Building Angie from Source#
We recommend installing Angie from official pre-built packages. However, if you still need your own build:
Download the
.tar.gz
archive from our website:$ curl -O https://download.angie.software/files/angie-1.10.0.tar.gz
Unpack the archive and navigate to the source directory:
$ tar -xpf angie-1.10.0.tar.gz $ cd angie-1.10.0
To prepare the build, use the ./configure script to determine the specific characteristics of the OS where the build occurs, particularly the methods that Angie can use to handle connections. After a successful run, the script creates a
Makefile
.Before running ./configure, review and set the required build options:
$ ./configure <OPTIONS>
When the
Makefile
is ready, build and install Angie:$ make $ make install
Build Options#
General#
Option | Description | Default |
---|---|---|
| Prints a help message. | |
| Sets the name of an unprivileged user whose credentials will be used by
worker processes. After installation, the name can always be changed in
the |
|
| Sets the name of a group whose credentials will be used by
worker processes. After installation, the name can always be changed in
the |
|
| Sets an optional name for the build. | |
| Sets the build directory. |
|
| Specifies the directory for caching build artifacts. | If set without a path, |
Paths#
Option | Description | Default |
---|---|---|
| Defines the directory that will store server files. This same directory
will also be used for all relative paths set by ./configure
(except for paths to library sources) and in the |
|
| Sets the name of the Angie executable. This name is used only during installation. |
|
| Defines the directory where dynamic modules will be installed. |
|
| Sets the name of the |
|
| Sets the name of the primary error, warning, and diagnostic log file.
After installation, the file name can always be changed in the
|
|
| Sets the name of the |
|
| Sets the prefix for lock file names. After installation,
the value can always be changed in the |
|
| Sets the directory to store certificates and keys for
|
|
| Sets the name of the primary request log file for the HTTP server. After
installation, the file name can always be changed in the
|
|
| Defines the directory for storing temporary files that hold client request
bodies. After installation, the directory can always be changed in the
|
|
| Defines the directory for storing temporary files with data received from
proxied servers. After installation, the directory can always be changed
in the |
|
| Defines the directory for storing temporary files with data received from
FastCGI servers. After installation, the directory can always be changed
in the |
|
| Defines the directory for storing temporary files with data received from
uWSGI servers. After installation, the directory can always be changed in
the |
|
| Defines the directory for storing temporary files with data received from
SCGI servers. After installation, the directory can always be changed in
the |
|
Features and dependencies#
| Enables or disables building a module that allows the server to work with
the |
| Enables or disables building a module that allows the server to work with
the |
| Enables the use of thread pools. |
| Enables the use of asynchronous file I/O (AIO) on FreeBSD and Linux. |
| Enables the debugging log. |
| Disables the HTTP cache. |
| Enables the use of the PCRE library. The optional parameter sets the path to the sources of the PCRE library. The library distribution needs to be downloaded from the PCRE site and extracted. The rest is done by Angie's ./configure and make commands. The library is required for regular expression support in the
|
| Sets additional build parameters for PCRE. |
| Builds the PCRE library with JIT compilation support (the pcre_jit directive). |
| Disables the use of the PCRE library. |
| Disables the use of the PCRE2 library instead of the original PCRE library. |
| Enables building with the libatomic_ops library. The optional parameter sets the path to the library sources. |
| Enables static building and sets the path to the OpenSSL library sources. |
| Sets additional build parameters for OpenSSL. |
| Enables NTLS support in the HTTP module (server-side, client-side) and stream module (server-side, client-side) when building with an SSL library that supports NTLS. |
| Sets the path to the sources of the zlib library. The library distribution (version 1.1.3 — 1.2.11) needs to be downloaded from the zlib site and extracted. The rest is done by Angie's ./configure and make commands. The library is required for the GZip module. |
| Sets additional build parameters for zlib. |
| Enables the use of assembly optimizations for building zlib,
optimized for one of the following processors: |
Enabling and Disabling Modules#
You can disable modules that are enabled by default, or enable modules
that are available by default but disabled. Enabling additional modules: Enables building the ACME module,
which enables the ACME protocol. Enables building the Addition module that allows adding text
before and after a response. Enables building the Auth Request module that provides
client authorization capability based on the result of a subrequest. Enables building the DAV module
intended for automating file management tasks on the server via the
WebDAV protocol. Enables building the Degradation module that allows returning HTTP status
codes 204 or 444 for certain This module can only be used in cases where Enables building the FLV module
that provides server-side pseudo-streaming support for Flash
Video (FLV) files. Enables building the GeoIP module that creates variables whose
values are determined based on the client's IP address and ready-made
MaxMind databases. Enables building the GunZIP module that allows decompressing
responses with Enables building the Gzip Static module that allows serving
a precompressed file with the same name and the Enables building the Image Filter module that allows
transforming images in JPEG, GIF, PNG, and WebP formats. Enables building the MP4 module
that provides server-side pseudo-streaming support for MP4 format files. Enables building the Perl module. Sets the directory where Perl module files will be located. Sets the name of the Perl executable file. Enables building the Random Index module that serves requests
ending with a slash ( Enables building the RealIP module that allows changing the
client address to the one passed in the specified header field. Enables building the Secure Link module. Enables building the Slice module that allows splitting a request into
subrequests, each returning a specific range of the response.
