Skip to main content

Create an Nginx-based YUM/DNF repository on Red Hat Enterprise Linux 8

You can create your own local YUM/DNF repository on your local server. Here's how to do that with the Nginx HTTP server.
Image
Engine room

Software repositories are usually used over the internet and can be accessed by multiple users worldwide. However, you can create your own local repository on your local server and use it as a single user, or allow access to other machines on your LAN using a web server or FTP.

The advantage of creating a local repository is that you don’t require an internet connection to install software packages or updates. Another benefit is, of course, the download speed. Since the packages are downloaded via a local network, the updates perform quickly.

Yellowdog Updater, Modified (YUM) or Dandified YUM (DNF) are software package managers that manage RPM-based Linux distributions. With YUM or DNF, you can install and update groups of computers without having to manually update each RPM.

In this article, I will explain how to set up a local web-based YUM/DNF repository on Red Hat Enterprise Linux (RHEL) 8, using the installation DVD or ISO file. I will also show you how to find and install software packages on client RHEL 8 machines using the Nginx HTTP server and the Apache web servers. For Apache instructions, see Create your own Apache-based YUM/DNF repository on Red Hat Enterprise Linux 8 and for FTP instructions, see Create your own FTP-based YUM/DNF repository on Red Hat Enterprise Linux 8.

[Want to try out Red Hat Enterprise Linux? Download it now for free.]

Prerequisites

You will need to set up two Red Hat Enterprise Linux 8 systems: one local repo server and one client machine that will use the local repository from the local server. The result will look something like this:

  • Local Repository Server: RHEL 8 [10.0.0.10]

  • Local Client Machine: RHEL 8 [10.0.0.11]

  • RHEL 8 installation DVD

  • Nginx HTTP server

Create your repository

Creating your repository involves a number of steps. I'll walk you through them.

Step 1: Mount the Red Hat Enterprise Linux 8 media

First, mount the local media (the DVD, USB stick, etc.) that contains Red Hat Enterprise Linux 8. Use the installation DVD:

$ sudo mount /dev/cdrom /mnt 
mount: /mnt: WARNING: device write-protected, mounted read-only.

Or mount the ISO image:

$ sudo mount -o loop rhel-8.0-x86_64-dvd.iso /mnt

Step 2: Create a local YUM repository from the mounted media

Move the existing repo files located in /etc/yum.repos.d:

$ sudo mv /etc/yum.repos.d/*.repo /tmp/

From this point, it is better if you continue as the root user. Switch to superuser with su command.

Next, create a directory for the repo:

# mkdir /local_repo

Use this directory with Nginx or Apache for serving files over the LAN.

Create the new local repository’s configuration file, local-dvdrom.repo, under the /etc/yum.repos.d directory:

# touch /etc/yum.repos.d/local-dvdrom.repo
# chmod  u+rw,g+r,o+r  /etc/yum.repos.d/local-dvdrom.repo

Step 3: Copy media content to the local directory

Copy the ISO files locally under the /local_repo directory:

# cd /mnt
# tar cvf - . | (cd /local_repo/; tar xvf -)

Wait until the files are copied, then verify the files were copied using:

# ls -l /local_repo/
total 56
dr-xr-xr-x. 4 root root    38 Apr  4  2019 AppStream
dr-xr-xr-x. 4 root root    38 Apr  4  2019 BaseOS
dr-xr-xr-x. 3 root root    18 Apr  4  2019 EFI
-r--r--r--. 1 root root  8266 Mar  1  2019 EULA
-r--r--r--. 1 root root  1455 Apr  4  2019 extra_files.json
-r--r--r--. 1 root root 18092 Mar  1  2019 GPL
dr-xr-xr-x. 3 root root    76 Apr  4  2019 images
dr-xr-xr-x. 2 root root   256 Apr  4  2019 isolinux
-r--r--r--. 1 root root   103 Apr  4  2019 media.repo
-r--r--r--. 1 root root  1669 Mar  1  2019 RPM-GPG-KEY-redhat-beta
-r--r--r--. 1 root root  5134 Mar  1  2019 RPM-GPG-KEY-redhat-release
-r--r--r--. 1 root root  1796 Apr  4  2019 TRANS.TBL

Step 4: Configure the local YUM/DNF repository

Edit the repo configuration file you created earlier:

# vim /etc/yum.repos.d/local-dvdrom.repo

Paste this configuration into it:

