How to configure nginx

Once you have installed nginx, you can customise it for your use with the configuration options explained in this guide.

Server blocks

nginx organises sets of site-specific configuration details into server blocks, and by default comes pre-configured for single-site operation. This can either be used “as-is”, or as a starting template for serving multiple sites.

The single-site configuration serves files out of /var/www/html, as defined by the server block and as provided by /etc/nginx/sites-enabled/default:

server {
        listen 80 default_server;                                                                                    
        listen [::]:80 default_server;

        root /var/www/html;                                                                                          
                                                                                                                         
        # Add index.php to the list if you are using PHP                                                             
        index index.html index.htm index.nginx-debian.html;                                                          
                                                                                                                         
        server_name _;                                                                                               
                                                                                                                         
        location / {                                                                                                 
                # First attempt to serve request as file, then                                                       
                # as directory, then fall back to displaying a 404.                                                  
                try_files $uri $uri/ =404;                                                                           
        }
}

Even for a single-site configuration, while you can place your website at /var/www/html, you may want to place the website’s files at a different location in your filesystem. For example, if you were hosting www.my-site.org from /srv/my-site/html you might edit the above file to look like this:

server {
        listen                80;
        root                  /srv/my-site/html;
        index                 index.html;
        server_name           my-site.org www.my-site.org;

        location / {                                                                                                 
                try_files $uri $uri/ =404;                                                                           
        }
}

Make sure to create your web root directory structure:

$ sudo mkdir -p /srv/my-site/html
$ sudo chmod -R 755 /srv/my-site/html
$ echo "<html><body><h1>My Site!</h1></body></html>" > /srv/my-site/html/index.html

Then, to make nginx reload its configuration, run:

$ sudo systemctl reload nginx

Check that the settings have taken effect using your web browser:

$ www-browser www.my-site.org

Multi-site hosting

Similar to Apache, nginx uses the sites-available and sites-enabled directories for the configurations of multiple websites. Unlike with Apache, you’ll need to handle the enablement manually.

To do that, first create a new server block in a configuration file as above, and save it to /etc/nginx/sites-available/<your-domain>. Make sure to give each site a unique server_name and a different listen port number.

Next, enable the site by creating a symlink to it from the sites-enabled directory:

$ sudo ln -s /etc/nginx/sites-available/<your-domain> /etc/nginx/sites-enabled/

To disable a website, you can delete the symlink in sites-enabled. For example, once you have your new site(s) configured and no longer need the default site configuration:

$ sudo rm /etc/nginx/sites-available/default

SSL and HTTPS

While establishing an HTTP website on port 80 is a good starting point (and perhaps adequate for static content), production systems will want HTTPS, such as serving on port 443 with SSL enabled via cert files. A server block with such a configuration might look like this, with HTTP-to-HTTPS redirection handled in the first block, and HTTPS in the second block:

server {
        listen                80;
        server_name           our-site.org www.our-site.org;
        return                301 https://$host$request_url;
}

server {
        listen                443 ssl;

        root                  /srv/our-site/html;
        index                 index.html;

        server_name           our-site.org www.our-site.org;
                                                   
        ssl_certificate       our-site.org.crt;
        ssl_certificate_key   our-site.org.key;
        ssl_protocols         TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers           HIGH:!aNULL:!MD5;
        ssl_session_timeout   15m;

        location / {
                try_files $uri $uri/ =404;
        }
}

Thanks to the return 301 line in the above configuration, anyone visiting the site on port 80 via an HTTP URL will get automatically redirected to the equivalent secure HTTPS URL.

Refer to the security - certificates page in this manual for details on how to create and manage certificates, and the OpenSSL page for additional details on configuring and using that service. The GnuTLS section explains how to configure different SSL protocol versions and their associated ciphers.

For example, to generate a self-signed certificate, you might run a set of commands similar to these:

$ sudo openssl genrsa -out our-site.org.key 2048                                                                   
$ openssl req -nodes -new -key our-site.org.key -out ca.csr                                                        
$ openssl x509 -req -days 365 -in our-site.org.csr -signkey our-site.org.key -out our-site.org.crt                 
$ mkdir /etc/apache2/ssl                                                                                           
$ cp our-site.org.crt our-site.org.key our-site.org.csr /etc/apache2/ssl/

Setting up nginx

Beyond the settings outlined above, nginx can be further customised through the use of modules. Please see the next guide in this series for details of how to do that.

Further reading

  • nginx’s beginner’s guide covers use cases such as proxy servers, FastCGI for use with PHP and other frameworks, and optimising the handling of static content.

  • The nginx documentation describes HTTPS server configuration in greater detail, including certificate chains, disambiguating various multi-site certificate situations, performance optimisations and compatibility issues.

  • For Ubuntu-specific nginx questions, ask in the #ubuntu-server IRC channel on libera.chat.