.gz \
&& tar xvf zlib-1.2.11.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/modules \
&& wget https://github.com/openresty/headers-more-nginx-module/archive/v0.32.tar.gz \
&& tar zxf v0.32.tar.gz \
&& wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz \
&& tar zxf v0.3.0.tar.gz \
&& wget https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz \
&& tar zxf 2.3.tar.gz \
&& NPS_VERSION="1.12.34.2" \
&& cd /usr/local/src/packages/modules/ \
&& wget https://github.com/pagespeed/ngx_pagespeed/archive/v${NPS_VERSION}-beta.zip \
&& unzip v${NPS_VERSION}-beta.zip \
&& cd /usr/local/src/packages/modules/ngx_pagespeed-${NPS_VERSION}-beta \
&& psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz \
&& [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) \
&& wget ${psol_url} \
&& tar -xzvf $(basename ${psol_url}) \
&& cd /usr/local/src/packages/nginx \
&& ./configure --prefix=/etc/nginx \
               --sbin-path=/usr/sbin/nginx \
               --conf-path=/etc/nginx/config/nginx.conf \
               --lock-path=/etc/nginx/lock/nginx.lock \
               --pid-path=/etc/nginx/pid/nginx.pid \
               --error-log-path=/etc/nginx/logs/error.log \
               --http-log-path=/etc/nginx/logs/access.log \
               --http-client-body-temp-path=/etc/nginx/cache/client \
               --http-proxy-temp-path=/etc/nginx/cache/proxy \
               --http-fastcgi-temp-path=/etc/nginx/cache/fastcgi \
               --http-uwsgi-temp-path=/etc/nginx/cache/uwsgi \
               --http-scgi-temp-path=/etc/nginx/cache/scgi \
               --user=nginx \
               --group=nginx \
               --with-poll_module \
               --with-threads \
               --with-file-aio \
               --with-http_ssl_module \
               --with-http_v2_module \
               --with-http_realip_module \
               --with-http_addition_module \
               --with-http_xslt_module \
               --with-http_image_filter_module \
               --with-http_sub_module \
               --with-http_dav_module \
               --with-http_flv_module \
               --with-http_mp4_module \
               --with-http_gunzip_module \
               --with-http_gzip_static_module \
               --with-http_auth_request_module \
               --with-http_random_index_module \
               --with-http_secure_link_module \
               --with-http_degradation_module \
               --with-http_slice_module \
               --with-http_stub_status_module \
               --with-stream \
               --with-stream_ssl_module \
               --with-stream_realip_module \
               --with-stream_geoip_module \
               --with-stream_ssl_preread_module \
               --with-google_perftools_module \
               --with-pcre=/usr/local/src/packages/pcre \
               --with-pcre-jit \
               --with-zlib=/usr/local/src/packages/zlib \
               --with-openssl=/usr/local/src/packages/openssl \
               --add-module=/usr/local/src/packages/modules/ngx_devel_kit-0.3.0 \
               --add-module=/usr/local/src/packages/modules/headers-more-nginx-module-0.32 \
               --add-module=/usr/local/src/packages/modules/ngx_cache_purge-2.3 \
               --add-module=/usr/local/src/packages/modules/ngx_pagespeed-1.12.34.2-beta \
&& make \
&& make install

Once the above completes, we need to run the following, which will delete our existing NGINX config and files we don't need.

rm -rf /etc/nginx/config/nginx.conf \
&& rm -rf /etc/nginx/config/*.default

Now, we'll implement our actual NGINX configuration by creating a new NGINX configuration file.

nano /etc/nginx/config/nginx.conf

and paste in:

user                                                    nginx nginx;
worker_processes                                        1;
worker_priority                                         -10;

worker_rlimit_nofile                                    260000;
timer_resolution                                        100ms;

pcre_jit                                                on;

events {
    worker_connections                                  10000;
    accept_mutex                                        off;
    accept_mutex_delay                                  200ms;
    use                                                 epoll;
}


http {
    map_hash_bucket_size                                128;
    map_hash_max_size                                   4096;
    server_names_hash_bucket_size                       128;
    server_names_hash_max_size                          2048;
    variables_hash_max_size                             2048;

    index                                               index.php index.html index.htm;
    include                                             mime.types;
    default_type                                        application/octet-stream;
    charset                                             utf-8;

