Installing NGINX Plus LTS

Since May 13, 2026, NGINX Plus is published in two release types: Long-Term Support (LTS) and Continuous Release (CR).

The NGINX Plus LTS release model is designed for mission-critical production environments. Each LTS release is supported for three years and receives security fixes and CVE mitigations without introducing new features. New features are delivered in Continuous Releases (CR) during the same annual LTS cycle.

  • Cadence: one LTS per year
  • Patching model: security/CVE fixes only, no feature changes
  • Support window: up to 3 years for each LTS release
  • Concurrency: up to 3 LTS versions supported at the same time
  • Version format: an LTS release has 0 as the second numeric component, for example: PLS.37.0.0.1. LTS updates increment the third component, for example: PLS.37.0.1.1.

NGINX Plus Continuous Releases (CR) are published several times within an annual LTS cycle. Each CR contains the latest features and performance improvements. The CR cycle ends when a new LTS is released.

Repository configuration options

By default, NGINX Plus repositories are configured to receive Continuous Releases. To use LTS, update your repository configuration to point to the LTS package URL, replacing the default URL. You can choose one of the options during installation:

  • Pin to current LTS only: receive only security updates for this LTS, no CRs, no automatic update to next LTS; supported up to three years
  • Pin to LTS track: automatically upgrade to the newest LTS when it is released annually, no CRs.
  • Default: receive Continuous Releases within the current LTS release. No actions needed.

Prerequisites

Before you begin, make sure you have:

Preparation steps for all operating systems

  1. Check if your operating system and architecture are supported. For a complete list of supported platforms and architectures, see the Technical Specifications.

  2. Back up your NGINX Plus configuration and log files if you have an older NGINX Plus package installed. For more information, see Upgrading NGINX Plus.

  3. Download the SSL certificate, private key, and the JWT license file associated with your NGINX Plus subscription from the MyF5 Customer Portal:

    • Log in to MyF5.
    • Go to My Products & Plans > Subscriptions to see your active subscriptions.
    • Find your NGINX products or services subscription, and select the Subscription ID for details.
    • Download the <nginx-repo>.crt and <nginx-repo>.key from the subscription page.
    • Download the JSON Web Token (JWT) from the subscription page. See About Subscription Licenses for details.

  4. Create the /etc/ssl/nginx directory:

    sudo mkdir -p /etc/ssl/nginx

  5. Copy the downloaded .crt and .key files to the /etc/ssl/nginx/ directory and make sure they are named nginx-repo.crt and nginx-repo.key:

    shell
    sudo cp <downloaded-file-name>.crt /etc/ssl/nginx/nginx-repo.crt
sudo cp <downloaded-file-name>.key /etc/ssl/nginx/nginx-repo.key

  6. Follow the installation instructions for your operating system: Amazon Linux 2023, Amazon Linux 2, RHEL-based, Debian, Ubuntu, FreeBSD, SLES, Alpine.

Amazon Linux 2023 LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Install the ca-certificates dependency:

    shell
    sudo dnf update && \
sudo dnf install ca-certificates

  3. Add the NGINX Plus repository to your Amazon Linux 2023 instance. Download the plus-amazonlinux2023.repo file to /etc/yum.repos.d:

    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-amazonlinux2023.repo

  4. Modify your NGINX Plus repository configuration to pin to the desired LTS track. To change your update channel, edit the /etc/yum.repos.d/plus-amazonlinux2023.repo file and update the baseurl to the appropriate value for your target version.

    • Pin to current LTS version:

      baseurl=https://pkgs.nginx.com/plus/R37.0/amzn/2023/$basearch

    • Pin to LTS track:

      baseurl=https://pkgs.nginx.com/plus/LTS/amzn/2023/$basearch

  5. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced.

    sudo dnf install nginx-plus

  6. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  7. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  8. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  9. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

Amazon Linux 2 LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Install the ca-certificates dependency:

    shell
    sudo yum update && \
sudo yum install ca-certificates

  3. Add the NGINX Plus repository to your Amazon Linux 2 instance. Download the nginx-plus-amazon2.repo file to /etc/yum.repos.d:

    sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-amazon2.repo

  4. Modify your NGINX Plus repository configuration to pin to the desired LTS track. To change your update channel, edit the /etc/yum.repos.d/nginx-plus-amazon2 file and update the baseurl to the appropriate value for your target version.

    • Pin to current LTS version:

      baseurl=https://pkgs.nginx.com/plus/R37.0/amzn2/$releasever/$basearch

    • Pin to LTS track:

      baseurl=https://pkgs.nginx.com/plus/LTS/amzn2/$releasever/$basearch

  5. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced.

    sudo yum install nginx-plus

  6. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  7. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  8. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  9. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

RHEL-based systems LTS packages

Supported RHEL-based operating systems include Red Hat Enterprise Linux, Oracle Linux, AlmaLinux, and Rocky Linux for versions 8.1+, 9.7+, and 10+.

