Mercurial > hg > nginx-site

view xml/en/linux_packages.xml @ 3025:5cfaf094e2a0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Linux packages: documented nginx-module-otel package.
author Konstantin Pavlov <thresh@nginx.com>
date Tue, 24 Oct 2023 15:16:17 -0700
parents 1ad61bfc7630
children cc6b36cd17d6
line wrap: on
line source

<!--
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE article SYSTEM "../../dtd/article.dtd">

<article name="nginx: Linux packages"
         link="/en/linux_packages.html"
         lang="en"
         rev="91">

<section name="Supported distributions and versions" id="distributions">

<para>
nginx packages are available for the following Linux distributions and
versions:
</para>

<para>
<link id="RHEL">RHEL and derivatives</link>

<table note="yes">

<tr>
<td width="30%">Version</td>
<td>Supported Platforms</td>
</tr>

<tr>
<td width="30%">7.4+</td>
<td>x86_64, aarch64/arm64</td>
</tr>

<tr>
<td width="30%">8.x</td>
<td>x86_64, aarch64/arm64, s390x</td>
</tr>

<tr>
<td width="30%">9.x</td>
<td>x86_64, aarch64/arm64, s390x</td>
</tr>

</table>
</para>

<para>
<link id="Debian">Debian</link>

<table note="yes">

<tr>
<td width="30%">Version</td>
<td>Supported Platforms</td>
</tr>

<tr>
<td width="30%">11.x “bullseye”</td>
<td>x86_64, aarch64/arm64</td>
</tr>

<tr>
<td width="30%">12.x “bookworm”</td>
<td>x86_64, aarch64/arm64</td>
</tr>

</table>
</para>

<para>
<link id="Ubuntu">Ubuntu</link>

<table note="yes">

<tr>
<td width="30%">Version</td>
<td>Supported Platforms</td>
</tr>

<tr>
<td width="30%">20.04 “focal”</td>
<td>x86_64, aarch64/arm64, s390x</td>
</tr>

<tr>
<td width="30%">22.04 “jammy”</td>
<td>x86_64, aarch64/arm64, s390x</td>
</tr>

<tr>
<td width="30%">23.04 “lunar”</td>
<td>x86_64, aarch64/arm64</td>
</tr>

</table>
</para>

<para>
<link id="SLES">SLES</link>

<table note="yes">

<tr>
<td width="30%">Version</td>
<td>Supported Platforms</td>
</tr>

<tr>
<td width="30%">12 SP5+</td>
<td>x86_64</td>
</tr>

<tr>
<td width="30%">15 SP2+</td>
<td>x86_64</td>
</tr>

</table>
</para>

<para>
<link id="Alpine">Alpine</link>

<table note="yes">

<tr>
<td width="30%">Version</td>
<td>Supported platforms</td>
</tr>

<tr>
<td width="30%">3.15</td>
<td>x86_64, aarch64/arm64</td>
</tr>

<tr>
<td width="30%">3.16</td>
<td>x86_64, aarch64/arm64</td>
</tr>

<tr>
<td width="30%">3.17</td>
<td>x86_64, aarch64/arm64</td>
</tr>

<tr>
<td width="30%">3.18</td>
<td>x86_64, aarch64/arm64</td>
</tr>

</table>
</para>

<para>
<link id="Amazon-Linux">Amazon Linux</link>

<table note="yes">

<tr>
<td width="30%">Version</td>
<td>Supported platforms</td>
</tr>

<tr>
<td width="30%">2 (LTS)</td>
<td>x86_64, aarch64/arm64</td>
</tr>

<tr>
<td width="30%">2023</td>
<td>x86_64, aarch64/arm64</td>
</tr>

</table>
</para>

<para>
Packages for RHEL 7 and SLES 12 are built without
<link doc="docs/http/ngx_http_v3_module.xml">HTTP/3 support</link>
because OpenSSL used by those doesn't support TLSv1.3.
</para>

</section>


<section name="Installation instructions" id="instructions">

<para>
Before you install nginx for the first time on a new machine, you need to
set up the nginx packages repository.
Afterward, you can install and update nginx from the repository.
</para>

<section name="RHEL and derivatives" id="RHEL">

<para>
This section applies to Red Hat Enterprise Linux and its derivatives such as
CentOS, Oracle Linux, Rocky Linux, AlmaLinux.
</para>

<para>
Install the prerequisites:
<programlisting>
sudo yum install yum-utils
</programlisting>

To set up the yum repository, create the file named
<path>/etc/yum.repos.d/nginx.repo</path>
with the following contents:

<programlisting>
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
</programlisting>

By default, the repository for stable nginx packages is used.
If you would like to use mainline nginx packages,
run the following command:
<programlisting>
sudo yum-config-manager --enable nginx-mainline
</programlisting>

To install nginx, run the following command:
<programlisting>
sudo yum install nginx
</programlisting>

When prompted to accept the GPG key, verify that the fingerprint matches
<command>573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62</command>,
and if so, accept it.
</para>

</section>


<section name="Debian" id="Debian">

<para>
Install the prerequisites:
<programlisting>
sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
</programlisting>
</para>

