search close

Amazon Linux NGINX 1.9 or lower

access_time Updated Jun 20, 2021

Add the Package Repositories

First, set up the key and package sources for the Signal Sciences repository:

Note: Our distribution release depends on the EPEL repository, you will need to ensure your system also has it installed.

Note: We are currently supporting Amazon Linux 2018.03 or earlier RHEL6 based OS.

Red Hat CentOS 7

Cut-and-paste the following script:

sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/7/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey
       https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Red Hat CentOS 6

Note: After Q2 2017, RHEL6 and CentOS 6 will exit “Production Phase 2” according to the Red Hat Enterprise Linux Life Cycle. Only limited “critical” security fixes will be issued. You will need to review the lifecycle document for details and plan appropriately.

Cut-and-paste the following script:

sudo tee /etc/yum.repos.d/sigsci.repo <<-'EOF'
[sigsci_release]
name=sigsci_release
baseurl=https://yum.signalsciences.net/release/el/6/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://yum.signalsciences.net/release/gpgkey
       https://dl.signalsciences.net/sigsci-agent/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
EOF

Enabling Lua for NGINX

For older versions of NGINX, we require NGINX to be built with the third party ngx_lua module. As older versions of NGINX do not support dynamically loadable modules you would typically be required to rebuild from source.

To assist customers, we provide pre-built drop in replacements NGINX packages already built with the ngx_lua module. This is intended for customers who prefer not to build from source, or who either use a distribution provided package or an official NGNIX provided package. These pre-built packages are built to support much older distributions and are not gpg signed.

Flavors

We support three “flavors” of NGINX. These flavors are based on what upstream package we’ve based our builds off of. All our package flavors are built according to the official upstream maintainer’s build configuration with the addition of the ngx_lua and ngx_devel_kit modules.

Our provided flavors are:

  • distribution - The distribution flavor is based off the official distribution provided NGINX packages. For Debian-based Linux distributions (Red Hat and Debian) these are the based off the official Debian NGINX packages.

    For Red Hat based Linux distributions we’ve based them off the EPEL packages as neither Red Hat or CENTOS ship an NGINX package in their default distribution.

  • stable - The stable flavor is based off the official nginx.org “stable” package releases.

  • mainline - The mainline flavor is based off the official nginx.org “mainline” package releases.

Flavor Version Matrix

The following version are contained in the various OS and flavor packages:

OS Distribution Stable Mainline
Amazon Linux 2015.09.01 unsupported 1.8.1 1.9.10

The versions are dependent on the upstream package maintainer’s supported version.

Yum repository setup for Amazon Linux 2015.09.01

  1. Create a file /etc/yum.repos.d/sigsci_nginx.repo with the following contents:

    Distribution (Amazon Linux 2015.09.01) flavor

    Note: Our distribution release depends on the EPEL repository, you will need to ensure your system also has it installed.

    [sigsci_nginx]
    name=sigsci_nginx
    priority=1
    baseurl=https://yum.signalsciences.net/nginx/distro/el6/$basearch
    repo_gpgcheck=1
    gpgcheck=0
    enabled=1
    gpgkey=https://yum.signalsciences.net/nginx/gpg.key
    sslverify=1
    sslcacert=/etc/pki/tls/certs/ca-bundle.crt
    
    [sigsci-nginx-noarch]
    name=sigsci_nginx_noarch
    priority=1
    baseurl=https://yum.signalsciences.net/nginx/distro/el6/noarch
    repo_gpgcheck=1
    gpgcheck=0
    enabled=1
    gpgkey=https://yum.signalsciences.net/nginx/gpg.key
    sslverify=1
    sslcacert=/etc/pki/tls/certs/ca-bundle.crt
        

    Stable (Amazon Linux 2015.09.01) flavor

    [sigsci_nginx]
    name=sigsci_nginx
    priority=1
    baseurl=https://yum.signalsciences.net/nginx/stable/el6/$basearch
    repo_gpgcheck=1
    gpgcheck=0
    enabled=1
    gpgkey=https://yum.signalsciences.net/nginx/gpg.key
    sslverify=1
    sslcacert=/etc/pki/tls/certs/ca-bundle.crt
        

    Mainline (Amazon Linux 2015.09.01) flavor

    [sigsci_nginx]
    name=sigsci_nginx
    priority=1
    baseurl=https://yum.signalsciences.net/nginx/mainline/el6/$basearch
    repo_gpgcheck=1
    gpgcheck=0
    enabled=1
    gpgkey=https://yum.signalsciences.net/nginx/gpg.key
    sslverify=1
    sslcacert=/etc/pki/tls/certs/ca-bundle.crt
        
  2. Rebuild the yum cache for the sigsci repository:

    yum -q makecache -y --disablerepo=* --enablerepo=sigsci_*
  3. Install the Signal Sciences provided NGINX

    yum install nginx

Check that Lua is loaded correctly

To verify that Lua has been loaded properly load the following config(ex: sigsci_check_lua.conf) with nginx:

  # Config just to test for lua jit support
#
# Test from commandline as follows:
# nginx -t -c <explicit path>/sigsci_check_lua.conf
#

# The following load_module directives are required if you have installed
# any of: nginx110-lua-module, nginx111-lua-module, or nginx-lua-module
# for your nginx.org installation.
# Also, for some nginx-1.10.nn installed from nginx-extras package, you may
# need to specify the load directives.
# Given the above uncomment the following:
#
# load_module modules/ndk_http_module.so;
# load_module modules/ngx_http_lua_module.so;

events {
    worker_connections 768;
    # multi_accept on;
}
http {
init_by_lua '

local m = {}
local ngx_lua_version = "dev"

if ngx then
  -- if not in testing environment
  ngx_lua_version = tostring(ngx.config.ngx_lua_version)
  ngx.log(ngx.STDERR, "INFO:", " Check for jit: lua version: ", ngx_lua_version)
end

local r, jit = pcall(require, "jit")
if not r then
  error("ERROR: No lua jit support: No support for SigSci Lua module")
else

  if jit then
    m._SERVER_FLAVOR = ngx_lua_version .. ", lua=" .. jit.version
    if os.getenv("SIGSCI_NGINX_DISABLE_JIT") == "true" then
      nginx.log(ngx.STDERR, "WARNING:", "Disabling lua jit because env var: SIGSCI_NGINX_DISABLE_JIT=", "true")
    end
    ngx.log(ngx.STDERR, "INFO:", " Bravo! You have lua jit support=", m._SERVER_FLAVOR)
  else
    error("ERROR: No luajit support: No support for SigSci")
  end

end

';

}

Example of successfully loading the config and its output:

$ nginx -t -c <your explicit path>/sigsci_check_lua.conf

nginx: [] [lua] init_by_lua:9: INFO: Check for jit: lua version: 10000
nginx: [] [lua] init_by_lua:22: INFO: Bravo! You have lua jit support=10000, lua=LuaJIT 2.0.4
nginx: the configuration file <your explicit path>/sigsci_check_lua.conf syntax is ok
nginx: configuration file <your explicit path>/sigsci_check_lua.conf test is successful

Install and Configure the Signal Sciences NGINX Module

  1. Install the module
sudo yum install sigsci-module-nginx
  1. Add the following to your NGINX configuration file in the http context (default: /etc/nginx/nginx.conf)
include "/opt/sigsci/nginx/sigsci.conf";
  1. Restart the NGINX Service to initialize the new module

    Amazon Linux 2

    systemctl restart nginx

    Amazon Linux 2015.09.01

    restart nginx