Installing and Configuring Nginx Web Server

Learn how to install and configure Nginx, one of the most popular web servers, on your Ubuntu VPS with SSL/TLS support and optimization for production use.

1. Installing Nginx
2. Configuring Firewall
3. Setting Up Server Blocks (Virtual Hosts)
4. Installing SSL Certificate (Let's Encrypt)
5. Performance Optimization
6. PHP-FPM Integration

1 Installing Nginx

Update System Packages

sudo apt update
sudo apt upgrade -y

Install Nginx

sudo apt install nginx -y

Start and Enable Nginx

# Start Nginx
sudo systemctl start nginx

# Enable Nginx to start on boot
sudo systemctl enable nginx

# Check status
sudo systemctl status nginx

Verify Installation

Open your browser and visit:

http://your_server_ip

You should see the default Nginx welcome page.

2 Configuring Firewall

List Available Nginx Profiles

sudo ufw app list

Available profiles:

• Nginx Full - Opens both HTTP (80) and HTTPS (443)
• Nginx HTTP - Opens only HTTP (80)
• Nginx HTTPS - Opens only HTTPS (443)

Allow Nginx Through Firewall

# For production with SSL
sudo ufw allow 'Nginx Full'

# Or manually
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Check firewall status
sudo ufw status

3 Setting Up Server Blocks (Virtual Hosts)

Server blocks allow you to host multiple websites on one server. Similar to Apache's virtual hosts.

Create Directory Structure

# Create web root directory
sudo mkdir -p /var/www/example.com/html

# Set permissions
sudo chown -R $USER:$USER /var/www/example.com/html
sudo chmod -R 755 /var/www/example.com

Create Sample HTML Page

nano /var/www/example.com/html/index.html

Add this content:

<!DOCTYPE html>
<html>
<head>
    <title>Welcome to example.com!</title>
</head>
<body>
    <h1>Success! The example.com server block is working!</h1>
</body>
</html>

Create Server Block Configuration

sudo nano /etc/nginx/sites-available/example.com

Add this configuration:

server {
    listen 80;
    listen [::]:80;

    root /var/www/example.com/html;
    index index.html index.htm index.php;

    server_name example.com www.example.com;

    location / {
        try_files $uri $uri/ =404;
    }

    # Logging
    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;
}

Enable the Server Block

# Create symbolic link
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

# Test configuration
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

Note

Make sure your domain's DNS A record points to your server's IP address before testing.

4 Installing SSL Certificate (Let's Encrypt)

Install Certbot

sudo apt install certbot python3-certbot-nginx -y

Obtain SSL Certificate

# For single domain
sudo certbot --nginx -d example.com -d www.example.com

# Follow the prompts:
# - Enter email address
# - Agree to terms
# - Choose redirect HTTP to HTTPS (recommended: 2)

Verify Auto-Renewal

# Test renewal process
sudo certbot renew --dry-run

# Certificate will auto-renew via systemd timer
sudo systemctl status certbot.timer

Updated Configuration (with SSL)

Certbot automatically updates your config. It will look like:

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com www.example.com;
    root /var/www/example.com/html;
    index index.html index.htm index.php;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        try_files $uri $uri/ =404;
    }
}

5 Performance Optimization

Edit Main Nginx Configuration

sudo nano /etc/nginx/nginx.conf

Recommended Settings

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 2048;
    multi_accept on;
    use epoll;
}

http {
    # Basic Settings
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    # Buffer Settings
    client_body_buffer_size 128k;
    client_max_body_size 20M;
    client_header_buffer_size 1k;
    large_client_header_buffers 4 4k;
    output_buffers 1 32k;
    postpone_output 1460;

    # Gzip Compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript
               application/json application/javascript application/xml+rss
               application/rss+xml font/truetype font/opentype
               application/vnd.ms-fontobject image/svg+xml;
    gzip_disable "msie6";

    # Caching
    open_file_cache max=200000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Virtual Host Configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Add Caching Headers to Server Block

    # Cache static assets
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;

Test and Reload

sudo nginx -t
sudo systemctl reload nginx

6 PHP-FPM Integration

Install PHP-FPM

sudo apt install php8.1-fpm php8.1-mysql php8.1-curl php8.1-gd php8.1-mbstring php8.1-xml php8.1-zip -y

Configure Nginx for PHP

Add to your server block:

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Deny access to .htaccess files
    location ~ /\.ht {
        deny all;
    }

Test PHP

# Create test file
echo "<?php phpinfo(); ?>" | sudo tee /var/www/example.com/html/info.php

# Reload Nginx
sudo systemctl reload nginx

# Visit: https://example.com/info.php

# Remove test file after verification
sudo rm /var/www/example.com/html/info.php

Useful Nginx Commands

# Test configuration
sudo nginx -t

# Reload configuration
sudo systemctl reload nginx

# Restart Nginx
sudo systemctl restart nginx

# Stop Nginx
sudo systemctl stop nginx

# View error logs
sudo tail -f /var/log/nginx/error.log

# View access logs
sudo tail -f /var/log/nginx/access.log

# Check Nginx version
nginx -v

Nginx Setup Complete!

✓ Nginx installed and running
✓ Firewall configured
✓ Server blocks configured
✓ SSL/TLS enabled with Let's Encrypt
✓ Performance optimized
✓ PHP support added (optional)

Table of Contents