[LocalRepo_BaseOS]
name=LocalRepo_BaseOS
metadata_expire=-1
enabled=1
gpgcheck=1
baseurl=file:///local_repo/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[LocalRepo_AppStream]
name=LocalRepo_AppStream
metadata_expire=-1
enabled=1
gpgcheck=1
baseurl=file:///local_repo/AppStream/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Install the required packages for creating, configuring and managing the local repository:

# yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
LocalRepo_AppStream                              94 MB/s | 5.3 MB     00:00    
LocalRepo_BaseOS                                 97 MB/s | 2.2 MB     00:00    
repo id                              repo name                            status
LocalRepo_AppStream                  LocalRepo_AppStream                  4,672
LocalRepo_BaseOS                     LocalRepo_BaseOS                     1,658


# yum install createrepo  yum-utils
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:02:33 ago on Sat 05 Oct 2019 09:52:46 PM UTC.
Package dnf-utils-4.0.2.2-3.el8.noarch is already installed.
Dependencies resolved.
================================================================================
 Package              Arch      Version            Repository              Size
================================================================================
Installing:
 createrepo_c         x86_64    0.11.0-1.el8       LocalRepo_AppStream     76 k
Installing dependencies:
 createrepo_c-libs    x86_64    0.11.0-1.el8       LocalRepo_AppStream    101 k
 drpm                 x86_64    0.3.0-14.el8       LocalRepo_AppStream     71 k

Transaction Summary
================================================================================
Install  3 Packages

Total size: 249 k
Installed size: 556 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : drpm-0.3.0-14.el8.x86_64                               1/3 
  Installing       : createrepo_c-libs-0.11.0-1.el8.x86_64                  2/3 
  Installing       : createrepo_c-0.11.0-1.el8.x86_64                       3/3 
  Running scriptlet: createrepo_c-0.11.0-1.el8.x86_64                       3/3 
  Verifying        : createrepo_c-0.11.0-1.el8.x86_64                       1/3 
  Verifying        : createrepo_c-libs-0.11.0-1.el8.x86_64                  2/3 
  Verifying        : drpm-0.3.0-14.el8.x86_64                               3/3 
Installed products updated.

Installed:
  createrepo_c-0.11.0-1.el8.x86_64     createrepo_c-libs-0.11.0-1.el8.x86_64    
  drpm-0.3.0-14.el8.x86_64            

Complete!

Finally, run the createrepo command:

# createrepo /local_repo/
Directory walk started
Directory walk done - 6647 packages
Temporary output repo path: /local_repo/.repodata/
Preparing sqlite DBs
Pool started (with 5 workers)
Pool finished

Step 5: Test and verify your local repository

In this step, you clean up the temporary repository files and verify that the local repository is enabled:

# yum clean all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
12 files removed

# yum repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
LocalRepo_AppStream                             120 MB/s | 5.3 MB     00:00    
LocalRepo_BaseOS                                103 MB/s | 2.2 MB     00:00    
repo id                              repo name                            status
LocalRepo_AppStream                  LocalRepo_AppStream                  4,672
LocalRepo_BaseOS                     LocalRepo_BaseOS                     1,658

Verify that the local repository was created:

# ls /local_repo/repodata/
26617821a5263fb13c7a49cc5e2d0b979b926eb17b9b4ed0b7df624e04c272f2-other.sqlite.bz2
5626e6dd41648dc6395def6889f4cc0e7f1006bb7d7eca748c9abd4c67fa5b9b-other.xml.gz
6290a72e46a90f98896c14f7664440de10c798d158ce0afe5f15a9f3896b7824-primary.xml.gz
a5c265589796231ed91b8b25a0473d05915bf62496495a004d321d042b26360c-filelists.sqlite.bz2
c8b51f43bdaa4f14cd5b083851cef1068e9284fa6557eb4552ba2ae22e7f72d5-primary.sqlite.bz2
ed21f77d28e263df02739a4bd55eb7247ffd0531c871bfe677d4b205dbffd5e8-filelists.xml.gz
repomd.xml

You can see that the local repository generated files, so everything is ok at this point.

If you read the above command output carefully, you get the warning message, This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. If you want to suppress or prevent this message while running the dnf or yum command then edit the file /etc/yum/pluginconf.d/subscription-manager.conf:

# vim /etc/yum/pluginconf.d/subscription-manager.conf

and change the parameter enabled=1 to enabled=0:

[main]
enabled=0

Set up your Nginx HTTP server

As I mentioned before, this article covers setting up your own repository using the Nginx HTTP server. I'll walk you through installing and configuring Nginx to serve your repo.