    sendfile                                            on;
    sendfile_max_chunk                                  512k;
    tcp_nopush                                          on;
    tcp_nodelay                                         on;
    server_tokens                                       off;
    server_name_in_redirect                             off;

    keepalive_timeout                                   5;
    keepalive_requests                                  500;
    lingering_time                                      20s;
    lingering_timeout                                   5s;
    keepalive_disable                                   msie6;

    gzip                                                on;
    gzip_vary                                           on;
    gzip_disable                                        "MSIE [1-6]\.";
    gzip_static                                         on;
    gzip_min_length                                     1400;
    gzip_buffers                                        32 8k;
    gzip_http_version                                   1.0;
    gzip_comp_level                                     5;
    gzip_proxied                                        any;
    gzip_types                                          text/plain
                                                        text/css
                                                        text/xml
                                                        application/javascript
                                                        application/x-javascript
                                                        application/xml
                                                        application/xml+rss
                                                        application/ecmascript
                                                        application/json
                                                        image/svg+xml;

    client_body_buffer_size                             256k;
    client_body_in_file_only                            off;
    client_body_timeout                                 10s;
    client_header_buffer_size                           64k;
    client_header_timeout                               5s;
    client_max_body_size                                50m;
    connection_pool_size                                512;
    directio                                            4m;
    ignore_invalid_headers                              on;
    large_client_header_buffers                         8 64k;
    output_buffers                                      8 256k;
    postpone_output                                     1460;
    proxy_temp_path                                     /etc/nginx/cache/proxy;
    request_pool_size                                   32k;
    reset_timedout_connection                           on;
    send_timeout                                        10s;
    types_hash_max_size                                 2048;

    open_file_cache                                     max=50000 inactive=60s;
    open_file_cache_valid                               120s;
    open_file_cache_min_uses                            2;
    open_file_cache_errors                              off;
    open_log_file_cache                                 max=10000 inactive=30s min_uses=2;

    include                                             /etc/nginx/sites/*.conf;
}

Now we'll create our PHP FastCGI Params file, much like we did the above.

nano /etc/nginx/config/php/fastcgi_params.conf

and paste in:

    fastcgi_param  SCRIPT_FILENAME    $request_filename;

    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 512k;
    fastcgi_buffers 512 16k;
    fastcgi_busy_buffers_size 1m;
    fastcgi_temp_file_write_size 4m;
    fastcgi_max_temp_file_size 4m;
    fastcgi_intercept_errors off;

    fastcgi_param  PATH_INFO          $fastcgi_path_info;
    fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

    fastcgi_param  QUERY_STRING       $query_string;
    fastcgi_param  REQUEST_METHOD     $request_method;
    fastcgi_param  CONTENT_TYPE       $content_type;
    fastcgi_param  CONTENT_LENGTH     $content_length;

    fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
    fastcgi_param  REQUEST_URI        $request_uri;
    fastcgi_param  DOCUMENT_URI       $document_uri;
    fastcgi_param  DOCUMENT_ROOT      $document_root;
    fastcgi_param  SERVER_PROTOCOL    $server_protocol;
    fastcgi_param  REQUEST_SCHEME     $scheme;
    fastcgi_param  HTTPS              $https if_not_empty;
    fastcgi_param  HTTP_PROXY         "";

    fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
    fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

    fastcgi_param  REMOTE_ADDR        $remote_addr;
    fastcgi_param  REMOTE_PORT        $remote_port;
    fastcgi_param  SERVER_ADDR        $server_addr;
    fastcgi_param  SERVER_PORT        $server_port;
    fastcgi_param  SERVER_NAME        $server_name;

    fastcgi_param  REDIRECT_STATUS    200;

Ok, now we need to create a server block for your domain, so we'll create that now. Simply replace yourdomain.com with your actual domain.

nano /etc/nginx/sites/yourdomain.com.conf

and paste in:

server
{
    listen                          80 default_server;
    listen                          [::]:80;
    server_name                     yourdomain.com www.yourdomain.com;

    root                            /home/username/htdocs/public;

    location /
    {
        try_files $uri $uri/ =404;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass   /run/php/php7.1-fpm.sock;
        fastcgi_index  index.php;

        include /etc/nginx/config/php/fastcgi_params.conf;
    }
}

Change /home/username/htdocs/public to the actual directory where you're installing WordPress (i.e. where the WordPress index.php file resides).

