How to Install Nginx Mainline on Debian 12 or 11

Nginx Mainline is the development branch of the Nginx web server, providing the latest features, updates, and performance improvements ahead of the stable release. It is ideal for developers and administrators who need access to the newest capabilities and enhancements. Nginx Mainline is particularly suited for environments where cutting-edge performance and flexibility are essential, such as high-traffic websites, load balancing, and reverse proxy configurations.

On Debian 12 or 11, you have two primary methods to install Nginx Mainline via the command-line terminal. The first option is using the official apt mirror provided by nginx.org, which ensures you receive the latest updates directly from the Nginx team. Alternatively, you can install Nginx Mainline using the third-party repository maintained by Ondřej Surý, who is known for maintaining up-to-date packages for Nginx and other essential software. This guide will walk you through both methods, allowing you to choose the one that best fits your needs.

Method 1: Install Nginx Mainline via Nginx.org

Nginx Mainline Pre-Installation Steps

Update Debian System Packages

The first step in our guide is ensuring your Debian system is fully updated. This ensures you have the most recent versions of all packages and security patches. To update the package list and the packages themselves, you’ll need first to execute the following command in your terminal:

sudo apt update

To upgrade any outdated packages, run the following command:

sudo apt upgrade

Install Required Packages

Depending on which method you choose to install the latest Nginx mainline version on your Debian system, both methods may require additional packages. The following command will install what is required:

sudo apt install curl gnupg2 ca-certificates lsb-release dirmngr software-properties-common apt-transport-https -y

Most may be installed already, but re-run this command to ensure they are.

Import Nginx.org Nginx Mainline Repository

This method pulls the latest Nginx mainline or stable directly from Nginx.org’s official APT repositories. It is the best option to stay up-to-date immediately when a newer version of Nginx is released.

Import Nginx.org GPG Key

The first step is to download and add the Nginx GPG key. This key is necessary to verify the authenticity of the packages we will install:

curl -fSsL https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null

We will now use the GPG key to validate the key’s successful import:

gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

Assuming the import was successful, you’ll see the output confirming the key’s details.

Example output if successful:

pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key <signing-key@nginx.com>

Import Nginx.org APT Repository

With the GPG key securely in place, we can add the Nginx Mainline or Stable repository to our APT package manager list.

To import the Nginx Mainline repository, use:

echo "deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

Note: This article primarily discusses installing the Nginx mainline. However, I’ve also provided the option to install the latest stable version, which, for many Linux distributions, would constitute a significant upgrade.

Or, for the Nginx Stable repository:

echo "deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

Our next objective is configuring APT pinning to prefer Nginx packages from the nginx.org repository over any packages from the default Debian or other third-party repositories.

We achieve this by using the following command:

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx

Example output:

x\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
Package: *
Pin: origin nginx.org
Pin: release o=nginx
Pin-Priority: 900

At this stage, we need to update our APT repositories to include the new additions:

sudo apt update

Finalize Nginx Mainline Installation

With everything set up correctly, we can now install Nginx:

sudo apt install nginx

After the installation is completed, verifying it was successful is crucial. To confirm the correct installation of Nginx, we can check the installed version:

nginx -v

The command output should reflect the latest Nginx Mainline or Stable version, depending on the one you install.

Method 2: Install Nginx Mainline via Ondřej Surý

The second method uses the well-known third-party repository maintained by Ondřej Surý, who many in the Debian and Ubuntu community know maintains Apache, Nginx, and PHP repositories for upstream releases. This method relies on waiting for him to update when a newer version comes out. It is not as quick as the Nginx.org APT repository, but this version contains additional compiled modules; one is using Brotli.

Import Nginx Mainline

To import the Nginx Mainline repository from the third-party repository, this is straightforward; use the following command:

curl -sSL https://packages.sury.org/nginx-mainline/README.txt | sudo bash -x

For those that prefer switching back to the latest stable or want to use stable instead of mainline, use the following command to import this version:

curl -sSL https://packages.sury.org/nginx/README.txt | sudo bash -x

Ensure you have removed the mainline version to avoid conflicts.

Install Nginx Mainline

Now, you can install Nginx mainline or stable using the following command:

sudo apt install nginx

Confirm Nginx Mainline Installation

With Nginx installed, you can confirm the installation with the following command:

nginx -v

The output should show the version of Nginx installed; if it matches the latest mainline, then you have successfully installed the mainline version.

Additional Nginx Tips with Ondřej Surý Method of Installation

Setup Brotli on Nginx Mainline or Stable

As both versions of Nginx mainline or stable include the brotli module, to install this, use the following command:

sudo apt install libnginx-mod-brotli

Now open your Nginx configuration file:

sudo nano /etc/nginx/nginx.conf

To enable Brotli compression on your Nginx server, you’ll need to add the following configuration in the HTTP block of your nginx.conf configuration file:

brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types application/atom+xml application/javascript application/json application/rss+xml
        application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
        application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
        font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
        image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

Here’s a breakdown of the configuration directives:

  1. brotli on;:
    • This directive enables Brotli compression.
  2. brotli_comp_level 6;:
    • This sets the compression level to 6 (on a scale of 0-11). A higher value will result in better compression but use more CPU resources.
  3. brotli_static on;:
    • This directive tells Nginx to check for pre-compressed files with a .br extension. If such a file exists, it will be served instead of compressing the file on the fly.
  4. brotli_types …;:
    • This directive specifies the MIME types of responses that should be compressed. The long list of types includes various text formats, fonts, and images that benefit from Brotli compression.

Now test the nginx configuration before reloading to ensure no errors are present:

sudo nginx -t

Now test brotli compression with the following command:

curl -I --compressed http://your-server.com/some-path

Here’s a breakdown of the command used:

  • curl: This is the command line tool used to send HTTP requests.
  • -I: This flag tells curl to only fetch the headers.
  • –compressed: This flag tells curl to request compressed content.
  • http://your-server.com/some-path: This is the URL you are testing.

Look for a header in the output that says Content-Encoding: br. This indicates that Brotli compression is being used:

Content-Encoding: br

Conclusion

By installing Nginx Mainline on Debian using either the official apt-mirror from nginx.org or the third-party repository from Ondřej Surý, you’ve equipped your server with the latest and most advanced version of Nginx. This ensures your system can leverage cutting-edge features and performance improvements tailored to your specific environment. Regular updates from your chosen repository will keep Nginx running securely and efficiently. Whether you opt for the official mirror or the third-party repository, maintaining Nginx Mainline will help you stay ahead in web server technology on your Debian system.

Leave a Comment