The module provides efficient caching of large responses. Enables SSL support for the
HTTP server. The OpenSSL library is required for this module. Enables building the Stub Status module that provides access to
basic server status information. Enables building the Sub module
that allows modifying one specified string in the response to another. Enables the HTTP/2 module. Enables the HTTP/3 module. Note For building, it is strongly recommended to use an SSL library
that supports the QUIC protocol: Building with BoringSSL: Building with LibreSSL: Building with QuicTLS: Without this, the OpenSSL library will be used in compatibility mode, where
early data sending is not
supported and other features are missing, such as session reuse. Such a
build will be able to interact only with clients and servers
using OpenSSL in the same mode. Enables building the XSLT module that allows transforming
XML responses using XSLT stylesheets. The libxml2 and libxslt libraries are required
for this module. Enables building the Google PerfTools module that provides support
for profiling Angie worker processes using Google Performance
Tools. The module is intended
for Angie developers. Disabling standard modules: Disables the HTTP server. Disables the Access module
that allows limiting access to certain client addresses. Disables the API module that
provides a RESTful HTTP interface for accessing JSON-based information
about the web server instance. Disables the Auth Basic
module that allows limiting access to resources by validating the user
name and password using the HTTP Basic Authentication protocol. Disables the AutoIndex
module that processes requests ending with the slash character
( Disables the Browser
module that creates variables whose values depend on the value of the
Disables the Charset
module that adds the specified charset to the Disables the module
that emits a single-pixel transparent GIF. Disables the FastCGI
module that passes requests to a FastCGI server. Disables the Geo module that
creates variables with values depending on the client IP address. Disables the module that
compresses the HTTP server responses. The zlib library is required to build and run this module. Disables the gRPC module that
passes requests to a gRPC server. Disables the Limit Conn
module that limits the number of connections per key, for example, the
number of connections from a single IP address. Disables the Limit Req
module that limits the request processing rate per key, for example, the
processing rate of requests coming from a single IP address. Disables the Map module that
creates variables with values depending on the values of other variables. Disables the Memcached
module that obtains responses from a memcached server. Disables the Mirror module
that implements mirroring of an original request by creating background
mirror subrequests. Disables the Prometheus
module of the HTTP server. Disables the Proxy module of the HTTP server. Disables the Referer
module that can block access to a site for requests with invalid values
in the Disables the Rewrite
module that allows the HTTP server to redirect requests and change their
URIs. The PCRE library is required to build and run this module. Disables the SCGI module that
passes requests to an SCGI server. Disables the Split Clients module that creates
variables for A/B testing. Disables the SSI module that
processes SSI (Server Side Includes) commands in responses passing
through it. Disables the module that implements the hash load
balancing method. Disables the module that implements the ip_hash load
balancing method. Disables the module that provides connection caching to upstream servers. Disables the module that implements the least_conn
load balancing method. Disables the module that implements the random load
balancing method. Disables the module that implements session persistence, ensuring all requests in the client session are passed to
the same backend server in the upstream. Disables the module that allows storing the run-time state of an upstream
in a shared memory zone. Disables the UserID module
that sets cookies suitable for client identification. Disables the uWSGI module
that passes requests to a uWSGI server. Enabling additional modules: Enables building the ACME module,
which enables the ACME protocol. Enables the GeoIP module
that creates variables depending on the client IP address and the
precompiled MaxMind databases. Enables the MQTT Preread module that allows
extracting client IDs and usernames from Enables the RDP Preread module that allows
extracting cookies from RDP sessions. Enables the RealIP module
that changes the client address to the address sent in the PROXY protocol
header. Enables SSL support for the
Streaming server. The OpenSSL library is required to build and run this module. Enables the SSL Preread module that allows
extracting information from ClientHello
messages without terminating SSL/TLS. Disabling standard modules: Disables the Geo module that
creates variables with values depending on the client IP address. Disables the Limit Conn module that limits the
number of connections per key, for example, the number of connections
from a single IP address. Disables the Map module that
creates variables with values depending on values of other variables. Disables the Return
module that sends the specified value to the client and then closes the
connection. Disables the Set module that
sets a value for a variable. Disables the Split Clients module that creates
variables for A/B testing. Disables the module that implements the hash load
balancing method. Disables the module that implements the least_conn load balancing method. Disables the module that implements the random load