Finally, we need to make sure PHP-FPM can read/write on your files, so whichever directory you set as the root above, i.e. /home/username/htdocs/public, we need to change ownership of everything to www-data.

chown -R www-data:www-data /home/username/htdocs/public

That'll make all files and directories owned by www-data, as they should be. Now we just need to start NGINX and restart PHP-FPM for good measure.

Type in nginx and hit enter, then:

system php7.1-fpm restart

@jtittle thanks for the response. Got around to trying it and stumbled on the second part of your response

"Keep in mind, this is a very barebones installation of NGINX. If you need specific modules compiled in, you'll need to specify those when the script prompts you."

I tried to run the additional modules with this command

./configure
--sbin-path=/usr/local/nginx/nginx
--conf-path=/usr/local/nginx/nginx.conf
--pid-path=/usr/local/nginx/nginx.pid
--with-httpsslmodule
--with-pcre=../pcre-8.40
--with-httprewritemodule
--with-httpgzipmodule
--with-zlib=../zlib-1.2.11

Based on information on this page - http://nginx.org/en/docs/configure.html

But I get the following error

> ./configure
About to configure nginx with:
    --sbin-path=/usr/local/nginx/nginx
    --conf-path=/usr/local/nginx/nginx.conf
    --pid-path=/usr/local/nginx/nginx.pid
    --with-http_ssl_module
    --with-pcre=../pcre-8.40
    --with-http_rewrite_module
    --with-http_gzip_module
    --with-zlib=../zlib-1.2.11   ./configure --add-module=/home/osaze/ngx_pagespeed-latest-stable ./configure
Does this look right? [Y/n] ./configure: error: invalid option "./configure"
Error: Failure running './configure --add-module=/home/osaze/ngx_pagespeed-latest-stable ./configure', exiting.
osaze@intelisight-beta:/root$     --conf-path=/usr/local/nginx/nginx.conf
bash: --conf-path=/usr/local/nginx/nginx.conf: Permission denied
osaze@intelisight-beta:/root$     --pid-path=/usr/local/nginx/nginx.pid
bash: --pid-path=/usr/local/nginx/nginx.pid: Permission denied
osaze@intelisight-beta:/root$     --with-http_ssl_module
--with-http_ssl_module: command not found
osaze@intelisight-beta:/root$     --with-pcre=../pcre-8.40
bash: --with-pcre=../pcre-8.40: Permission denied
osaze@intelisight-beta:/root$     --with-http_rewrite_module
--with-http_rewrite_module: command not found
osaze@intelisight-beta:/root$     --with-http_gzip_module
--with-http_gzip_module: command not found

I'm certain I'm doing something wrong, I'd appreciate any help on fixing this.

PS: This is for a WordPress site, so any additional modules you think I might need, won't mind exploring them too.

@ososoba

For the purpose of the bash script I posted, you don't need to use ./configure -- you'd only use that when you're compiling from source on your own. This bash script is already running with that, so the only thing you'd need to pass is the rest of the commands.

i.e.

When you see:

About to build nginx.  Do you have any additional ./configure
arguments you would like to set?  For example, if you would like
to build nginx with https support give --with-http_ssl_module
If you don't have any, just press enter.

You should only be passing:

--with-http_ssl_module \
... \
... \
... \

where ... is other modules and the trailing \ allows you to break it over multiple lines. Without that trailing slash, all arguments need to be on a single line separated by a space.

So the above is valid, as is:

--with-http_ssl_module --with=... --with=...

where --with=... is the actual arguments.

That said, unless you physically downloaded the PCRE, OpenSSL, or ZLIB taball and extracted them, you don't need to use:

--with-pcre=../pcre-8.40

Additionally, you'll need to specify direct paths. So instead of ../pcre-8.40, you'd use:

/direct/path/to/pcre-8.40

I'll follow up with a second reply here shortly. It may be better to simply do a source compile without the script. I'll share one of my working examples and you can use that as a testbed. Upfront, I don't use the normal paths that a standard NGINX installation uses as I like to keep things a little more organized on my builds.

@jtittle

Thanks a lot for the detailed description of the install process.

I ran into two issues during the install but was able to fix them, putting it here incase someone else runs into this

a. E: Sub-process /usr/bin/dpkg exited unexpectedly
Had to reconfigure dpkg in this case with dpkg --configure -a

b. cc: internal compiler error: Killed (program cc1plus)
Seemed to be a memory issue, so I created a 1GB swapfile
Worked after that

Thanks again @jtittle, going to install WP with ServerPilot on this server and see how well I can get PageSpeed to work.

