Compile NGINX 1.14.0 with ngx_cache_purge

from scratch

NGINX 1.14.0 with ngx_cache_purge module can be either manually built from scratch or being downloaded in this guide. First change to /usr/local/src as sudo and update your system.


updated: April, 27th, 2018:
– Ready for Ubuntu 18.04 LTS


sudo -s
cd /usr/local/src && apt update && apt upgrade -y
apt install software-properties-common python-software-properties

Ensure that you have already installed at least openssl 1.1.0h:

openssl version

The output shoold look similar to mine:

OpenSSL 1.1.0h 28 March 2018

If not, please follow this guide first: Upgrade to openssl 1.1.0h. Disable any NGINX-entries in “/etc/apt/source.list” and below “/etc/apt/source.list.d” regarding any entries for nginx.

vi /etc/apt/sources.list

Comment (#) all nginx occurencies like:

# deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx

 

Compile NGINX with ngx_cache_purge

Add both, the NGINX key

wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key

and the NGINX repositories to your system:

vi /etc/apt/sources.list.d/nginx.list

Copy and paste the following two rows:

deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx

Then update your software sources:

apt update

Some errors will appear while running ‘apt update’:

…N: Skipping acquire of configured file ‘nginx/binary-arm64/Packages’ as repository ‘http://nginx.org/packages/mainline/ubuntu xenial InRelease’ doesn’t support architecture ‘arm64’
N: Skipping acquire of configured file ‘nginx/binary-armhf/Packages’ as repository ‘http://nginx.org/packages/mainline/ubuntu xenial InRelease’ doesn’t support architecture ‘armhf’ …

Please ignore these errors and go ahead with downloading the build dependencies and the source code for the new nginx-server:

apt build-dep nginx -y
apt source nginx

Another warning/error will be thrown:

W: Can’t drop privileges for downloading as file ‘nginx_1.14.0-1~xenial.dsc’ couldn’t be accessed by user ‘_apt’. – pkgAcquire::Run (13: Permission denied)

Please ignore this error either and go ahead with the next step. Create and change into the nginx-directory:

mkdir /usr/local/src/nginx-1.14.0/debian/modules -p
cd /usr/local/src/nginx-1.14.0/debian/modules

Now, in the modules directory, we are going to download and extract the code for each of the modules we want to include (e.g. ngx_cache_purge 2.3):

wget https://github.com/FRiCKLE/ngx_cache_purge/archive/2.3.tar.gz

Now extract the binaries:

tar -zxvf 2.3.tar.gz && rm 2.3.tar.gz

Change back to the debian-directory and edit the compiler information file “rules”:

cd /usr/local/src/nginx-1.14.0/debian
vi rules

You will need to modify two lines in the rules file. Search for “with-ld-opt=”$(LDFLAGS)” and immediately after the first occurrence add the following:

--add-module="$(CURDIR)/debian/modules/ngx_cache_purge-2.3"

and on the second occurrence add the following:

--add-module="$(CURDIR)/debian/modules/ngx_cache_purge-2.3" --with-debug

On the second pass building the debug deb package an error may occur:

… dh_shlibdeps -a dpkg-shlibdeps: error: no dependency information found for /usr/lib/libz.so.1 (used by debian/nginx/usr/sbin/nginx-debug) …

To fix this error find the line

dh_shlibdeps -a

and modify it to

dh_shlibdeps -a --dpkg-shlibdeps-params=--ignore-missing-info

Save and quit (:wq!) the rules-file. We will now build the debian package, please ensure you are in the nginx source directory:

cd /usr/local/src/nginx-1.14.0

and run

dpkg-buildpackage -uc -b -j4

After package building will be finished (may take a while ~10 min) please change to the src-directory again:

cd /usr/local/src

First remove any old nginx fragments on your server:

apt remove nginx nginx-common nginx-full -y --allow-change-held-packages

Then start installing the new nginx-webserver, choose the package that fits your environment:

dpkg --install nginx_1.14.0-1~xenial_*.deb

If you run in trouble with an error message like

…Unpacking nginx (1.14.0-1~xenial) …
dpkg: dependency problems prevent configuration of nginx:
nginx depends on libssl1.1 (>= 1.1.0); however:
Package libssl1.1 is not installed. …

please install libssl1.1 manually from Ubuntu.

