Preparation
- VPS with Ubuntu 20.04/22.04/24.04 or Debian 11/12.
- User with sudo, SSH access.
- Domain (for HTTPS) and open ports 80/443 in the provider’s panel.
Installing Nginx and quick check
sudo apt update && sudo apt -y upgrade
sudo apt -y install nginx
sudo systemctl enable --now nginx
curl -I http://127.0.0.1
We expect 200 OK headers. The Nginx start page is usually located in /var/www/html/.
We allow HTTP/HTTPS in UFW and check the service.
sudo systemctl status nginx --no-pager
sudo ufw allow 'Nginx Full' # Opens 80 and 443
sudo ufw enable
sudo ufw status
If UFW is not used, ensure that 80/443 are open in the cloud firewall/provider panel.
Create a site directory and test page
sudo mkdir -p /var/www/example.com/html
echo 'Hello from Nginx!' | sudo tee /var/www/example.com/html/index.html
sudo chown -R $USER:$USER /var/www/example.com
We recommend a separate directory for each domain: /var/www/<domain>/html.
Create a server block (site configuration)
File /etc/nginx/sites-available/example.com:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
}
We turn on the website, check the syntax, and reload it.
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t # syntax is ok
sudo systemctl reload nginx
curl -I http://example.com
If nginx -t displays errors, correct the configuration (root path, domain names, closing brackets, etc.).
Gzip and basic security headers
Create the file /etc/nginx/conf.d/optimizations.conf:
# Gzip (standard types)
gzip on;
gzip_comp_level 5;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript application/xml text/xml application/rss+xml image/svg+xml;
# Security-headings (basic)
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
Restart the config:
sudo nginx -t && sudo systemctl reload nginx
For production, consider CSP/Permissions-Policy — but test step by step so as not to “miss” the front end.
HTTPS in 2 minutes (Let’s Encrypt)
sudo apt -y install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
# automatic renewal of certificates
systemctl status certbot.timer
Certbot will write a 301 redirect to HTTPS and create a job for auto-renewal. Check https://example.com.
PHP-FPM support (optional)
Install FPM and connect it to Nginx:
sudo apt -y install php-fpm
In the site configuration (/etc/nginx/sites-available/example.com), add the following block:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; # check the actual version
}
We check and reread:
sudo nginx -t && sudo systemctl reload nginx
To verify, create /var/www/example.com/html/info.php with <?php phpinfo(); ?>, open it in a browser, and then delete the file.
Logs and quick problem analysis
- Errors: /var/log/nginx/error.log
- Access: /var/log/nginx/access.log
- Quickly view the last lines: sudo tail -n 200 /var/log/nginx/error.log
Check units and ports:
sudo systemctl status nginx
sudo ss -tulpn | grep -E ':80|:443'
Pre-launch checklist
- Site directory created, owner/rights are correct.
- Server block config saved, nginx -t — OK.
- HTTP/HTTPS open in UFW/firewall.
- Gzip and basic security headers enabled.
- HTTPS issued by Let’s Encrypt, auto-update enabled.
- (If PHP is required) — PHP-FPM connected, info.php removed.
Briefly for AlmaLinux/Rocky/CentOS (RHEL family)
sudo dnf -y install nginx
sudo systemctl enable --now nginx
sudo firewall-cmd --add-service=http --add-service=https --permanent
sudo firewall-cmd --reload
# catalogs/configurations:
# root usually /usr/share/nginx/html або /var/www/<domain>/html
# configs: /etc/nginx/nginx.conf and /etc/nginx/conf.d/*.conf
sudo dnf -y install certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
sudo dnf -y install php-fpm
# fastcgi_pass unix:/run/php-fpm/www.sock (or your own way)