Install Nginx

To install the Nginx HTTP server using YUM:

# yum install nginx
Last metadata expiration check: 0:19:18 ago on Sun 06 Oct 2019 09:51:22 AM UTC.
Dependencies resolved.
=======================================================================================
 Package          Arch   Version                             Repository           Size
=======================================================================================
Installing:
 nginx            x86_64 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream 569 k
Installing dependencies:
 gd               x86_64 2.2.5-6.el8                         LocalRepo_AppStream 144 k
 jbigkit-libs     x86_64 2.1-14.el8                          LocalRepo_AppStream  55 k
 libX11           x86_64 1.6.7-1.el8                         LocalRepo_AppStream 612 k
 libX11-common    noarch 1.6.7-1.el8                         LocalRepo_AppStream 157 k
 libXau           x86_64 1.0.8-13.el8                        LocalRepo_AppStream  36 k
 libXpm           x86_64 3.5.12-7.el8                        LocalRepo_AppStream  58 k
 libjpeg-turbo    x86_64 1.5.3-7.el8                         LocalRepo_AppStream 155 k
 libtiff          x86_64 4.0.9-13.el8                        LocalRepo_AppStream 188 k
 libwebp          x86_64 1.0.0-1.el8                         LocalRepo_AppStream 273 k
 libxcb           x86_64 1.13-5.el8                          LocalRepo_AppStream 230 k
 nginx-all-modules
                  noarch 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  23 k
 nginx-filesystem noarch 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  24 k
 nginx-mod-http-image-filter
                  x86_64 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  34 k
 nginx-mod-http-perl
                  x86_64 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  45 k
 nginx-mod-http-xslt-filter
                  x86_64 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  33 k
 nginx-mod-mail   x86_64 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  64 k
 nginx-mod-stream x86_64 1:1.14.1-8.module+el8+2505+fe936cef LocalRepo_AppStream  85 k
 dejavu-fonts-common
                  noarch 2.35-6.el8                          LocalRepo_BaseOS     74 k
 dejavu-sans-fonts
                  noarch 2.35-6.el8                          LocalRepo_BaseOS    1.5 M
 fontconfig       x86_64 2.13.1-3.el8                        LocalRepo_BaseOS    275 k
 fontpackages-filesystem
                  noarch 1.44-22.el8                         LocalRepo_BaseOS     16 k
 libxslt          x86_64 1.1.32-3.el8                        LocalRepo_BaseOS    249 k
Enabling module streams:
 nginx                   1.14                                                         

Transaction Summary
=======================================================================================
Install  23 Packages

Total size: 4.8 M
Installed size: 15 M
Is this ok [y/N]: y

Configure Nginx to auto-start at boot

Once Nginx is installed, start and enable the service to auto-start at boot and verify its status using the following commands:

# systemctl start nginx

# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.

# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disa>
   Active: active (running) since Sun 2019-10-06 10:15:47 UTC; 22s ago
 Main PID: 3596 (nginx)
    Tasks: 3 (limit: 11528)
   Memory: 7.6M
   CGroup: /system.slice/nginx.service
           ├─3596 nginx: master process /usr/sbin/nginx
           ├─3597 nginx: worker process
           └─3598 nginx: worker process

Oct 06 10:15:47 server systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 06 10:15:47 server nginx[3593]: nginx: the configuration file /etc/nginx/nginx.con>
Oct 06 10:15:47 server nginx[3593]: nginx: configuration file /etc/nginx/nginx.conf te>
Oct 06 10:15:47 server systemd[1]: Started The nginx HTTP and reverse proxy server.

Configure the firewall

Next, you must configure the firewall so that Nginx can be reached:

# firewall-cmd --zone=public --permanent --add-service=http
success
# firewall-cmd --zone=public --permanent --add-service=https
success
# firewall-cmd --reload
success

Verify that Nginx is up and running

You can now verify that your Nginx server is up and running by going to the localhost URL on your web browser. The default Nginx web page http://localhost/ should be displayed.