One of the easiest way of increasing the responsiveness of your server and guarding against out of memory errors in your applications is to add some swap space. In this guide, we will cover how to add a swap file to an Ubuntu 16.04 server. &lt;$&gt;[warning] [label...

@jtittle I'd like to ask something else.

In some other tutorials I see, users recommend pinning the current nginx build with pagespeed so as not to have it overwritten on a update. Is that necessary here? And how do I do that?

Thank you

  • @ososoba

    If you use the PPA, or the "one-liner" that I posted, updates and upgrades shouldn't overwrite any configuration or changes you've performed as they are source builds, thus unaffected by the apt-get commands that upgrade, update, purge, or remove packages.

    The only thing that will overwrite a source build is if you run another source build using the same commands -- i.e. run the installer again, or use my build. Even if you did, the "one-liner" that I posted won't overwrite your server blocks for your websites or any of your website data. You'd need to recreate the nginx.conf file since the last part of that command deletes the existing, but other than that, it won't change anything else.

    That being said, I've never used ServerPilot, so you may or may not be able to use a custom build with them (whether it's the PPA or my "one-liner"). I believe they perform their own install which sets up NGINX as a reverse proxy to Apache.

    Personally, NGINX works just fine on its own and unless you have an absolute need for Apache, then I'd simply run with NGINX as the only web server as it reduces troubleshooting.

@jtittle
Would it be possible to add naxsi to that installation script?
If so where and how?

Thank you.

  • @stephgiguere

    Absolutely! If you take a look at what I posted, towards the bottom, you'll see this:

    --add-module=/usr/local/src/packages/modules/ngx_devel_kit-0.3.0 \
    --add-module=/usr/local/src/packages/modules/headers-more-nginx-module-0.32 \
    --add-module=/usr/local/src/packages/modules/ngx_cache_purge-2.3 \
    --add-module=/usr/local/src/packages/modules/ngx_pagespeed-1.12.34.2-beta \
    

    With NGINX, modules are added using --add-module= which accepts a directory. So if we clone the repo from GitHub, we can simply pass the path to the module to the build and recompile.

    IIRC, naxsi needs to be the first module in the list, so you'd simply add it to the top of the list above.

    To start:

    cd /usr/local/src
    

    Then we'll clone the repo:

    git clone https://github.com/nbs-system/naxsi.git
    

    Now we'll end up with a path to naxsi that we can use and pass to --add-module=, which would be:

    /usr/local/src/naxsi
    

    So the line we'd add to the top would be:

    --add-module=/usr/local/src/naxsi
    

    That being said, I'm actually working on a much cleaner, updated version of the above. While the modules are not out of date, that's not the latest version of NGINX, OpenSSL, PCRE, or ZLIB. It also does not provide much in the way of example configuration for server blocks.

    I'm working on wrapping up the initial release of the updated version on GitHub, and when I do, I'll post it. You'd still need to modify the source and add naxsi, but it's far cleaner than the one shot I provided above.

@jtittle

So would the oneliner work like this:

apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install autoconf automake bc bison build-essential ccache cmake curl dh-systemd flex gcc geoip-bin google-perftools g++ icu-devtools libacl1-dev libbz2-dev libcap-ng-dev libcap-ng-utils libcurl4-openssl-dev libdmalloc-dev libenchant-dev libevent-dev libexpat1-dev libfontconfig1-dev libfreetype6-dev libgd-dev libgeoip-dev libghc-iconv-dev libgmp-dev libgoogle-perftools-dev libice-dev libice6 libicu-dev libjbig-dev libjpeg-dev libjpeg-turbo8-dev libjpeg8-dev libluajit-5.1-2 libluajit-5.1-common libluajit-5.1-dev liblzma-dev libmhash-dev libmhash2 libmm-dev libncurses5-dev libnspr4-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng-dev libpng12-dev libpthread-stubs0-dev libreadline-dev libselinux1-dev libsm-dev libsm6 libssl-dev libtidy-dev libtiff5-dev libtiffxx5 libunbound-dev libvpx-dev libvpx3 libwebp-dev libx11-dev libxau-dev libxcb1-dev libxdmcp-dev libxml2-dev libxpm-dev libxslt1-dev libxt-dev libxt6 make nano perl pkg-config software-properties-common systemtap-sdt-dev unzip webp wget xtrans-dev zip zlib1g-dev zlibc \
&& add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& apt-get -y install php7.1-cli php7.1-dev php7.1-fpm php7.1-bcmath php7.1-bz2 php7.1-common php7.1-curl php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mysql php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-xml php7.1-xmlrpc php7.1-zip php7.1-opcache php7.1-xsl php-yaml \
&& mkdir -p /usr/local/src/packages/{modules,nginx,openssl,pcre,zlib} \
&& mkdir -p /etc/nginx/{cache/{client,fastcgi,proxy,uwsgi,scgi},config/php,lock,logs,modules,pid,sites,ssl} \
&& useradd -d /etc/nginx nginx \
&& cd /usr/local/src/packages/nginx \
&& wget https://nginx.org/download/nginx-1.11.10.tar.gz \
&& tar xvf nginx-1.11.10.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/openssl \
&& wget https://www.openssl.org/source/openssl-1.1.0e.tar.gz \
&& tar xvf openssl-1.1.0e.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/pcre \
&& wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz \
&& tar xvf pcre-8.40.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/zlib \
&& wget http://www.zlib.net/zlib-1.2.11.tar.gz \
&& tar xvf zlib-1.2.11.tar.gz --strip-components=1 \
&& cd /usr/local/src/packages/modules \
&& wget https://github.com/openresty/headers-more-nginx-module/archive/v0.32.tar.gz \
&& tar zxf v0.32.tar.gz \
&& wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz \
&& tar zxf v0.3.0.tar.gz \
&& wget https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz \
&& tar zxf 2.3.tar.gz \
&& NPS_VERSION="1.12.34.2" \
&& cd /usr/local/src/packages/modules/ \
&& wget https://github.com/pagespeed/ngx_pagespeed/archive/v${NPS_VERSION}-beta.zip \
&& unzip v${NPS_VERSION}-beta.zip \
&& cd /usr/local/src/packages/modules/ngx_pagespeed-${NPS_VERSION}-beta \
&& psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz \
&& [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) \
&& wget ${psol_url} \
&& tar -xzvf $(basename ${psol_url}) \
&& cd /usr/local/src
&& git clone https://github.com/nbs-system/naxsi.git
&& cd /usr/local/src/packages/nginx \
&& ./configure --prefix=/etc/nginx \
               --sbin-path=/usr/sbin/nginx \
               --conf-path=/etc/nginx/config/nginx.conf \
               --lock-path=/etc/nginx/lock/nginx.lock \
               --pid-path=/etc/nginx/pid/nginx.pid \
               --error-log-path=/etc/nginx/logs/error.log \
               --http-log-path=/etc/nginx/logs/access.log \
               --http-client-body-temp-path=/etc/nginx/cache/client \
               --http-proxy-temp-path=/etc/nginx/cache/proxy \
               --http-fastcgi-temp-path=/etc/nginx/cache/fastcgi \
               --http-uwsgi-temp-path=/etc/nginx/cache/uwsgi \
               --http-scgi-temp-path=/etc/nginx/cache/scgi \
               --user=nginx \
               --group=nginx \
               --with-poll_module \
               --with-threads \
               --with-file-aio \
               --with-http_ssl_module \
               --with-http_v2_module \
               --with-http_realip_module \
               --with-http_addition_module \
               --with-http_xslt_module \
               --with-http_image_filter_module \
               --with-http_sub_module \
               --with-http_dav_module \
               --with-http_flv_module \
               --with-http_mp4_module \
               --with-http_gunzip_module \
               --with-http_gzip_static_module \
               --with-http_auth_request_module \
               --with-http_random_index_module \
               --with-http_secure_link_module \
               --with-http_degradation_module \
               --with-http_slice_module \
               --with-http_stub_status_module \
               --with-stream \
               --with-stream_ssl_module \
               --with-stream_realip_module \
               --with-stream_geoip_module \
               --with-stream_ssl_preread_module \
               --with-google_perftools_module \
               --with-pcre=/usr/local/src/packages/pcre \
               --with-pcre-jit \
               --with-zlib=/usr/local/src/packages/zlib \
               --with-openssl=/usr/local/src/packages/openssl \
           --add-module=/usr/local/src/naxsi
               --add-module=/usr/local/src/packages/modules/ngx_devel_kit-0.3.0 \
               --add-module=/usr/local/src/packages/modules/headers-more-nginx-module-0.32 \
               --add-module=/usr/local/src/packages/modules/ngx_cache_purge-2.3 \
               --add-module=/usr/local/src/packages/modules/ngx_pagespeed-1.12.34.2-beta \
&& make \
&& make install

Looking forward to a better solution.

