To set up Nginx on a Linux server, update your packages, install Nginx from your distro\u2019s repository, allow HTTP\/HTTPS in your firewall, start and enable the service, create a server block for your domain, test the configuration, reload Nginx, and add free TLS with Let\u2019s Encrypt for HTTPS. Steps vary slightly by distribution.<\/p>\n\n\n\n
In this guide, you\u2019ll learn how to setup Nginx on a Linux server from scratch\u2014covering installation, firewall rules, server blocks, SSL, reverse proxy, and essential optimizations. Whether you\u2019re on Ubuntu, Debian, CentOS, AlmaLinux, or openSUSE, follow along for a clean, secure, and high\u2011performance Nginx configuration<\/a>.<\/p>\n\n\n\n If SELinux is enforcing and you proxy to upstream apps, allow network connections:<\/p>\n\n\n\n Always validate changes with Below is a simple server block for Debian\/Ubuntu layout:<\/p>\n\n\n\n RHEL\/CentOS\/AlmaLinux layout:<\/p>\n\n\n\n Use Certbot\u2019s Nginx plugin to request and auto\u2011configure certificates. Ensure DNS for your domain points to your server\u2019s IP and port 80 is open.<\/p>\n\n\n\n Certbot sets up auto\u2011renewal via systemd or cron. Test renewal with:<\/p>\n\n\n\n To serve an application listening on On SELinux systems, enable network connections as noted earlier. For PHP apps, use If you\u2019re deploying business\u2011critical sites, managed infrastructure can save hours weekly. At YouStable, our SSD\/NVMe VPS plans deliver consistent performance, free SSL, and 24\u00d77 expert support. We handle server hardening, firewall, and Nginx optimization so you can focus on your application\u2014not Linux minutiae.<\/p>\n\n\n\n With this step\u2011by\u2011step tutorial, you can confidently setup Nginx on a Linux server, enable HTTPS, proxy applications, and optimize performance. If you prefer a faster start, consider a YouStable VPS\u2014prepped for Nginx, security, and scalability from day one.<\/p>\n\n\n\n Use The main file is First run Create one server block per domain with its own Prerequisites and What You\u2019ll Need<\/strong><\/h2>\n\n\n\n
\n
Install Nginx on Linux (All Major Distros)<\/strong><\/h2>\n\n\n\n
Ubuntu\/Debian<\/strong><\/h3>\n\n\n\n
sudo apt update\nsudo apt install -y nginx<\/a>\nsudo systemctl enable --now nginx\nsudo systemctl status nginx --no-pager<\/code><\/pre>\n\n\n\nRHEL\/CentOS\/AlmaLinux\/Amazon Linux<\/strong><\/h3>\n\n\n\n
# RHEL\/AlmaLinux\/Rocky (EPEL may be needed on some versions)\nsudo dnf install -y nginx\nsudo systemctl enable --now nginx\nsudo systemctl status nginx --no-pager\n\n# CentOS 7 (legacy)\nsudo yum install<\/a> -y epel-release\nsudo yum install -y nginx\nsudo systemctl enable --now nginx\n\n# Amazon Linux 2\nsudo amazon-linux-extras install -y nginx1\nsudo systemctl enable --now nginx<\/code><\/pre>\n\n\n\nopenSUSE<\/strong><\/h3>\n\n\n\n
sudo zypper refresh\nsudo zypper install -y nginx\nsudo systemctl enable --now nginx<\/code><\/pre>\n\n\n\nAllow HTTP\/HTTPS in the Firewall (and SELinux)<\/strong><\/h2>\n\n\n\n
UFW (Ubuntu\/Debian)<\/strong><\/h3>\n\n\n\n
sudo ufw allow 'Nginx Full' # opens 80 and 443\nsudo ufw status<\/code><\/pre>\n\n\n\nfirewalld (RHEL\/CentOS\/AlmaLinux\/Fedora)<\/strong><\/h3>\n\n\n\n
sudo firewall-cmd --permanent --add-service=http\nsudo firewall-cmd --permanent --add-service=https\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-all<\/code><\/pre>\n\n\n\nSELinux (if enforcing)<\/strong><\/h3>\n\n\n\n