<para>
Import an official nginx signing key so apt could verify the packages
authenticity.
Fetch the key:
<programlisting>
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
</programlisting>

Verify that the downloaded file contains the proper key:
<programlisting>
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
</programlisting>

The output should contain the full fingerprint
<command>573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62</command>
as follows:
<programlisting>
pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key &lt;signing-key@nginx.com&gt;
</programlisting>
If the fingerprint is different, remove the file.
</para>

<para>
To set up the apt repository for stable nginx packages,
run the following command:
<programlisting>
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
</programlisting>

If you would like to use mainline nginx packages,
run the following command instead:
<programlisting>
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
</programlisting>
</para>

<para>
Set up repository pinning to prefer our packages over
distribution-provided ones:
<programlisting>
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
</programlisting>
</para>

<para>
To install nginx, run the following commands:
<programlisting>
sudo apt update
sudo apt install nginx
</programlisting>
</para>

</section>


<section name="Ubuntu" id="Ubuntu">

<para>
Install the prerequisites:
<programlisting>
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
</programlisting>
</para>

<para>
Import an official nginx signing key so apt could verify the packages
authenticity.
Fetch the key:
<programlisting>
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
</programlisting>

Verify that the downloaded file contains the proper key:
<programlisting>
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
</programlisting>

The output should contain the full fingerprint
<command>573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62</command>
as follows:
<programlisting>
pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key &lt;signing-key@nginx.com&gt;
</programlisting>
If the fingerprint is different, remove the file.
</para>

<para>
To set up the apt repository for stable nginx packages,
run the following command:
<programlisting>
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
</programlisting>

If you would like to use mainline nginx packages,
run the following command instead:
<programlisting>
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
</programlisting>
</para>

<para>
Set up repository pinning to prefer our packages over
distribution-provided ones:
<programlisting>
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
</programlisting>
</para>

<para>
To install nginx, run the following commands:
<programlisting>
sudo apt update
sudo apt install nginx
</programlisting>
</para>

</section>


<section name="SLES" id="SLES">

<para>
Install the prerequisites:
<programlisting>
sudo zypper install curl ca-certificates gpg2
</programlisting>

To set up the zypper repository for stable nginx packages,
run the following command:
<programlisting>
sudo zypper addrepo --gpgcheck --type yum --refresh --check \
    'http://nginx.org/packages/sles/$releasever_major' nginx-stable
</programlisting>

If you would like to use mainline nginx packages,
run the following command instead:
<programlisting>
sudo zypper addrepo --gpgcheck --type yum --refresh --check \
    'http://nginx.org/packages/mainline/sles/$releasever_major' nginx-mainline
</programlisting>

Next, import an official nginx signing key so zypper/rpm could verify
the packages authenticity.
Fetch the key:
<programlisting>
curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
</programlisting>

Verify that the downloaded file contains the proper key:
<programlisting>
gpg --with-fingerprint /tmp/nginx_signing.key
</programlisting>

The output should contain the full fingerprint
<command>573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62</command>
as follows:
<programlisting>
pub  2048R/7BD9BF62 2011-08-19 [expires: 2024-06-14]
      Key fingerprint = 573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62
uid nginx signing key &lt;signing-key@nginx.com&gt;
</programlisting>

Finally, import the key to the rpm database:
<programlisting>
sudo rpmkeys --import /tmp/nginx_signing.key
</programlisting>

To install nginx, run the following command:
<programlisting>
sudo zypper install nginx
</programlisting>
</para>

</section>


<section name="Alpine" id="Alpine">

<para>
Install the prerequisites:
<programlisting>
sudo apk add openssl curl ca-certificates
</programlisting>

To set up the apk repository for stable nginx packages,
run the following command:
<programlisting>
printf "%s%s%s%s\n" \
    "@nginx " \
    "http://nginx.org/packages/alpine/v" \
    `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
    "/main" \
    | sudo tee -a /etc/apk/repositories
</programlisting>

If you would like to use mainline nginx packages,
run the following command instead:
<programlisting>
printf "%s%s%s%s\n" \
    "@nginx " \
    "http://nginx.org/packages/mainline/alpine/v" \
    `egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
    "/main" \
    | sudo tee -a /etc/apk/repositories
</programlisting>

Next, import an official nginx signing key so apk could verify
the packages authenticity.
Fetch the key:
<programlisting>
curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub
</programlisting>

Verify that downloaded file contains the proper key:
<programlisting>
openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout
</programlisting>