  • @ososoba

    You'll need to add a \ to the end of this line:

    --add-module=/usr/local/src/naxsi
    

    So that it looks like:

    --add-module=/usr/local/src/naxsi \
    

    This is how we go about breaking the command over multiple lines. Without those \, everything would have to be on a single line :-). Without that one \, it won't compile.

    I'm running tests on the updated version now, so if you want to wait a few minutes while the test completes, I should have it online shortly.

    Just waiting on the Droplet to go online and then uploading the script to let it run.

I will defenatly wait got to feed the kids anyway lol

Thank you again

@stephgiguere

Ok, here we go :-). What you'll want to do is login to your Droplet using SSH, then choose a directory. I often use /opt or /usr/local/src. It doesn't really matter, though these two are the ones I prefer since there's generally nothing in these directories and they aren't used for web-based access.

Once logged in, cd to your directory, like so:

cd /usr/local/src

Then run:

git clone https://github.com/serveradminsh/installers.git

Once git is done:

cd installers/nginx
chmod +x installer.sh

Now we'll let the auto-installer take care of the rest for you by simply typing in:

./installer.sh

The screen will clear and it will update/sync packages, upgrade any packages that need to be, and then install all packages required for the build environment as well as for building NGINX.

The installation is a build from source and compile, and dhparam.pem is generated for SSL, so it will take a while to finish up. On a 4GB Droplet, it took about 32 minutes -- much of that is because of the dhparam.pem file (it's 4096 bits), though that file is needed for SSL if you plan on enabling it at some point.

  • @stephgiguere

    To add naxsi, you'd want to open installer.sh and find Line 208, which should be:

    --add-module=/usr/local/src/github/ngx_devel_kit
    

    Above that, add:

    --add-module=/usr/local/src/naxsi
    

    Now close out and save, then:

    cd /usr/local/src
    

    Followed by:

    git clone https://github.com/nbs-system/naxsi.git
    

    You can now run the auto-installer as noted before and that'll compile naxsi in with it. It'll add to the final time, but shouldn't be by much.

    Once done, you'll need to check:

    https://github.com/nbs-system/naxsi/wiki

    I've not deal with naxsi that much just yet, so I don't have a full setup on it.

@jtittle

Thank you, wiil try.

Does it include naxsi or do I need to add the naxsi script?

@jtittle
Thank you, It is building on a new 2gb droplet. I will report back when it is done.

BTW I added the \ at the end of --add-module=/usr/local/src/naxsi so it looks like :

--add-module=/usr/local/src/naxsi \

Got this error
adding module in /usr/local/src/naxsi
./auto/configure: error: no /usr/local/src/naxsi/config was found

@jtittle
Got it installed with no errors.

But when I try to access ip address I get
NGINX - Access Denied
Probably just need a few config

  • @stephgiguere

    That's normal until you setup your own server blocks. By default, there's a _.conf file located in:

    /etc/nginx/sites
    

    This file serves as the default for the server and pulls data from:

    /home/nginx/htdocs/public
    

    So the reason you're seeing NGINX - Access Denied is because of the index.html file that's in the above directory :-). Nothing is actually wrong with NGINX or the setup -- as long as you didn't see any errors when running the script and you do see that page, you're good.

    To add additional sites, you'd look in:

    ./installers/nginx/examples
    

    There's a few examples including Load Balancing, Proxy, PHP, and SSL. All of the examples are setup to require as few changes as possible and I'm working on better documentation to detail how they can be used.

    Essentially you should only need to change server_name and root in each of the config files (where root exists -- proxy setups won't use that directive). The only other directive that needs changing will be fastcgi_pass on PHP sites as that needs to be specific to your FPM config.

    You can then copy one of those configuration files over to:

    /etc/nginx/sites
    

    ... and then edit it to fit your needs. So If I wanted to setup a new PHP site, while in ./installers, I'd run:

    cp nginx/examples/php/php.conf /etc/nginx/sites/mydomain.com.conf
    

    I'd then change server_name, root, and fastcgi_pass to match my needs.

    If you have any questions, feel free to ask.

Have another answer? Share your knowledge.