sudo setsebool -P httpd_can_network_connect 1<\/code><\/pre>\n\n\n\nNginx Directory Structure and Config Basics<\/strong><\/h2>\n\n\n\n
\n
\/etc\/nginx\/nginx.conf<\/code><\/li>\n\n\n\n\/etc\/nginx\/conf.d\/*.conf<\/code> (all distros)<\/li>\n\n\n\n\/etc\/nginx\/sites-available\/<\/code>, symlink to sites-enabled\/<\/code><\/li>\n\n\n\n\/var\/www\/html<\/code><\/li>\n\n\n\n\/var\/log\/nginx\/access.log<\/code>, \/var\/log\/nginx\/error.log<\/code><\/li>\n<\/ul>\n\n\n\nnginx -t<\/code> and reload the service. This prevents downtime from syntax errors.<\/p>\n\n\n\nCreate a Server Block (Virtual Host) for Your Domain<\/strong><\/h2>\n\n\n\n
demo.example.com<\/code> serving static files. Adjust paths and domain as needed.<\/p>\n\n\n\nsudo mkdir -p \/var\/www\/demo.example.com\/html\nsudo chown -R $USER:$USER \/var\/www\/demo.example.com\/html\necho \"<h1>Hello from Nginx on Linux!<\/h1>\" | sudo tee \/var\/www\/demo.example.com\/html\/index.html<\/code><\/pre>\n\n\n\nsudo nano \/etc\/nginx\/sites-available\/demo.example.com<\/code><\/pre>\n\n\n\nserver {\n listen 80;\n listen [::]:80;\n server_name demo.example.com;\n\n root \/var\/www\/demo.example.com\/html;\n index index.html;\n\n access_log \/var\/log\/nginx\/demo_access.log;\n error_log \/var\/log\/nginx\/demo_error.log;\n\n location \/ {\n try_files $uri $uri\/ =404;\n }\n}<\/code><\/pre>\n\n\n\nsudo ln -s \/etc\/nginx\/sites-available\/demo.example.com \/etc\/nginx\/sites-enabled\/\nsudo nginx -t\nsudo systemctl reload nginx<\/code><\/pre>\n\n\n\nsudo nano \/etc\/nginx\/conf.d\/demo.example.com.conf<\/code><\/pre>\n\n\n\nserver {\n listen 80;\n server_name demo.example.com;\n root \/var\/www\/demo.example.com\/html;\n index index.html;\n\n access_log \/var\/log\/nginx\/demo_access.log;\n error_log \/var\/log\/nginx\/demo_error.log;\n\n location \/ {\n try_files $uri $uri\/ =404;\n }\n}<\/code><\/pre>\n\n\n\nsudo nginx -t\nsudo systemctl reload nginx<\/code><\/pre>\n\n\n\nAdd Free HTTPS with Let\u2019s Encrypt (Certbot)<\/strong><\/h2>\n\n\n\n
Install Certbot<\/strong><\/h3>\n\n\n\n
# Ubuntu\/Debian (snap recommended)\nsudo snap install core\nsudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\n\n# RHEL\/AlmaLinux\/CentOS\nsudo dnf install -y certbot python3-certbot-nginx\n\n# openSUSE\nsudo zypper install -y certbot python3-certbot-nginx<\/code><\/pre>\n\n\n\nObtain and Install Certificates<\/strong><\/h3>\n\n\n\n
sudo certbot --nginx -d demo.example.com\n# Choose to redirect HTTP<\/a> to HTTPS when prompted<\/code><\/pre>\n\n\n\nsudo certbot renew --dry-run<\/code><\/pre>\n\n\n\nUse Nginx as a Reverse Proxy (Node.js\/Python\/PHP-FPM)<\/strong><\/h2>\n\n\n\n
127.0.0.1:3000<\/code>, configure Nginx as a reverse proxy with proper headers and WebSocket support:<\/p>\n\n\n\nserver {\n listen 80;\n server_name app.example.com;\n\n # Optional: large uploads\n client_max_body_size 20m;\n\n location \/ {\n proxy_pass http:\/\/127.0.0.1:3000;\n proxy_http_version 1.1;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n proxy_set_header X-Forwarded-Proto $scheme;\n\n # WebSockets\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection \"upgrade\";\n }\n}<\/code><\/pre>\n\n\n\nfastcgi_pass<\/code> to PHP\u2011FPM (e.g., unix:\/run\/php\/php8.2-fpm.sock<\/code>).<\/p>\n\n\n\nPerformance Tuning Essentials<\/strong><\/h2>\n\n\n\n