  1. Make sure you meet the prerequisites and have completed the common steps for all operating systems.

  2. Install the ca-certificates dependency:

    shell
    sudo dnf update && \
sudo dnf install ca-certificates

  3. Add the NGINX Plus repository by downloading nginx-plus-.repo file that matches your OS major version to /etc/yum.repos.d.

    • For RHEL-based 8.1+, download the plus-8.repo file:

      sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-8.repo

    • For RHEL-based 9.7+, download the plus-9.repo file:

      sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-9.repo

    • For RHEL-based 10+, download the plus-10.repo file:

      sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/plus-10.repo

  4. Modify your NGINX Plus repository configuration to pin to the desired LTS track. To change your update channel, edit the /etc/yum.repos.d/plus-<version>.repo file and update the baseurl to the appropriate value for your target version.

    For RHEL-based 8.1+

    • Pin to current LTS version:

      baseurl=https://pkgs.nginx.com/plus/R37.0/centos/8/$basearch/

    • Pin to LTS track:

      baseurl=https://pkgs.nginx.com/plus/LTS/centos/8/$basearch/

    For RHEL-based 9.7+

    • Pin to current LTS version:

      baseurl=https://pkgs.nginx.com/plus/R37.0/centos/9/$basearch/

    • Pin to LTS track:

      baseurl=https://pkgs.nginx.com/plus/LTS/centos/9/$basearch/

    For RHEL-based 10+

    • Pin to current LTS version:

      baseurl=https://pkgs.nginx.com/plus/R37.0/centos/10/$basearch/

    • Pin to LTS track:

      baseurl=https://pkgs.nginx.com/plus/LTS/centos/10/$basearch/

    • Save the changes and exit.

    • Update the repository information:

      sudo dnf update

  5. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced.

    sudo dnf install nginx-plus

  6. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  7. To enable the NGINX service to start at boot, run the following command:

    sudo systemctl enable nginx.service

  8. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  9. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  10. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

Debian LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Install the prerequisites packages:

    shell
    sudo apt update && \
sudo apt install apt-transport-https \
                 lsb-release \
                 ca-certificates \
                 wget \
                 gnupg2 \
                 debian-archive-keyring

  3. Download and add NGINX signing key:

    shell
    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key \
    | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

  4. Add the NGINX Plus repository:

    shell
    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/debian `lsb_release -cs` nginx-plus\n" \
| sudo tee /etc/apt/sources.list.d/nginx-plus.list

  5. Download the nginx-plus apt configuration to /etc/apt/apt.conf.d:

    sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx
    Pin NGINX Plus to a specific version

    To pin NGINX Plus to a specific version (for example, R33):

    1. Edit the /etc/apt/sources.list.d/nginx-plus.list file.

    2. Update the repository base URL to the desired version:

      • For Ubuntu:

        https://pkgs.nginx.com/plus/R33/ubuntu

      • For Debian:

        https://pkgs.nginx.com/plus/R33/debian

    3. Save the changes and exit.

    4. Update the repository information:

      sudo apt update

  6. Modify your NGINX Plus repository configuration to pin to the desired LTS track. To change your update channel, edit the /etc/apt/sources.list.d/nginx-plus.list file and update the URL to the appropriate value for your target version.

    • Pin to current LTS version:

      https://pkgs.nginx.com/plus/R37.0/debian

    • Pin to LTS track:

      https://pkgs.nginx.com/plus/LTS/debian

  7. Update the repository information:

    sudo apt update

  8. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced.

    sudo apt install -y nginx-plus

  9. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  10. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  11. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  12. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

Ubuntu LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Install the prerequisites packages:

    shell
    sudo apt update && \
sudo apt install apt-transport-https \
                 lsb-release \
                 ca-certificates \
                 wget \
                 gnupg2 \
                 ubuntu-keyring

  3. Download and add NGINX signing key:

    shell
    wget -qO - https://cs.nginx.com/static/keys/nginx_signing.key \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

  4. Add the NGINX Plus repository:

    shell
    printf "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
https://pkgs.nginx.com/plus/ubuntu `lsb_release -cs` nginx-plus\n" \
| sudo tee /etc/apt/sources.list.d/nginx-plus.list

  5. Download the nginx-plus apt configuration to /etc/apt/apt.conf.d:

    sudo wget -P /etc/apt/apt.conf.d https://cs.nginx.com/static/files/90pkgs-nginx

  6. Modify your NGINX Plus repository configuration to pin to the desired LTS track. To change your update channel, edit the /etc/apt/sources.list.d/nginx-plus.list file and update the URL to the appropriate value for your target version.