balancing method. Disables the module that enables storing the run-time state of an
upstream in a shared memory zone. Enabling additional modules: Enables SSL support for
the Mail server. The OpenSSL library is required to build and run this module. Disabling standard modules: Enables building an external module at the specified path. Enables building an external dynamic module at the specified path. Enables dynamic module compatibility mode. When enabled, Angie can load and
use dynamic modules that were built for the same Angie version,
even if these modules were built with different options. Sets the compiler to be used during the build. Sets the preprocessor to be used during the build. Sets additional parameters that will be added to the Sets additional parameters that will be used during linking. When using
the system PCRE library under FreeBSD, Enables builds optimized for one of the following processors:
HTTP#
--with-http_acme_module
--with-http_addition_module
--with-http_auth_request_module
--with-http_dav_module
--with-http_degradation_module
location
blocks.sbrk(0)
shows the actual amount of memory allocated to the process. In other
words, the module works on FreeBSD up to version 7.0 by default. Starting
from version 7.0, it works only if MALLOC_OPTIONS=Dm
is set. On
Linux it does not work.--with-http_flv_module
--with-http_geoip_module
, --with-http_geoip_module=dynamic
--with-http_gunzip_module
Content-Encoding: gzip
for clients that do not
support the gzip
compression method.--with-http_gzip_static_module
.gz
extension
instead of a regular file.--with-http_image_filter_module
,
--with-http_image_filter_module=dynamic
--with-http_mp4_module
--with-http_perl_module
, --with-http_perl_module=dynamic
--with-perl_modules_path=
path--with-perl=
path--with-http_random_index_module
/
) and returns a random file as the
directory's index file.--with-http_realip_module
--with-http_secure_link_module
--with-http_slice_module
--with-http_ssl_module
--with-http_stub_status_module
--with-http_sub_module
--with-http_v2_module
--with-http_v3_module
$ ./configure
--with-debug
--with-http_v3_module
--with-cc-opt="-I../boringssl/include"
--with-ld-opt="-L../boringssl/build/ssl
-L../boringssl/build/crypto"
$ ./configure
--with-debug --with-http_v3_module
--with-cc-opt="-I../libressl/build/include"
--with-ld-opt="-L../libressl/build/lib"
$ ./configure
--with-debug
--with-http_v3_module
--with-cc-opt="-I../quictls/build/include"
--with-ld-opt="-L../quictls/build/lib"
--with-http_xslt_module
, --with-http_xslt_module=dynamic
--with-google_perftools_module
--without-http
--without-http_access_module
--without-http_api_module
--without-http_auth_basic_module
--without-http_autoindex_module
/
) and produces a directory listing in case the Index module cannot find an index file.--without-http_browser_module
User-Agent
request header field.--without-http_charset_module
Content-Type
response header field and can additionally convert data from one charset
to another.--without-http_empty_gif_module
--without-http_fastcgi_module
--without-http_geo_module
--without-http_gzip_module
--without-http_grpc_module
--without-http_limit_conn_module
--without-http_limit_req_module
--without-http_map_module
--without-http_memcached_module
--without-http_mirror_module
--without-http_prometheus_module
--without-http_proxy_module
--without-http_referer_module
Referer
header field.--without-http_rewrite_module
--without-http_scgi_module
--without-http_split_clients_module
--without-http_ssi_module
--without-http_upstream_hash_module
--without-http_upstream_ip_hash_module
--without-http_upstream_keepalive_module
--without-http_upstream_least_conn_module
--without-http_upstream_random_module
--without-http_upstream_sticky_module
--without-http_upstream_zone_module
--without-http_userid_module
--without-http_uwsgi_module
Streaming#
--with-stream
, --with-stream=dynamic
- Enables the core Stream
module for generic TCP/UDP proxying and load balancing.#--with-stream_acme_module
--with-stream_geoip_module
, --with-stream_geoip_module=dynamic
--with-stream_mqtt_preread_module
CONNECT
packets in MQTT
versions 3.1.1
and 5.0.--with-stream_rdp_preread_module
--with-stream_realip_module
--with-stream_ssl_module
--with-stream_ssl_preread_module
--without-stream_access_module
- Disables the Access
module that allows limiting access to certain client addresses.#--without-stream_geo_module
--without-stream_limit_conn_module
--without-stream_map_module
--without-stream_return_module
--without-stream_set_module
--without-stream_split_clients_module
--without-stream_upstream_hash_module
--without-stream_upstream_least_conn_module
--without-stream_upstream_random_module
--without-stream_upstream_zone_module
Mail#
--with-mail
, --with-mail=dynamic
- Enables the core Mail module
that supports POP3, IMAP4, and SMTP.#--with-mail_ssl_module
Other options#
--with-cpp_test_module
- Enables the CPP Test module. It's used primarily for development
and testing purposes and isn't intended for production use.#--add-module=
path--add-dynamic-module=
path--with-compat
--with-cc=
path--with-cpp=
path--with-cc-opt=
parametersCFLAGS
variable. When using the system PCRE library under FreeBSD,
--with-cc-opt="-I /usr/local/include"
should be specified. If the
number of files supported by select()
needs to be increased, it
can also be specified here, such as --with-cc-opt="-D
FD_SETSIZE=2048"
.--with-ld-opt=
parameters--with-ld-opt="-L
/usr/local/lib"
should be specified.--with-cpu-opt=
cpupentium
, pentiumpro
, pentium3
, pentium4
,
athlon
, opteron
, sparc32
, sparc64
,
ppc64
.