Configure Nginx

To configure Nginx, open the configuration file:

# vim /etc/nginx/nginx.conf

Now, find the server section of the file and change it so that it looks like this:

    server {
	listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /local_repo/;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
                allow all;
                sendfile on;
                sendfile_max_chunk 1m;
                autoindex on;
                autoindex_exact_size off;
                autoindex_format html;
                autoindex_localtime on;
        }
	  error_page 404 /404.html;
            location = /40x.html {
        }

	  error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

Test and clean up

Now, start the Nginx service again and test its status:

# systemctl restart nginx

# systemctl status nginx

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disa>
   Active: active (running) since Sun 2019-10-06 10:15:47 UTC; 3 hours 51 min ago
Process: 24032 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 24033 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 24034 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
 Main PID: 24035 (nginx)
   Status: "Started, listening on: port 80"
    Tasks: 3 (limit: 2438)
   Memory: 3.9M
   CGroup: /system.slice/nginx.service
           ├─24035 nginx: master process /usr/sbin/nginx
           ├─24036 nginx: worker process
           └─24037 nginx: worker process

Oct 06 10:15:47 server systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 06 10:15:47 server nginx[24033]: nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_si>
Oct 06 10:15:47 server nginx[24033]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Oct 06 10:15:47 server nginx[24033]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Oct 06 10:15:47 server nginx[24033]: nginx[24034]: nginx: [warn] could not build optimal types_hash, you should increase either types_hash_max_si
Oct 06 10:15:47 server systemd[1]: Started The nginx HTTP and reverse proxy server.

Everything is good.

Change permissions and set SELinux

Continue the security configuration by changing the permissions on the local_repo directory and configuring SELinux. To change the permissions:

# setfacl -R -m u:apache:rwx /local_repo/

Then, check if SELinux is enforcing:

# getenforce
Enforcing

If it is Enforcing, type:

# chcon -Rt httpd_sys_content_t /local_repo/

If SELinux is not set to Enforcing, then the files will not serve from the repo.

# setenforce enforcing

And make the change permanent by editing the /etc/sysconfig/selinux file and set the following value:

SELINUX=enforcing

Set up the client

Now, to configure the Red Hat Enterprise Linux 8 client machine’s repository.

Add the repo

On the client machine, add the local repos from the server to the client’s YUM configuration:

$ sudo vim /etc/yum.repos.d/local-rhel8.repo 

Then paste the following configuration (be sure to change the server IP address according to your setup):

[LocalServerRepo]
name=LocalServerRepo
enabled=1
gpgcheck=0
baseurl=[http://](http://10.0.0.10/)[**10.0.0.10**](http://10.0.0.10/)[/](http://10.0.0.10/)

Test the repo

Test the LocalServerRepo by installing a package. For example:

$ yum repolist
Not root, Subscription Management repositories not updated
LocalServerRepo                                 112 MB/s | 7.2 MB     00:00    
Last metadata expiration check: 0:00:02 ago on Sun 06 Oct 2019 01:04:21 PM UTC.
repo id                              repo name                            status
LocalServerRepo                      LocalServerRepo                      6,647

$ sudo yum install nano
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
LocalServerRepo                                 103 MB/s | 7.2 MB     00:00    
Last metadata expiration check: 0:00:02 ago on Sun 06 Oct 2019 01:07:33 PM UTC.
Dependencies resolved.
================================================================================
 Package      Arch           Version              Repository               Size
================================================================================
Installing:
 nano         x86_64         2.9.8-1.el8          LocalServerRepo         580 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 580 k
Installed size: 2.2 M
Is this ok [y/N]: y
Downloading Packages:
nano-2.9.8-1.el8.x86_64.rpm                      19 MB/s | 580 kB     00:00    
--------------------------------------------------------------------------------
Total                                            17 MB/s | 580 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : nano-2.9.8-1.el8.x86_64                                1/1 
  Running scriptlet: nano-2.9.8-1.el8.x86_64                                1/1 
  Verifying        : nano-2.9.8-1.el8.x86_64                                1/1 
Installed products updated.

Installed:
  nano-2.9.8-1.el8.x86_64                                                       

Complete!

That is great! Everything works as expected. You now have an Nginx-based local YUM/DNF repository in Red Hat Enterprise Linux 8, using the installation DVD or ISO file.

Topics:   Linux  
Author’s photo

Bobbin Zachariah

Bobbin is a very passionate lover of Linux and opensource tools. He has worked in IT for many years with experience in consulting and implementing Linux infrastructure as an employee and as an IT freelancer. More about me

Related Content

OUR BEST CONTENT, DELIVERED TO YOUR INBOX