C4f1151075b447779af31e99d6cf70e2c6eb47ac
By:
newbie

Nginx stable or mainline for production server

May 7, 2017 593 views
Nginx Server Optimization Configuration Management Ubuntu 16.04

Hello,
i know its sound ok to go with stable version for production use. but for nginx its quite confusing even from their own documentation.
this is what they say on a recent blog post

We generally recommend using the mainline branch. This is where we commit all new features, performance improvements, and enhancements. We actively test and QA the mainline branch, so it’s arguably more stable than the “stable” branch.

so i want to know which version u guy's usually prefer when installing nginx for a production server? i must add, im not that expert in server management but i wouldn't mind updating nginx regularly whenever the update is released.

one last thing,
i know i can add stable version to apt-get repository by following command,

sudo add-apt-repository ppa:nginx/stable

but what would be the case for mainline version? and does ubuntu's default repository updates almost as frequent as nginx releases a mainline branch?

thanks in advance.

3 Answers
hansen May 7, 2017
Accepted Answer

@newbie

If you just use apt-get install nginx without any ppa, then you will get whatever version that comes with your version of Ubuntu. It will be updated, but only for security releases.

If you use ppa:nginx/stable you'll get the "stable" version. This is probably what you want. You'll get security fixes, critical bugs and upgraded to new major versions.

If you use ppa:nginx/development you'll get the "mainline" version. It usually means you'll get a new version every couple of weeks. This is quite stable releases with very few bugs, but it's not "stable" level.

Unless you specifically need some feature which has just been released in the "mainline" and you can't wait for it to reach "stable", then yes, use the "mainline" - otherwise stay with "stable"

  • [deleted]
  • @hansen

    thanks but im planning to go with ppa:nginx/development
    main reason is, I want to be able to use TLS 1.3. also nginx stable gets update & bugfix's very rarely and the most importantly even peoples from nginx team recommend to use mainline instead of stable for production use. seems they are pretty confident of their mainline branch.

    which one do u use for your purposes by the way?

    • @newbie I don't think you can use TLS 1.3 yet, which is not considered stable, since you'll also need a version of OpenSSL that supports it. It's fine if you want to play and test stuff.
      I run both, but almost solely "stable" on all my production systems.

Hi,
the "stable" branch means that the software will not get new feature updates, only major bug fixes (security/improvement updates, to fix/improve existing features),
while the "mainline" branch means the software will get new features when updated. The branch is NOT beta, but might cause trouble on a production server (security issues may appear in the new features). In the documentation they claim "mainline" is better supported (and more tested) than stable (probably because stable has been mainline before).

This nginx blog post explains it: https://www.nginx.com/blog/nginx-1-6-1-7-released/

So, if your use of nginx is mission critical, then use stable branch, otherwise, just use the default version of the server from the ubuntu repos (don't add any other repos stable/mainline).

Hope this helps!

  • @ioanmoldovan1999
    thanks for your reply.

    so you are telling me to install nginx just by

    sudo apt-get install nginx
    

    will that install latest nginx mainline version? and how frequently does default ubuntu repository updates their nginx version?

    • Yeah, I'm not sure it's mainline, but it's a very good version, that's guaranteed to work with ubuntu without major issues (because it's also maintained by Ubuntu repo maintainers) because it has some patches (like any other ubuntu package) to improve it's compatibility. Plus, it is not beta, it's stable.

@newbie

When it comes to NGINX, I prefer mainline -- it's actually what I use with my auto-installers. In terms of whether or not the NGINX mainline is suitable for production, it is, though IMO, if you're planning on use mainline, you should be compiling it from source instead of using repositories.

When compiling it from source, you're able to choose the version of OpenSSL or LibreSSL, PCRE, and ZLIB that you compile against -- you're able to include or not include certain core modules -- and you are able to build in additional modules that are not in core.

The repositories provided for Ubuntu and even the PPA's are built for general purpose and the out of box configuration is not exactly optimal for production -- it needs tuning. Repositories and PPA's may include every single module (many of which you may not need) or only a subset.

Repositories and PPA's may be excellent for containers (Docker, LXC) where you're normally not wanting spend the time it takes do a source compile (even though you only have to do it once every so often in most cases), though on a non-containerized deployment, I always use mainline and do a source compile.

  • @jtittle @hansen
    after thinking a lot i decided to go with nginx stable. so i add fowlloings

    sudo apt-get install python-software-properties
    
    sudo add-apt-repository ppa:nginx/stable
    

    but after installing i got nginx 1.10.3. i was thinking to install nginx from official source. is that a bad idea?

    and if not is by doing following ill be able to do that?
    Edit/etc/apt/sources.list.d/nginx.list with

    deb http://nginx.org/packages/ubuntu/ xenial nginx
    deb-src http://nginx.org/packages/ubuntu/ xenial nginx
    

    then

    sudo apt-get update
    sudo apt-get install nginx
    

    thanks in advance.

    • @newbie
      This should do it, but if you have had Nginx installed previous, then you need to remove that first with sudo apt-get remove nginx

      sudo add-apt-repository ppa:nginx/stable
      sudo apt-get update
      sudo apt-get install nginx
      
    • @newbie

      That's one issue with repositories -- they aren't always up to date :-).

      You can clear out the repository that was added by the PPA by removing it from the source file, or by removing the source file that was added to /etc/apt -- then adding the new repo you want to use and running apt-get update to sync.

      You'll want to make sure you've removed NGINX prior though just in case you run in to any conflicts with the new repository.

      apt-get -y remove nginx
      
      apt-get -y purge nginx
      

      Then add the repository and apt-get update, followed by apt-get -y install nginx.

Have another answer? Share your knowledge.