How to install Nginx on Ubuntu - Rocketeers app [ Rocketeers ](/) [Login](https://rocketeersapp.com/login) On this page Knowledge --------- How to install Nginx on Ubuntu ============================== ### [\#Nginx](https://rocketeersapp.com/knowledge/nginx) Nginx is the web server that sits in front of your application and answers every request. Here is how to install it on Ubuntu, serve your first site, and set it up the way a production server should be. Published by [Mark van Eijk](https://rocketeersapp.com/author/mark-van-eijk) on June 30, 2026 · 2 minute read 1. [Install Nginx](#content-install-nginx) 2. [Open the firewall](#content-open-the-firewall) 3. [Understand the directory layout](#content-understand-the-directory-layout) 4. [Serve your first site](#content-serve-your-first-site) 5. [Harden TLS with a strong DH group](#content-harden-tls-with-a-strong-dh-group) 6. [Let Rocketeers handle it](#content-let-rocketeers-handle-it) [Nginx](https://nginx.org) is the piece that listens on ports 80 and 443, terminates TLS, serves your static files, and passes everything else to [PHP-FPM](/how-to-install-php) or your application. It's fast, lightweight, and runs the majority of the busy sites on the web. Here's how to get it running on a fresh Ubuntu server. [\#](#content-install-nginx "Permalink")Install Nginx ----------------------------------------------------- The quickest route is the package in Ubuntu's own repository: ``` sudo apt-get update DEBIAN_FRONTEND=noninteractive sudo apt-get install -y nginx ``` If you want the latest stable release rather than whatever Ubuntu shipped, add the official Nginx repository first: ``` echo "deb http://nginx.org/packages/ubuntu/ $(lsb_release -sc) nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list ``` Either way, start it and have it come back automatically after a reboot: ``` sudo systemctl enable --now nginx ``` Visit your server's IP address in a browser and you should see the default Nginx welcome page. [\#](#content-open-the-firewall "Permalink")Open the firewall ------------------------------------------------------------- If you're running `ufw`, Nginx ships profiles that open the right ports. Allow HTTP and HTTPS: ``` sudo ufw allow 'Nginx Full' ``` Without this, your site is reachable from the server itself but nothing else — a common reason a freshly installed site "doesn't load." [\#](#content-understand-the-directory-layout "Permalink")Understand the directory layout ----------------------------------------------------------------------------------------- A production Nginx setup keeps one config file per site and switches them on by symlink: ``` sudo mkdir -p /etc/nginx/sites-available /etc/nginx/sites-enabled ``` - `sites-available/` holds a `.conf` file for every site, whether it's live or not. - `sites-enabled/` holds symlinks to the ones that are actually active. Make sure the main `nginx.conf` includes the enabled sites (most distributions already do): ``` include /etc/nginx/sites-enabled/*; ``` [\#](#content-serve-your-first-site "Permalink")Serve your first site --------------------------------------------------------------------- Create a server block for your domain in `/etc/nginx/sites-available/example.com.conf`: ``` server { listen 80; server_name example.com www.example.com; root /var/www/example.com/public; index index.php index.html; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/var/run/php/php8.4-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } ``` The `try_files` directive is the heart of most routing problems — if you hit a wall, read [understanding the Nginx try\_files directive](/nginx-try-files). Enable the site by symlinking it, test the config, and reload: ``` sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/ sudo nginx -t sudo service nginx reload ``` Always run `sudo nginx -t` before reloading. A single typo can take every site on the server down with a [502 Bad Gateway](/502-bad-gateway-nginx) or [403 Forbidden](/403-forbidden-nginx). [\#](#content-harden-tls-with-a-strong-dh-group "Permalink")Harden TLS with a strong DH group --------------------------------------------------------------------------------------------- If you'll terminate HTTPS on this server (see [how to install Certbot](/how-to-install-certbot)), generate a strong Diffie-Hellman parameter file once, up front — it takes a while on 4096 bits but only has to happen one time: ``` sudo openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 4096 ``` Reference it in your TLS config to push toward an [A+ SSL grade](/a-plus-grade-ssl-using-cloudflare). While you're tuning, it's worth [enabling gzip compression](/enable-gzip-compression-nginx) too. [\#](#content-let-rocketeers-handle-it "Permalink")Let Rocketeers handle it --------------------------------------------------------------------------- Installing Nginx takes a few minutes. Running it well is the ongoing job: per-site server blocks, FastCGI tuning, the right PHP socket per site, compression, security headers, a strong DH group, and syncing real visitor IPs when you sit behind Cloudflare. Rocketeers provisions Nginx the production way and generates a correct, tested vhost for every site you deploy — so you never hand-edit a config file or reload a broken one. ### Subscribe to our newsletter Do you want to receive regular updates with fresh and exclusive content to learn more about web development, hosting, security and performance? Subscribe now! Fill in your email address to receive updates Subscribe #### More in [\#Nginx](https://rocketeersapp.com/knowledge/nginx) - [Server Side Includes (SSI) in nginx](https://rocketeersapp.com/knowledge/server-side-includes-ssi-nginx) - [Configure Content Security Policy with nonce using nginx](https://rocketeersapp.com/knowledge/content-security-policy) - [nginx rewrite or internal redirection cycle](https://rocketeersapp.com/knowledge/nginx-rewrite-or-internal-redirection-cycle) - [nginx: upstream sent too big header](https://rocketeersapp.com/knowledge/nginx-upstream-sent-too-big-header) - [Detect Googlebot visits using nginx](https://rocketeersapp.com/knowledge/detect-googlebot-nginx) - [Use nginx try\_files to make your site static](https://rocketeersapp.com/knowledge/nginx-try-files) [View all 7 articles →](https://rocketeersapp.com/knowledge/nginx)