Amazon Linux NGINX 1.9 or lower

Requirements

Our distribution release depends on the EPEL repository. You will need to ensure your system also has it installed.

For Red Hat CentOS 6, we currently only support Amazon Linux 2018.03 or earlier.

Add the package repositories

Add the version of the Red Hat CentOS package repository that you want to use.

Red Hat CentOS 7

sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/7/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Red Hat CentOS 6

Note: After Q2 2017, RHEL6 and CentOS 6 will exit Production Phase 2 according to the Red Hat Enterprise Linux Life Cycle. Only limited critical security fixes will be issued. You will need to review the lifecycle document for details and plan appropriately.

sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/6/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Enable Lua for NGINX

Some older versions of NGINX don’t support native loading of Lua modules. Therefore, we require NGINX to be built with the third-party ngx_lua module. Because most older versions of NGINX do not support dynamically loadable modules, you will likely need to rebuild NGINX from source.

To assist you, we provide pre-built drop-in replacement NGINX packages already built with the ngx_lua module. This is intended for users who prefer not to build from source, or who either use a distribution-provided package or an official NGINX provided package. These pre-built packages are built to support much older distributions and are not gpg signed.

Flavors

We support three flavors of NGINX. These flavors are based on what upstream package we’ve based our builds on. All our package flavors are built according to the official upstream maintainer’s build configuration with the addition of the ngx_lua and ngx_devel_kit modules.

Our provided flavors are:

• Distribution - The distribution flavor is based on the official distribution-provided NGINX packages. For Debian-based Linux distributions (Red Hat and Debian) these are the based off the official Debian NGINX packages. For Red Hat based Linux distributions we’ve based them off the EPEL packages as neither Red Hat or CentOS ship an NGINX package in their default distribution.
• Stable - The stable flavor is based off the official NGINX.org stable package releases.
• Mainline - The mainline flavor is based off the official NGINX.org mainline package releases.

Flavor version support

The following versions are contained in the various OS and flavor packages:

The versions are dependent on the upstream package maintainer’s supported version.

Yum repository setup for Amazon Linux 2015.09.01

1. Create a file /etc/yum.repos.d/sigsci_nginx.repo with the following contents:

   • Distribution (Amazon Linux 2015.09.01) flavor

     Note: Our distribution release depends on the EPEL repository, you will need to ensure your system also has it installed.

     [sigsci_nginx]
     name=sigsci_nginx
     priority=1
     baseurl=https://yum.signalsciences.net/nginx/distro/el6/$basearch
     repo_gpgcheck=1
     gpgcheck=0
     enabled=1
     gpgkey=https://yum.signalsciences.net/nginx/gpg.key
     sslverify=1
     sslcacert=/etc/pki/tls/certs/ca-bundle.crt
     
     [sigsci-nginx-noarch]
     name=sigsci_nginx_noarch
     priority=1
     baseurl=https://yum.signalsciences.net/nginx/distro/el6/noarch
     repo_gpgcheck=1
     gpgcheck=0
     enabled=1
     gpgkey=https://yum.signalsciences.net/nginx/gpg.key
     sslverify=1
     sslcacert=/etc/pki/tls/certs/ca-bundle.crt
     

   • Stable (Amazon Linux 2015.09.01) flavor

     [sigsci_nginx]
     name=sigsci_nginx
     priority=1
     baseurl=https://yum.signalsciences.net/nginx/stable/el6/$basearch
     repo_gpgcheck=1
     gpgcheck=0
     enabled=1
     gpgkey=https://yum.signalsciences.net/nginx/gpg.key
     sslverify=1
     sslcacert=/etc/pki/tls/certs/ca-bundle.crt
     

   • Mainline (Amazon Linux 2015.09.01) flavor

     [sigsci_nginx]
     name=sigsci_nginx
     priority=1
     baseurl=https://yum.signalsciences.net/nginx/mainline/el6/$basearch
     repo_gpgcheck=1
     gpgcheck=0
     enabled=1
     gpgkey=https://yum.signalsciences.net/nginx/gpg.key
     sslverify=1
     sslcacert=/etc/pki/tls/certs/ca-bundle.crt
     

2. Rebuild the yum cache for the Signal Sciences repository.

   yum -q makecache -y --disablerepo=* --enablerepo=sigsci_*
   

3. Install the version of NGINX provided by Signal Sciences.

   yum install nginx
   

Check Lua is loaded correctly

To verify Lua has been loaded properly, load the following config (sigsci_check_lua.conf) with NGINX:

# Config just to test for lua jit support
#
# Test from commandline as follows:
# nginx -t -c <explicit path>/sigsci_check_lua.conf
#

# The following load_module directives are required if you have installed
# any of: nginx110-lua-module, nginx111-lua-module, or nginx-lua-module
# for your nginx.org installation.
# Also, for some nginx-1.10.nn installed from nginx-extras package, you may
# need to specify the load directives.
# Given the above uncomment the following:
#
# load_module modules/ndk_http_module.so;
# load_module modules/ngx_http_lua_module.so;

events {
    worker_connections 768;
    # multi_accept on;
}
http {
init_by_lua '

local m = {}
local ngx_lua_version = "dev"

if ngx then
  -- if not in testing environment
  ngx_lua_version = tostring(ngx.config.ngx_lua_version)
  ngx.log(ngx.STDERR, "INFO:", " Check for jit: lua version: ", ngx_lua_version)
end

local r, jit = pcall(require, "jit")
if not r then
  error("ERROR: No lua jit support: No support for SigSci Lua module")
else

  if jit then
    m._SERVER_FLAVOR = ngx_lua_version .. ", lua=" .. jit.version
    if os.getenv("SIGSCI_NGINX_DISABLE_JIT") == "true" then
      nginx.log(ngx.STDERR, "WARNING:", "Disabling lua jit because env var: SIGSCI_NGINX_DISABLE_JIT=", "true")
    end
    ngx.log(ngx.STDERR, "INFO:", " Bravo! You have lua jit support=", m._SERVER_FLAVOR)
  else
    error("ERROR: No luajit support: No support for SigSci")
  end

end

';

}

If the config is successfully loaded, the above script will create the following output:

$ nginx -t -c <your explicit path>/sigsci_check_lua.conf

nginx: [] [lua] init_by_lua:9: INFO: Check for jit: lua version: 10000
nginx: [] [lua] init_by_lua:22: INFO: Bravo! You have lua jit support=10000, lua=LuaJIT 2.0.4
nginx: the configuration file <your explicit path>/sigsci_check_lua.conf syntax is ok
nginx: configuration file <your explicit path>/sigsci_check_lua.conf test is successful

Install the NGINX module

1. Install the module with yum.

   sudo yum install sigsci-module-nginx
   

2. Add the following to your NGINX configuration file (located by default at /etc/nginx/nginx.conf) in the http context:

   include "/opt/sigsci/nginx/sigsci.conf";
   

3. Restart the NGINX service to initialize the new module.

   • Amazon Linux 2

     systemctl restart nginx
     

   • Amazon Linux 2015.09.01

     restart nginx