Important Notes

• Environment: This guide assumes you are running on an Enterprise Linux 8 distribution (e.g., RHEL8, Oracle Linux 8, AlmaLinux 8, or Rocky Linux 8).
• Configuration Files: Make sure to update all HTTPS server blocks. Your configuration may reside in the main file (/etc/nginx/nginx.conf) or in files under /etc/nginx/conf.d/. Adjust the commands below if your files are stored on custom mounts or non‑default paths.
• Configuration Details: Verify your NGINX configuration details and back up your settings before proceeding.

Why Upgrade NGINX?

Upgrading NGINX brings several benefits that directly impact your environment, especially if your JetPatch connector relies on NGINX for HTTP request handling:

• Improved HTTP Request Handling: Newer NGINX versions optimize request processing and load balancing, resulting in faster, more reliable communication between your connector and JetPatch.
• Enhanced Security: Latest versions include patched vulnerabilities, stronger TLS/SSL defaults, and removal of deprecated insecure directives.
• Better Performance: Upgrades offer enhanced caching, reduced latency, and improved resource utilization, which benefits high-traffic environments.

NGINX Upgrade Guide on Enterprise Linux 8

This guide outlines the complete process to upgrade NGINX to the latest N-1 stable version (currently: 1.26.x) on Enterprise Linux 8 and includes optional hardening steps to improve security and performance.

1. Check the Current NGINX Version

Verify your installed version:

nginx -v

If your version is below 1.21.x, you must update your HTTPS configuration as detailed in Step 2.

2. Pre‑Upgrade SSL Configuration (If Upgrading from a Version Below 1.21.x)

If your HTTPS server blocks use the old syntax, for example, in /etc/nginx/nginx.conf or files under /etc/nginx/conf.d/, update them as follows:

Before:

server {
listen 443;
ssl on;
# other SSL settings...
}

After:

server {
listen 443 ssl;
# other SSL settings...
# ssl on; <-- remove or comment out
}

Make sure to update all HTTPS server blocks.

3. Backup Your NGINX Configuration

Back up your configuration and related files to avoid data loss:

sudo cp -r /etc/nginx /tmp/nginx_backup

Note: If you use a custom configuration directory (e.g., /custom/nginx/conf), adjust the path accordingly.

4. Stop the NGINX Service

Stop NGINX to avoid conflicts during the upgrade:

sudo systemctl stop nginx

5. Add the NGINX Repository

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

(This repository works for RHEL8 and its derivatives (OL, Alma, Rocky).)

Refresh the repository cache:

sudo yum makecache

6. Install NGINX

Install the latest stable N-1 version (recommended: 1.26.x):

sudo yum install nginx

Approve any prompts to replace your current package if needed.

7. Verify the Upgraded NGINX Version

Check the new version:

nginx -v

It should now display version 1.26.x 

8. (Only If Needed) Restore and Merge Your Configuration 

Note: If your configuration was overwritten or reset during installation:

• Restore from Backup:

  sudo cp -r /tmp/nginx_backup/* /etc/nginx/

• Merge Configurations:
  Compare your backup with any new default config files (e.g., /etc/nginx/nginx.conf.rpmnew) and merge changes, ensuring your SSL updates remain intact.

Test the configuration:

sudo nginx -t

Fix any errors before proceeding.

9. Start the NGINX Service

Start NGINX:

sudo systemctl start nginx

Verify its status:

sudo systemctl status nginx

Troubleshooting

• For upgrade errors, use the --verbose flag and review logs in /var/log/nginx/.
• Ensure file permissions and SELinux contexts are correct if using custom mounts.
• If NGINX fails to start, run nginx -t to diagnose configuration issues.

Recommended: NGINX Hardening

See dedicated KC.