This guide walks you through installing the most recent Nginx Mainline build on Rocky Linux 8 and 9, so you can take advantage of TLS‑v1.3 support and HTTP/2 improvements that older EPEL packages miss. It begins by removing any pre‑existing nginx or httpd binaries, then adds the official Nginx repository, enables the powertools stream on EL8, installs the package, verifies the mainline version with `nginx -v`, and finally starts and tests the service with a quick browser check or an OpenSSL command. Before you dive in, make sure you have sudo access, a clean Rocky installation, and that services like Apache are stopped to avoid port conflicts; also keep an eye on SELinux logs if network errors pop up. Once everything is working, your server will run the latest Nginx release with all its performance tweaks and modern security features.

How to Install the Latest Nginx Mainline on Rocky Linux 9 and 8

If you’ve been using the stock EPEL build of Nginx, you’re probably stuck on an old version that doesn’t support TLS‑v1.3 or the latest HTTP/2 tweaks. The official Nginx “Mainline” release gives you those goodies plus faster performance in some cases. This guide walks you through getting that exact package onto Rocky Linux 8 (EL8) and 9 (EL9).

Prerequisites

• A user with sudo privileges or root access.
• A clean installation of Rocky Linux 8 or 9, or at least a system that still runs the default distro packages.

Step 1: Clean Up Any Old Nginx Installations

sudo dnf remove nginx httpd -y

The stock nginx from EPEL is older than what we’ll install. If you leave it around, the system could end up running two different binaries with conflicting config files—like a house that’s half built and half demolished.

Step 2: Add the Official Nginx Repository

sudo dnf install -y https://nginx.org/packages/centos/RHEL-$(rpm -E %rhel)/nginx.repo

This pulls in the official repo file. On EL9 it will point to RHEL-9, on EL8 to RHEL-8. The repo contains the mainline build that we want.

Step 3: Enable the Mainline Module Stream (Only for EL8)

Rocky Linux 8 uses module streams for some packages. If you’re on EL8, make sure you’re pulling the right stream:

sudo dnf config-manager --set-enabled powertools

The powertools repo is where Nginx lives on EL8; it’s a hidden gem that many people forget to enable.

Step 4: Install the Mainline Package

sudo dnf install -y nginx

That single command pulls in the latest mainline build for your OS version. If you’re on EL9, you’ll see nginx-1.26.x or whatever the current release is. On EL8 it will pull the same version but with EL8‑compatible binaries.

Step 5: Verify It’s the Mainline Build

nginx -v

You should see something like:

nginx version: nginx/1.26.0 (mainline)

If you still see “stable” in the output, you’re not actually running mainline—double‑check that you didn’t pull a different repo or an older cached package.

Step 6: Enable and Start the Service

sudo systemctl enable --now nginx

The --now flag starts it immediately. If you get errors, run journalctl -xe | grep nginx to see why—often it’s a config file syntax error or missing TLS certs.

Step 7: Test Your Installation

Open your browser and point it at your server’s IP (or a local test domain). You should see the default Nginx “Welcome” page. If you want to confirm TLS‑v1.3 is working, run:

openssl s_client -connect localhost:443 -tls1_3

You should see Protocol : TLSv1.3 in the output.

Gotchas

• Conflicting Ports: If Apache (httpd) or another web server was left running, you’ll get a “Address already in use” error. Make sure to stop or disable those services.
• SELinux: On some systems SELinux blocks Nginx from reading certain directories. Use setsebool -P httpd_can_network_connect 1 if you run into network errors, or check the audit log for AVC denials.

That’s it—your Rocky Linux machine is now rocking the latest Nginx Mainline build with all its newest features.