NGINX Mainline on Amazon Linux (and Red Hat, and CentOS, and etc.)

NGINX versions on the Mainline branch have a bunch of fun stuff, especially HTTP/2 support. Here's what you need to know to switch.

By Matthew Malinowski, 2015-12-04

2016-03-01: Updated to include note about excluding nginx from other yum repos.

There are two branches of NGINX, Stable and Mainline. Most official package repositories are going to have the latest Stable version -- as of this writing, 1.8.0. Mainline versions are only accessible with a little additional work.

On September 22, 2015, NGINX released version 1.9.5 to Mainline. This version's notable because it added a fully-supported implementation of HTTP/2. In order to add HTTP/2 support to my NGINX-powered sites, I wanted to get NGINX Mainline -- through package management if at all possible.

NGINX themselves maintain repos for both Stable and Mainline, but they only talk about the Stable repo on their install page. The Mainline repos are located at -- poke around in there and you'll find your repo URLs for RHEL and CentOS (as well as Debian, SuSE, and Ubuntu).

To add the NGINX mainline repo for Amazon Linux, create a file named /etc/yum.repos.d/nginx.repo, and paste this:

name=nginx repo

Replace $releasever with your equivalent version -- almost certainly "6" for Amazon Linux, as of this writing.

(Note that NGINX does not sign their packages in their own repos, which is too bad. They have a key for signing, but they don't use it. I already investigated this so you don't have to!)

2016-03-01: You also need to exclude nginx from your other yum repos so it doesn't get overwritten. If you're on Amazon Linux, add exclude=nginx to /etc/yum.repos.d/amzn-main.repo and amzn-updates.repo, and epel.repo too if you have that.

You'll probably need to remove and reinstall NGINX to get to switch to mainline: yum remove nginx && yum install nginx. (If you're worried about losing settings, be sure to backup first: cp -r /etc/nginx /etc/$(date --iso-8601)-nginx.)

If you want to then add HTTP/2 support, like I did, follow the direction's in NGINX's post about this, which basically boil down to: set up HTTPS first, always redirect from 80 to 443, and then just add http2 after ssl on your listen 443 ... lines.

Back to Blog Index...