\n
# \/etc\/nginx\/nginx.conf (http block or include a conf.d\/tuning.conf)\nworker_processes auto;\nevents { worker_connections 4096; }\n\nhttp {\n server_tokens off;\n\n # Gzip\n gzip on;\n gzip_comp_level 5;\n gzip_min_length 1024;\n gzip_types text\/plain text\/css application\/javascript application\/json application\/xml image\/svg+xml;\n\n # Cache static assets (adjust paths\/locations)\n map $sent_http_content_type $expires {\n default off;\n ~image\/ 30d;\n ~font\/ 30d;\n ~text\/css 7d;\n ~application\/javascript 7d;\n }\n\n # Example static caching location\n # location ~* \\.(?:css|js|jpg|jpeg|png|gif|svg|ico|webp|woff2?)$ {\n # expires $expires;\n # add_header Cache-Control \"public, immutable\";\n # }\n}<\/code><\/pre>\n\n\n\nLogging and Monitoring<\/strong><\/h2>\n\n\n\n
\n
sudo tail -f \/var\/log\/nginx\/access.log \/var\/log\/nginx\/error.log<\/code><\/li>\n\n\n\nsudo apt install goaccess<\/code> then goaccess \/var\/log\/nginx\/access.log --log-format=COMBINED<\/code><\/li>\n\n\n\nsudo journalctl -u nginx -e<\/code><\/li>\n<\/ul>\n\n\n\nCommon Errors and Quick Fixes<\/strong><\/h2>\n\n\n\n
\n
sudo ss -ltnp | grep ':80\\|:443'<\/code> and stop\/disable the conflicting service.<\/li>\n\n\n\nsudo nginx -t<\/code>. Fix the reported line and retry.<\/li>\n\n\n\nroot<\/code> path. Web user (e.g., www-data<\/code> or nginx<\/code>) needs read access.<\/li>\n\n\n\nproxy_pass<\/code>\/fastcgi_pass<\/code>. Verify app\u2019s IP:port\/socket and SELinux boolean.<\/li>\n\n\n\ncertbot renew --dry-run<\/code>.<\/li>\n<\/ul>\n\n\n\nWhen to Choose Managed Hosting vs DIY<\/strong><\/h2>\n\n\n\n
Step-by-Step: Verify and Reload Safely<\/strong><\/h2>\n\n\n\n
\n
sudo nginx -t<\/code><\/li>\n\n\n\nsudo systemctl reload nginx<\/code><\/li>\n\n\n\nsudo systemctl status nginx --no-pager<\/code><\/li>\n\n\n\ncurl -I http:\/\/demo.example.com<\/code> and curl -I https:\/\/demo.example.com<\/code><\/li>\n<\/ul>\n\n\n\nBest Practices Checklist<\/strong><\/h2>\n\n\n\n
\n
\/etc\/nginx\/<\/code> and use version control.<\/li>\n\n\n\nFAQs: Setup Nginx on Linux Server<\/strong><\/h2>\n\n\n
How do I check if Nginx is running?<\/strong><\/h3>\n
systemctl status nginx<\/code> or sudo ss -ltnp | grep nginx<\/code> to confirm it\u2019s listening on ports 80\/443. You can also visit your server\u2019s IP in a browser to see the default Nginx welcome page.<\/p>\n\n<\/div>\n<\/div>\nWhere is the Nginx configuration file on Linux?<\/strong><\/h3>\n
\/etc\/nginx\/nginx.conf<\/code>. Extra configs go in \/etc\/nginx\/conf.d\/*.conf<\/code>. On Ubuntu\/Debian, server blocks live in \/etc\/nginx\/sites-available\/<\/code> with symlinks in sites-enabled\/<\/code>.<\/p>\n\n<\/div>\n<\/div>\nHow do I reload Nginx after configuration changes?<\/strong><\/h3>\n
sudo nginx -t<\/code> to validate syntax. If OK, reload with sudo systemctl reload nginx<\/code>. A reload applies changes without dropping active connections.<\/p>\n\n<\/div>\n<\/div>\nHow do I set up multiple websites (virtual hosts)?<\/strong><\/h3>\n
server_name<\/code> and root<\/code>. On Ubuntu\/Debian, add files to sites-available\/<\/code> and enable with symlinks to sites-enabled\/<\/code>. On RHEL-based distros, place each domain in conf.d\/<\/code> as a separate .conf<\/code>.<\/p>\n\n<\/div>\n<\/div>\n