archlinux/notes/ubuntu-nginx

#!/usr/bin/env bash

# Ubuntu - nginx-mainline
# https://nginx.org/en/linux_packages.html

# Install the prerequisites:

    sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y

# Import an official nginx signing key so apt could verify the packages authenticity. Fetch the key:

    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
        | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

# Verify that the downloaded file contains the proper key:

    gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \
        | grep -q 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 || exit 1

# The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:
# 
#     pub   rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
#           573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
#     uid                      nginx signing key <signing-key@nginx.com>

# Note that the output can contain other keys used to sign the packages.

# # To set up the apt repository for stable nginx packages, run the following command:
# 
#     echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
#     http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
#         | sudo tee /etc/apt/sources.list.d/nginx.list

# If you would like to use mainline nginx packages, run the following command instead:

    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
    http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
        | sudo tee /etc/apt/sources.list.d/nginx.list

# Set up repository pinning to prefer our packages over distribution-provided ones:

    echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
        | sudo tee /etc/apt/preferences.d/99nginx

# To install nginx, run the following commands:

    sudo apt update
    sudo apt install nginx -y
First commit 2025-11-22 23:15:27 +00:00			`#!/usr/bin/env bash`

			`# Ubuntu - nginx-mainline`
			`# https://nginx.org/en/linux_packages.html`

			`# Install the prerequisites:`

			`sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y`

			`# Import an official nginx signing key so apt could verify the packages authenticity. Fetch the key:`

			`curl https://nginx.org/keys/nginx_signing.key \| gpg --dearmor \`
			`\| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null`

			`# Verify that the downloaded file contains the proper key:`

			`gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg \`
			`\| grep -q 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \|\| exit 1`

			`# The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:`
			`#`
			`# pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]`
			`# 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62`
			`# uid nginx signing key <signing-key@nginx.com>`

			`# Note that the output can contain other keys used to sign the packages.`

			`# # To set up the apt repository for stable nginx packages, run the following command:`
			`#`
			`# echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \`
			# http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
			`# \| sudo tee /etc/apt/sources.list.d/nginx.list`

			`# If you would like to use mainline nginx packages, run the following command instead:`

			`echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \`
			http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
			`\| sudo tee /etc/apt/sources.list.d/nginx.list`

			`# Set up repository pinning to prefer our packages over distribution-provided ones:`

			`echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \`
			`\| sudo tee /etc/apt/preferences.d/99nginx`

			`# To install nginx, run the following commands:`

			`sudo apt update`
			`sudo apt install nginx -y`