Server Setup

Nginx-extras:: Get HTTP/2 with ALPN, PageSpeed, ModSecurity and much more in one single place

by , , revisited on


nginx extras HTTP2
nginx extras HTTP2

What is nginx-extras?

Nginx-extras is basically nginx stable release with lots of optional useful modules. It’s no longer required to compile nginx from sources to include PageSpeed module to easily speedup websites and improve SEO. Building nginx with latest OpenSSL is no longer important to support newest HTTP/2 protocol ALPN.

I used at first to manually compile nginx from source every time a customer wanted to switch from Apache to Nginx (LAMP to LEMP) to get decent performance for their websites. It was time-consuming to deploy and maintain so I decided to create packages (rpm) for CentOS 6 & 7. I added extras to their repository as it includes third party modules. With these packages, I’m able to setup a LEMP server in few minutes. I can also deploy a new module on all customer’s server by simply pushing a new package update to the repository.

Nginx-extras doesn’t have any dependencies on any packages not included by CentOS base and it won’t break anything because it will conflict if nginx is already installed on your system. It’s also fully compatible with Nginx Amplify and it’s in production on many websites since 2014. Among them, some high traffic websites such as:

  • https://www.ashridgetrees.co.uk
  • https://www.studiogears.com
  • https://www.sayitwithagift.com

The package changelog is available for CentOS 6 and CentOS 7. It’s updated frequently as you can see. A new build is created when a new nginx version is released or when a CVE is discovered and needs patching.

What is the difference between nginx and nginx-extras?

Nginx team as well as EPEL provides packages for CentOS. However, it doesn’t includes any extra third party modules. Here’s a list of modules available with nginx-extras:

  • PageSpeed
  • Brotli
  • ModSecurity v3
  • Headers-More
  • GeoIP v2
  • PAM authentication
  • MPEG-TS Live Module
  • Fancy Index
  • RTMP
  • Cookie Flag

It doesn’t end there. Nginx extras:

  • Leverage dynamic modules. You can install the bare minimum nginx or any modules you wish, extending as you need. Not a bloatware nginx build!
  • Is the largest collection of pre-built dynamic nginx modules on the Internet in a single repository
  • Powered by CDN!

Getting started

There are currently packages available for CentOS 6 and 7. The easiest way to install is to use out CentOS yum repository (see dedicated repository page):

CentOS 6

yum install https://extras.getpagespeed.com/release-el6-latest.rpm

CentOS 7

yum install https://extras.getpagespeed.com/release-el7-latest.rpm

Once the repository is configured, you can proceed with installing nginx-extras. You can install it directly with the rpm or use GetPageSpeed repository, e.g.to install nginx with PageSpeed module, run:

#> yum install nginx nginx-module-nps 

To list available modules for installation, run:

#> yum list available | grep nginx-module

To install the recommended group of modules for performance, you may want to run:

#> yum groupinstall "nginx extras"

… which installs nginx with PageSpeed and Brotli modules.

How to enable HTTP/2 with ALPN and confirm that it works

If you’re currently using nginx < 1.10, this means you’re using SPDY protocol to speedup Web traffic. Nginx switched from SPDY to HTTP/2 in version 1.10 (introduced in 1.9 mainline tree). Therefore, you will need to change all your “spdy” entries to “http2” if you upgrade to latest stable build:

listen 127.0.0.1:443 ssl spdy;

to:

listen 127.0.0.1:443 ssl http2;

There’s always more

The nginx itself shipped with nginx extras repository builds on stable and time tested runtime.
If you like to live on the edge, there’s a drop-in replacement for that runtime.
Read more about nginx-mod, which runs with latest OpenSSL, patched with full HTTP/2 HPACK support and dynamic TLS records.

Package maintainer and Feedbacks

I’ve been the only package maintainer of nginx extras for the past 2 years. All sources are committed with GIT on a private BitBucket repository. I may push them public on GitHub in the future.

Please provide any feedbacks if you use these packages. I also accept module or feature request to add more customization or enhancements to nginx extras.

