Knowledge

How to install Nginx on Ubuntu

#Nginx

Nginx is the web server that sits in front of your application and answers every request. Here is how to install it on Ubuntu, serve your first site, and set it up the way a production server should be.

Published by Mark van Eijk on June 30, 2026 · 2 minute read

  1. Install Nginx
  2. Open the firewall
  3. Understand the directory layout
  4. Serve your first site
  5. Harden TLS with a strong DH group
  6. Let Rocketeers handle it

Nginx is the piece that listens on ports 80 and 443, terminates TLS, serves your static files, and passes everything else to PHP-FPM or your application. It's fast, lightweight, and runs the majority of the busy sites on the web. Here's how to get it running on a fresh Ubuntu server.

Install Nginx

The quickest route is the package in Ubuntu's own repository:

sudo apt-get update
DEBIAN_FRONTEND=noninteractive sudo apt-get install -y nginx

If you want the latest stable release rather than whatever Ubuntu shipped, add the official Nginx repository first:

echo "deb http://nginx.org/packages/ubuntu/ $(lsb_release -sc) nginx" \
  | sudo tee /etc/apt/sources.list.d/nginx.list

Either way, start it and have it come back automatically after a reboot:

sudo systemctl enable --now nginx

Visit your server's IP address in a browser and you should see the default Nginx welcome page.

Open the firewall

If you're running ufw, Nginx ships profiles that open the right ports. Allow HTTP and HTTPS:

sudo ufw allow 'Nginx Full'

Without this, your site is reachable from the server itself but nothing else — a common reason a freshly installed site "doesn't load."

Understand the directory layout

A production Nginx setup keeps one config file per site and switches them on by symlink:

sudo mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled
  • sites-available/ holds a .conf file for every site, whether it's live or not.
  • sites-enabled/ holds symlinks to the ones that are actually active.

Make sure the main nginx.conf includes the enabled sites (most distributions already do):

include /etc/nginx/sites-enabled/*;

Serve your first site

Create a server block for your domain in /etc/nginx/sites-available/example.com.conf:

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com/public;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

The try_files directive is the heart of most routing problems — if you hit a wall, read understanding the Nginx try_files directive. Enable the site by symlinking it, test the config, and reload:

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo service nginx reload

Always run sudo nginx -t before reloading. A single typo can take every site on the server down with a 502 Bad Gateway or 403 Forbidden.

Harden TLS with a strong DH group

If you'll terminate HTTPS on this server (see how to install Certbot), generate a strong Diffie-Hellman parameter file once, up front — it takes a while on 4096 bits but only has to happen one time:

sudo openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096

Reference it in your TLS config to push toward an A+ SSL grade. While you're tuning, it's worth enabling gzip compression too.

Let Rocketeers handle it

Installing Nginx takes a few minutes. Running it well is the ongoing job: per-site server blocks, FastCGI tuning, the right PHP socket per site, compression, security headers, a strong DH group, and syncing real visitor IPs when you sit behind Cloudflare. Rocketeers provisions Nginx the production way and generates a correct, tested vhost for every site you deploy — so you never hand-edit a config file or reload a broken one.

Subscribe to our newsletter

Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now!