    • Pin to current LTS version:

      https://pkgs.nginx.com/plus/R37.0/ubuntu

    • Pin to LTS track:

      https://pkgs.nginx.com/plus/LTS/ubuntu

  7. Update the repository information:

    sudo apt update

  8. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced.

    sudo apt install -y nginx-plus

  9. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  10. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  11. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  12. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

FreeBSD LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Install the prerequisite ca_root_nss package:

    shell
    sudo pkg update && \
sudo pkg install ca_root_nss

  3. Copy the nginx-plus.conf file to the /etc/pkg/ directory:

    sudo fetch -o /etc/pkg/nginx-plus.conf http://cs.nginx.com/static/files/nginx-plus.conf

  4. Add the following lines to the /usr/local/etc/pkg.conf file:

    PKG_ENV: { SSL_NO_VERIFY_PEER: "1",
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }

  5. Modify your NGINX Plus repository configuration to pin to the desired LTS track. To change your update channel, edit the /etc/pkg/nginx-plus.conf file and update the URL to the appropriate value for your target version.

    • Pin to current LTS version:

      URL: pkg+https://pkgs.nginx.com/plus/R37.0/freebsd/${ABI}/latest

    • Pin to LTS track:

      URL: pkg+https://pkgs.nginx.com/plus/LTS/freebsd/${ABI}/latest

  6. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced. Back up your NGINX Plus configuration and log files if you have an older NGINX Plus package installed. For more information, see Upgrading NGINX Plus.

    sudo pkg install nginx-plus

  7. Copy the downloaded JWT file to the /usr/local/etc/nginx directory and make sure it is named license.jwt:

    sudo cp license.jwt /usr/local/etc/nginx

  8. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  9. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/usr/local/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  10. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

SUSE Linux Enterprise LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Create a file bundle of the certificate and key:

    cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt

  3. Install the required ca-certificates dependency:

    shell
    zypper refresh
zypper install ca-certificates

  4. Add the nginx-plus repo.

    For SLES 15, pinned to current LTS version:

    shell
    zypper addrepo -G -t yum -c \
"https://pkgs.nginx.com/plus/R37.0/sles/15?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer" \
nginx-plus

    For SLES 15, pinned to LTS track:

    shell
    zypper addrepo -G -t yum -c \
"https://pkgs.nginx.com/plus/LTS/sles/15?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer" \
nginx-plus

    For SLES 16, pinned to current LTS version:

    shell
    zypper addrepo -G -t yum -c \
"https://pkgs.nginx.com/plus/R37.0/sles/16?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer" \
nginx-plus

    For SLES 16, pinned to LTS track:

    shell
    zypper addrepo -G -t yum -c \
"https://pkgs.nginx.com/plus/LTS/sles/16?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=peer" \
nginx-plus

  5. Install the nginx-plus package. Any older NGINX Plus package is automatically replaced.

    zypper install nginx-plus

  6. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  7. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  8. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  9. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

Alpine LTS packages

  1. Make sure you have met all prerequisites and completed the common steps for all operating systems.

  2. Upload nginx-repo.key to /etc/apk/cert.key and nginx-repo.crt to /etc/apk/cert.pem. Ensure these files contain only the specific key and certificate — Alpine Linux doesn’t support mixing client certificates for multiple repositories.

  3. Put the NGINX signing public key in the /etc/apk/keys directory:

    sudo wget -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub

  4. Add the NGINX repository to the /etc/apk/repositories file.

    • Pin to current LTS version:

      shell
      printf "https://pkgs.nginx.com/plus/R37.0/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" \
| sudo tee -a /etc/apk/repositories

    • Pin to LTS track:

      shell
      printf "https://pkgs.nginx.com/plus/LTS/alpine/v`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release`/main\n" \
| sudo tee -a /etc/apk/repositories

  5. Remove all community-supported NGINX packages. Note that this will also remove all NGINX modules:

    sudo apk del -r nginx

  6. Install the NGINX Plus package:

    sudo apk add nginx-plus

  7. Copy the downloaded JWT file to the /etc/nginx/ directory and make sure it is named license.jwt:

    sudo cp <downloaded-file-name>.jwt /etc/nginx/license.jwt

  8. Check the nginx version to verify that NGINX Plus LTS is installed correctly:

    nginx -v

    The command output should indicate an LTS release: the second numeric component of the Plus release version should be 0:

    nginx version: nginx/1.29.8 (nginx-plus-r37.0.0)

  9. Make sure license reporting to F5 licensing endpoint is configured. By default, no configuration is required. However, it becomes necessary when NGINX Plus is installed in a disconnected environment, uses NGINX Instance Manager for usage reporting, or uses a custom path for the license file. Configuration can be done in the mgmt {} block of the NGINX Plus configuration file (/etc/nginx/nginx.conf). For more information, see About Subscription Licenses.

  10. If you are using NGINX Instance Manager in your infrastructure, install and enable NGINX Agent. See Install and Configure NGINX Agent for details.

Upgrade NGINX Plus

For general upgrade instructions, see Upgrading NGNIX Plus

View source
Edit this page
Create a new issue