Mark the nginx as “hold” to avoid any updates to NGINX using apt upgrade.

apt-mark hold nginx

Configure the autostart for NGINX:

systemctl enable nginx.service

Check your nginx-webserver:
nginx -t

If the following output appears

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

start and verify your new NGINX webserver with module “ngx_cache_purge” enabled:

service nginx restart && nginx -V 2>&1 | grep ngx_cache_purge -o

If ngx_cache_purge appears your webserver works correctly. Modify the source file “nginx.list” to disable its content

vi /etc/apt/sources.list.d/nginx.list

by adding ‘#’ at the beginning of each line:

# deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx
# deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx

To benefit from ngx_cache_purge module just ammend the nextcloud.conf as shown in red:

Non-Reverse Proxy configuration for Nextcloud (nextcloud.conf):

fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
map $request_uri $skip_cache {
 default 1;
 ~*/thumbnail.php 0;
 ~*/apps/galleryplus/ 0;
 ~*/apps/gallery/ 0;
}
server {
listen 80 default_server;
server_name YOUR.DEDYN.IO;
#Please substitue your.dedyn.io properly!
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
server_name YOUR.DEDYN.IO;
#Please substitue your.dedyn.io properly!
root /var/www/nextcloud/;
access_log /var/log/nginx/nextcloud.access.log main;
error_log /var/log/nginx/nextcloud.error.log warn;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10240M;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ \.(?:flv|mp4|mov|m4a)$ {
mp4;
mp4_buffer_size 100m;
mp4_max_buffer_size 1024m;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache NEXTCLOUD;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
expires 360d;
}
}

Reverse Proxy configuration for Nextcloud (nextcloud.conf):

fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
map $request_uri $skip_cache {
 default 1;
 ~*/thumbnail.php 0;
 ~*/apps/galleryplus/ 0;
 ~*/apps/gallery/ 0;
}
server {
server_name 127.0.0.1;
listen 127.0.0.1:82 default_server;
include /etc/nginx/proxy.conf;
root /var/www/nextcloud/;
access_log /var/log/nginx/nextcloud.access.log main;
error_log /var/log/nginx/nextcloud.error.log warn;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10240M;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ \.(?:flv|mp4|mov|m4a)$ {
mp4;
mp4_buffer_size 100m;
mp4_max_buffer_size 1024m;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache NEXTCLOUD;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
expires 360d;
}
}

In future just re-run this procedure to upgrade your enhanced NGINX Webserver if new NGINX releases will be announced.

All your *.conf-files will remain in /etc/nginx/(conf.d) while upgrading or re-installing NGINX!


Carsten Rieger

8 Responses

  1. Karsten says:

    Hi Carsten,
    you might want to check the repsoitories, as according to https://nginx.org/en/linux_packages.html#stable the corect ones don’t have “mainline” in them.
    Greetings

    • As well the “Pre-Built Packages for Mainline version” as the “Pre-Built Packages for Stable version” exists? Sorry, I guess I do not get your right. Cheers, Carsten

  2. Renate says:

    Thanks Carsten. The addition at the top of Nextcloud.conf fixed my issue with fast_CGI and NGINX

  3. Also works for armhf (ODROID XU3/XU4 series)

  4. Marcel says:

    Hi Carsten, does this work as well for AMD as for ARM64?

    • Dear Marcel, yes – this procedure will work fine for both nginx
      arm64 (nginx_1.13.9-1~xenial_arm64.deb)and
      amd64 (nginx_1.13.9-1~xenial_amd64.deb)
      on an Ubuntu x64 system. Cheers, Carsten