  1. Hugh Pratt

    Hello. I loved your Brotli tutorial. Now for my nginx I’d like to install headers_more and pagespeed, maybe mod_security for some simple WAF rules. Is there a way to install only these on CentOS 7.6 without disturbing the main nginx (which I installed via “yum install nginx” from the usual repos). Thanks!

    Reply
    • Hugh Pratt

      OK, I installed headers-more by doing this:

      yum install nginx-module-headers-more.x86_64

      Then I restarted Nginx. But when I add this to nginx.conf:

      more_set_headers 'Server: MyServer';

      I get the error about:

      nginx: [emerg] unknown directive "more_set_headers" in /etc/nginx/nginx.conf

      Reply
      • Hugh Pratt

        Found it. Had to include the line at the top in nginx.conf:

        load_module modules/ngx_http_headers_more_filter_module.so;

        Reply
  2. Hugh Pratt

    Hello, how can I install ONLY geoip2? Is there a command for that?

    Reply
  3. Hugh Pratt

    OK, I tried to do:

    yum install --skip-broken nginx-module-geoip2.x86_64

    But this shows me errors:

    “`Resolving Dependencies
    –> Running transaction check
    —> Package nginx-module-geoip2.x86_64 1:1.14.1.3.2-1.el7_4.gps will be installed
    –> Processing Dependency: nginx = 1:1.14.1-1.el7_4.ngx for package: 1:nginx-module-geoip2-1.14.1.3.2-1.el7_4.gps.x86_64
    –> Processing Dependency: libmaxminddb.so.0()(64bit) for package: 1:nginx-module-geoip2-1.14.1.3.2-1.el7_4.gps.x86_64
    –> Running transaction check
    —> Package libmaxminddb.x86_64 0:1.2.0-1.el7 will be installed
    —> Package nginx-module-geoip2.x86_64 1:1.14.1.3.2-1.el7_4.gps will be installed
    –> Processing Dependency: nginx = 1:1.14.1-1.el7_4.ngx for package: 1:nginx-module-geoip2-1.14.1.3.2-1.el7_4.gps.x86_64
    epel/x86_64/filelists_db | 11 MB 00:00:00
    getpagespeed-extras-x86_64/x86_64/filelists_db | 165 kB 00:00:00

    Packages skipped because of dependency problems:
    libmaxminddb-1.2.0-1.el7.x86_64 from epel
    1:nginx-module-geoip2-1.14.1.3.2-1.el7_4.gps.x86_64 from getpagespeed-extras-x86_64
    [root@uzi libmaxminddb-1.3.2]# yum install –skip-broken nginx-module-geoip2.x86_64
    “`

    Any idea what I can do? I may have some other stray libmaxminddb installed from the past? Many thanks for any help!

    Reply
    • Hugh Pratt

      I wonder if this could be the problem:

      Package: 1:nginx-module-geoip2-1.14.1.3.2-1.el7_4.gps.x86_64 (getpagespeed-extras-x86_64)
      Requires: nginx = 1:1.14.1-1.el7_4.ngx
      Installed: 1:nginx-1.14.2-1.el7_4.ngx.x86_64 (@nginx)
      nginx = 1:1.14.2-1.el7_4.ngx
      Available: 1:nginx-1.8.0-1.el7.ngx.x86_64 (nginx)....

      Does the GeoIP2 require version 1.14.1 while I have a more recent 1.14.2 installed?

      Reply
      • Danila Vershinin

        Yes, this is it. That module slipped from being rebuilt for 1.14.2 – this is now fixed. Try yum clean all && yum install nginx-module-geoip2 Thanks for the feedback

        Reply
  4. Mauricio

    Hi, how can update OpenSSL 1.0.2k-fips 26 Jan 2017 to OpenSSL 1.1.1b 26 Feb 2019 to works with nginx-extras?

    Thanks for you great support.

    Reply
    • Danila Vershinin

      Hi Mauricio, you may want to check nginx-mod which is drop-in replacement with all the “edge” features like that.

      Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.