Nginx-more :: Get HTTP/2 with ALPN, PageSpeed, ModSecurity, GeoIP2 and much more in one single package

nginx-more with HTTP/2 diagram ©

What is nginx-more?

Nginx-more is basically nginx stable release with lots of optional advanced configurations built-in and several useful modules. It’s required to compile nginx from sources to include PageSpeed module to easily speedup websites and improve SEO. Building nginx on latest OpenSSL is also important to support newest HTTP/2 protocol ALPN.

I use at first to manually compile nginx from source every time a customer wanted to switch from Apache to Nginx (LAMP to LEMP) to get decent performance for their websites. It was time-consuming to deploy and maintain so I decided to create a package (rpm) for CentOS 6 & 7. I added more to its name as it includes third party modules. With this package, I’m able to setup a LEMP server in few minutes with easy vhosts configuration. I can also deploy a new module on all customer’s server by simply pushing a new package update to the repository.

Nginx-more was originally based on nginx release 1.6. It doesn’t have any dependencies on any packages not included by CentOS base and it won’t break anything because it will conflict if nginx is already installed on your system. It’s also fully compatible with Nginx Amplify and it’s in production on many websites since 2014. Among them, some high traffic websites such as:

• https://git.market
• https://myvirtualyoga.com
• https://mont-tremblant.ca

The package changelog is available for CentOS 6 and CentOS 7. It’s updated frequently as you can see. A new build is created when a new nginx version is released or when a CVE is discovered and needs patching. The new package is usually in the testing repository for a week before being pushed to stable.

What is the difference between nginx and nginx-more?

Nginx team as well as EPEL provides packages for CentOS. However, it doesn’t includes any advanced configurations nor some useful modules. Here’s a list of changes on top of nginx stable release:

• Nginx is compiled using latest GCC from RedHat devtoolset-7
• Nginx is compiled using latest available OpenSSL sources
• Optimized configurations included (WordPress anti-bruteforce, Laravel, Cloudflare IPs, block bad user-agents)
• PageSpeed module included and configured
• ModSecurity module included but unconfigured
• Nginx virtual host traffic status module included and configured
• Headers-More-Nginx included
• Nginx-Cache-Purge included
• GeoIP and GeoIP2
• Echo

This module list is updated over time. You can see the development of nginx-more package on Github.

Getting started

There’s currently packages available for CentOS 6 and 7. The easiest way to install it is to use my CentOS yum repository (see Aeris Packages website):

CentOS 6 > yum -y install https://repo.aerisnetwork.com/pub/aeris-release-6.rpm
CentOS 7 > yum -y install https://repo.aerisnetwork.com/pub/aeris-release-7.rpm

Once the repository is configured, you can proceed with installing nginx-more. You can install it directly with the rpm or use Aeris repository:

#> yum install nginx-more 

All configurations will be installed in default directory which is /etc/nginx/. The package already includes a bunch of PHP-FPM configurations in conf.d/custom/ for WordPress, Laravel, Drupal, OpenCart and PrestaShop, so you can get started in few seconds with your website hosting.

Clean vhost exemple for WordPress:

server {
  listen 127.0.0.1:443 ssl http2;
  server_name exemple.com;
  root /home/www/exemple.com/public_html;
  access_log /var/log/nginx/exemple.com-access_log main;
  error_log /var/log/nginx/exemple.com-access_log warn;
  include conf.d/custom/restrictions.conf;
  include conf.d/custom/pagespeed.conf;
  include conf.d/custom/fpm-wordpress.conf;
}

All nginx-more builds are kept in the repository. If you upgrade to a newest version and it has any issues that you do not have time to troubleshoot by looking at the nginx error_log, you can downgrade to an older version with yum:

#> yum downgrade nginx-more

You can also switch to regular nginx package from EPEL or Nginx with a simple yum command (swap or yum replace plugin):

#> yum swap nginx-more nginx

How to enable HTTP/2 with ALPN and confirm that it works

If you’re currently using nginx-more < 1.10, this means you’re using SPDY protocol to speedup Web traffic. Nginx switched from SPDY to HTTP/2 in version 1.10 (introduced in 1.9 mainline tree). Therefore, you will need to change all your “spdy” entries to “http2” if you upgrade from 1.8 to 1.10:

listen 127.0.0.1:443 ssl spdy;
to
listen 127.0.0.1:443 ssl http2;

To convert multiple vhosts (be careful with this):

#> sed -i ‘s/ssl\ spdy/ssl\ http2/g’ /etc/nginx/conf.d/vhosts/*.conf

SPDY replacement is the main reason why nginx-more/1.10.0 will be in the testing repository longer time then usual so users can convert to HTTP/2 without any issues. New users aren’t affected as they will start right away with HTTP/2. To upgrade nginx-more while it’s still in testing repo:

#> yum --enablerepo=aeris-testing update nginx-more

A simple way to confirm that your website actually use HTTP/2 is to open the powerful Chrome inspector and verify the Network tab, see below.

Chrome inspector screenshot to confirm HTTP/2 protocol

What nginx-more looks like installed

nginx-more 1.10.0 screenshot

Package maintainer and Feedbacks

I’ve been the only package maintainer of nginx-more for the past 2 years. All sources are committed with GIT on a private BitBucket repository. I may push them public on GitHub in the futur.

Please provides any feedbacks if you use this package. I also accept module or feature request to add more customization or enhancements to nginx-more. However, it will be accepted only if it doesn’t cause any compatibility or instability issue.