Examples#
Simple HTTPS-Enabled Build. This basic configuration enables HTTPS support using SSL/TLS, with the necessary dependencies (PCRE for regular expressions, zlib for compression, and OpenSSL for SSL/TLS):
$ ./configure \
--sbin-path=/usr/sbin/angie \
--conf-path=/etc/angie/angie.conf \
--pid-path=/run/angie.pid \
--with-http_ssl_module \
--with-pcre=../pcre2-10.40 \
--with-zlib=../zlib-1.3 \
--with-openssl=../openssl-3.0.8
Performance-Optimized Build. This configuration is optimized for performance, including HTTP/2 support, gzip static compression, JIT for PCRE, and asynchronous I/O; thread pools are also enabled for efficient handling of high loads:
$ ./configure \
--sbin-path=/usr/sbin/angie \
--conf-path=/etc/angie/angie.conf \
--pid-path=/run/angie.pid \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-pcre=../pcre2-10.40 \
--with-pcre-jit \
--with-zlib=../zlib-1.3 \
--with-threads \
--with-file-aio
Load Balancer with TCP/UDP Proxying. This configuration sets up a load balancer for both HTTP and non-HTTP services:
$ ./configure \
--sbin-path=/usr/sbin/angie \
--conf-path=/etc/angie/angie.conf \
--pid-path=/run/angie.pid \
--with-stream \
--with-stream_ssl_module \
--with-pcre=../pcre2-10.40 \
--with-zlib=../zlib-1.3
Specialized Build. This configuration includes HTTPS, HTTP/2, compression, enhanced security and performance, along with additional modules for Brotli compression and cache management, optimized for both HTTP and TCP/UDP proxying:
$ ./configure \
--prefix=/usr/local/angie \ # Installation directory for Angie
--sbin-path=/usr/sbin/angie \ # Path to the Angie binary
--conf-path=/etc/angie/angie.conf \ # Path to the main configuration file
--pid-path=/run/angie.pid \ # Path to the PID file
--lock-path=/var/lock/angie.lock \ # Path to the lock file
--error-log-path=/var/log/angie/error.log \ # Path to the error log file
--http-log-path=/var/log/angie/access.log \ # Path to the access log file
--with-http_ssl_module \ # Enables SSL module for HTTPS
--with-http_v2_module \ # Enables HTTP/2 support for improved performance
--with-http_realip_module \ # Allows Angie to correctly handle X-Real-IP and X-Forwarded-For headers
--with-http_gzip_static_module \ # Serves pre-compressed .gz files to reduce CPU load
--with-http_stub_status_module \ # Provides a status page
--with-threads \ # Enables thread pools to improve performance under heavy load
--with-file-aio \ # Enables asynchronous I/O
--with-stream \ # Enables TCP/UDP proxy functionality
--with-stream_ssl_module \ # Adds SSL/TLS support for TCP/UDP proxy
--with-pcre=../pcre2-10.40 \ # Specifies the path to PCRE library for regex support
--with-pcre-jit \ # Enables just-in-time compilation for PCRE
--with-zlib=../zlib-1.3 \ # Specifies the path to the zlib library for compression
--with-openssl=../openssl-3.0.8 \ # Specifies the path to the OpenSSL library for SSL/TLS
--with-openssl-opt="enable-ec_nistp_64_gcc_128" \ # Optimizes OpenSSL for 64-bit NIST curves
--add-module=../ngx_brotli \ # Adds third-party ngx_brotli module for Brotli compression support
--add-dynamic-module=../ngx_cache_purge # Adds third-party ngx_cache_purge module for cache management