Manual Compile of NGINX on CentOS 7

Summary:
Normal NGINX that has been installed from repositories does not forward raw TCP packets. Since programs such as ScreenConnect uses TCP rather than HTTP packets to communicate via relay, TCP proxy support must be enabled for NGINX. One must recompile NGINX with a Proxy Module (e.g. 


SSH into Centos 7 Server
su
yum install gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed patch git
git clone git://github.com/yaoweibin/nginx_tcp_proxy_module
wget http://nginx.org/download/nginx-1.7.9.tar.gz //obtain link from http://nginx.org/download/ (get nginx 1.6 for compatiblity)
tar xvfz nginx-1.7.9.tar.gz
cd nginx-1.7.9
pwd //find path to current directory
patch -p1 < /home/kim/Desktop/temp/nginx_tcp_proxy_module/tcp.patch
./configure --add-module=/home/kim/Desktop/temp/nginx_tcp_proxy_module --user=nginx --group=nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-rtsig_module --with-select_module --with-poll_module --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-cpp_test_module --with-cpu-opt=CPU --with-pcre --with-pcre-jit --with-md5-asm --with-sha1-asm --with-zlib-asm=CPU --with-libatomic --with-debug --with-ld-opt="-Wl,-E"
make
make install


vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
systemctl restart iptables
iptables -nL //check


sudo vim /etc/nginx/nginx.conf
killall -9 nginx // stop nginx
/usr/sbin/nginx -c /etc/nginx/nginx.conf //start nginx
/usr/sbin/nginx -t -c /etc/nginx/nginx.conf -g "pid /var/run/nginx.pid; worker_processes 2;"
ps -ef|grep nginx //check status


sudo vim /etc/nginx/nginx.conf //raise worker processes to 10 and add this
-----------
tcp {
include /etc/nginx/conf.d/*.conf;
}
-----------
sudo vim /etc/nginx/conf.d/tcp.conf //include virtual hosts in server block

---------- sample server block --------------
tcp
{
server
{
listen 443;
server_name help.kimconnect.com;
timeout 180000;
proxy_pass 127.0.0.1:8041;
proxy_connect_timeout 120000;
proxy_send_timeout 120000;
proxy_read_timeout 120000;
proxy_buffer 64k;
}
}
---------- sample server block --------------

Optimization: https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration

How to allow NGINX / Apache to bind to non-local addresses:
$ vim /etc/sysctl.conf
# allow processes to bind to the non-local address
# (necessary for apache/nginx in Amazon EC2)
$ net.ipv4.ip_nonlocal_bind = 1


$ sysctl -p /etc/sysctl.conf //reload sysctl


Set NGINX (that has been installed from source) to start automatically in CentOS


sudo vim /etc/init.d/nginx
------------ Paste this content ------------
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid


# Source function library.
. /etc/rc.d/init.d/functions


# Source networking configuration.
. /etc/sysconfig/network


# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0


nginx="/usr/sbin/nginx"
prog=$(basename $nginx)


NGINX_CONF_FILE="/etc/nginx/nginx.conf"


lockfile=/var/lock/subsys/nginx


start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}


stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}


restart() {
configtest || return $?
stop
start
}


reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}


force_reload() {
restart
}


configtest() {
$nginx -t -c $NGINX_CONF_FILE
}


rh_status() {
status $prog
}


rh_status_q() {
rh_status >/dev/null 2>&1
}


case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
----------------------


Set executable permissions:
sudo chmod +x /etc/init.d/nginx


Set default run levels:
sudo /sbin/chkconfig nginx on


Check run levels:
sudo /sbin/chkconfig --list nginx