Upgrading Nginx to the latest version on Ubuntu servers

created on 14 April 2014 and tagged under nginx upgrade server

It has been years since we touched Apache. For the last few years, each and every one of our servers has had Nginx running on it. The last of our server which still runs apache is the one which runs our old website vxtindia.com.

If you're running nginx on an Ubuntu box, you would soon find out that the default version of Ubuntu packed with the OS is really really old. For example, the most popular version in use right now is 12.04 LTS Precise Pangolin, and it ships with Nginx version 1.1.19. Just to put that in perspective, the latest stable release as of today (14 April 2014) is 1.4.7 and the Preview release is at 1.5.13.

Here are some major issues which have been discovered in 1.1.19 after it's release

CVE-2014-0133 CVE-2013-0337 CVE-2013-2070 CVE-2013-4547

All this means is that you need to be running the latest version of Nginx to avoid the security problems. This post is about how to do that.

The first thing is to find out which version are you on. Here's how you do it

nginx -v

It should show you something like

nginx version: nginx/1.1.19

Now that we know that we need to upgrade, the first thing to do is to backup your configuration

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.1.1.19.backup

Ok, moving on, first stop the nginx service

sudo service nginx stop

Install the dependencies

sudo aptitude install python-software-properties

Add the repository for the stable version of Nginx

sudo add-apt-repository ppa:nginx/stable

Now the usual stuff, update aptitude and upgrade it

sudo aptitude update
sudo aptitude safe-upgrade

When it asks you if you want to keep using the old config or get the new config, please select Y(es) and get the latest config. Finally, restart nginx

sudo service nginx restart

If you ask nginx what version its on, here's what it would say

nginx -v
nginx version: nginx/1.4.7

That's it. Now you have the latest version of Nginx running on your servers.

P.S. Special thanks to Detectify for helping us figure out which of our servers were not in good shape, and the security issues that we faced with each version.

- Sudhanshu Raheja

We help companies create loveable apps for iOS, Android and the Web. If you would like to contact us for a consulation, a quote or to take us out for a beer, you can send us an email at pune@leftshift.io

Like this post? Subscribe to our newsletter