The output should contain the following modulus:
<programlisting>
Public-Key: (2048 bit)
Modulus:
    00:fe:14:f6:0a:1a:b8:86:19:fe:cd:ab:02:9f:58:
    2f:37:70:15:74:d6:06:9b:81:55:90:99:96:cc:70:
    5c:de:5b:e8:4c:b2:0c:47:5b:a8:a2:98:3d:11:b1:
    f6:7d:a0:46:df:24:23:c6:d0:24:52:67:ba:69:ab:
    9a:4a:6a:66:2c:db:e1:09:f1:0d:b2:b0:e1:47:1f:
    0a:46:ac:0d:82:f3:3c:8d:02:ce:08:43:19:d9:64:
    86:c4:4e:07:12:c0:5b:43:ba:7d:17:8a:a3:f0:3d:
    98:32:b9:75:66:f4:f0:1b:2d:94:5b:7c:1c:e6:f3:
    04:7f:dd:25:b2:82:a6:41:04:b7:50:93:94:c4:7c:
    34:7e:12:7c:bf:33:54:55:47:8c:42:94:40:8e:34:
    5f:54:04:1d:9e:8c:57:48:d4:b0:f8:e4:03:db:3f:
    68:6c:37:fa:62:14:1c:94:d6:de:f2:2b:68:29:17:
    24:6d:f7:b5:b3:18:79:fd:31:5e:7f:4c:be:c0:99:
    13:cc:e2:97:2b:dc:96:9c:9a:d0:a7:c5:77:82:67:
    c9:cb:a9:e7:68:4a:e1:c5:ba:1c:32:0e:79:40:6e:
    ef:08:d7:a3:b9:5d:1a:df:ce:1a:c7:44:91:4c:d4:
    99:c8:88:69:b3:66:2e:b3:06:f1:f4:22:d7:f2:5f:
    ab:6d
Exponent: 65537 (0x10001)
</programlisting>

Finally, move the key to apk trusted keys storage:
<programlisting>
sudo mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/
</programlisting>

To install nginx, run the following command:
<programlisting>
sudo apk add nginx@nginx
</programlisting>

The <literal>@nginx</literal> tag should also be specified when installing
packages with <link url="#dynmodules">dynamic modules</link>:
<programlisting>
sudo apk add nginx-module-image-filter@nginx nginx-module-njs@nginx
</programlisting>
</para>

</section>


<section name="Amazon Linux" id="Amazon-Linux">

<para>
Install the prerequisites:
<programlisting>
sudo yum install yum-utils
</programlisting>

To set up the yum repository for Amazon Linux 2, create the file named
<path>/etc/yum.repos.d/nginx.repo</path>
with the following contents:

<programlisting>
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/amzn2/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
priority=9

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn2/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
priority=9
</programlisting>

To set up the yum repository for Amazon Linux 2023, create the file named
<path>/etc/yum.repos.d/nginx.repo</path>
with the following contents:

<programlisting>
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/amzn/2023/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
priority=9

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn/2023/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
priority=9
</programlisting>

By default, the repository for stable nginx packages is used.
If you would like to use mainline nginx packages,
run the following command:
<programlisting>
sudo yum-config-manager --enable nginx-mainline
</programlisting>

To install nginx, run the following command:
<programlisting>
sudo yum install nginx
</programlisting>

When prompted to accept the GPG key, verify that the fingerprint matches
<command>573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62</command>,
and if so, accept it.
</para>

</section>

</section>


<section name="Source Packages" id="sourcepackages">

<para>
Packaging sources can be found in the
<link url="http://hg.nginx.org/pkg-oss">packaging sources repository</link>.
</para>

<para>
The <literal>default</literal> branch holds packaging sources for the current
mainline version, while <literal>stable-*</literal> branches contain latest
sources for stable releases.
To build binary packages, run <command>make</command> in
<path>debian/</path> directory on Debian/Ubuntu, or in
<path>rpm/SPECS/</path> on RHEL and derivatives, SLES, and Amazon Linux, or in
<path>alpine/</path> on Alpine.
</para>

<para>
Packaging sources are distributed under the same
<link url="../LICENSE">2-clause BSD-like license</link>
used by nginx.
</para>

</section>


<section name="Dynamic Modules" id="dynmodules">

<para>
Main nginx package is built with all modules that do not require additional
libraries to avoid extra dependencies.
Since version 1.9.11, nginx supports
<link doc="docs/ngx_core_module.xml" id="load_module">dynamic modules</link>
and the following modules are built as dynamic and shipped as separate
packages:
<programlisting>
nginx-module-geoip
nginx-module-image-filter
nginx-module-njs
nginx-module-perl
nginx-module-xslt
</programlisting>
Additionally, since version 1.25.3, the following module is shipped as a
separate package:
<programlisting>
nginx-module-otel
</programlisting>
</para>

</section>


<section name="Signatures" id="signatures">

<para>
Since our <link doc="../en/pgp_keys.xml">PGP keys</link>
and packages are located on the same server,
they are equally trusted.
It is highly advised to additionally verify
the authenticity of the downloaded PGP key.
PGP has the “Web of Trust” concept,
when a key is signed by someone else’s key,
that in turn is signed by another key and so on.
It often makes possible to build a chain from an arbitrary key
to someone’s key who you know and trust personally,
thus verify the authenticity of the first key in a chain.
This concept is described in details in
<link url="https://www.gnupg.org/howtos/en/GPGMiniHowto-1.html">
GPG Mini Howto</link>.
Our keys have enough signatures,
and their authenticity is relatively easy to check.
</para>

</section>

</article>