You can use NGINX to create a web server easily and, if you come from Apache, you can migrate without too much effort.

Table of Contents

Install and start Nginx

You can search for nginx with your package manager and install it. It usually starts automatically, but you can check if the nginx service is active and if it will start when the system boots up. If your operating system uses systemd as its init process, type:

systemctl status nginx

Check the Loaded and Active lines. In the first line, check if, after the service file path, it says enabled. If not, run (as root or with sudo):

systemctl enable nginx

If in the second line it says inactive (dead), you’ll need to run (as root or with sudo):

systemctl start nginx

Now, you can go to http://<server ip> and you’ll see the Nginx default page.

Nginx default page

Configuration files paths

Test page is usually inside /var/www/html/, but it can also be under /usr/share/nginx/html/ (check what the test page says about that). You don’t need to use these paths for your website.

Websites configuration files path depends on the operating system:

Debian / Ubuntu

These files are under /etc/nginx/sites-available/.

Fedora / CentOS / Amazon Linux

You can create the files inside /etc/nginx/conf.d/.

Add website files

Create a new directory under /var/www/ and give the appropriate permissions for the nginx user (www-data in Debian/Ubuntu, nginx in other OS).

# run this as root or use sudo

mkdir /var/www/mywebsite

chown myuser:www-data /var/www/mywebsite

chmod 2750 /var/www/mywebsite

Once you have copied or created the files, ensure they have proper permissions:

find /var/www/mywebsite/ -type f -exec chmod 640 {} \;

Create a new website config file

Inside /etc/nginx/sites-available/ (for Debian/Ubuntu) or /etc/nginx/conf.d/ (for Fedora and others), create a new file and add these lines (this is the basic content for a website config file).

# /etc/nginx/sites-available/mywebsite
# or /etc/nginx/conf.d/mywebsite.conf
server {
  listen 80;
  root /var/www/mywebsite;
}
  • root specifies where website files are located.

Enable the new website

Debian / Ubuntu

Create a symbolic link between sites-available and sites-enabled:

# run as root or with sudo
ln -s /etc/nginx/sites-available/mywebsite /etc/nginx/sites-enabled/mywebsite

Restart or reload nginx (as root or with sudo):

systemctl restart nginx
# or
systemctl reload nginx

Fedora / CentOS / Amazon Linux

You don’t need to “enable” the website, just restart or reload nginx.

nginx command-line tool

NGINX includes a command-line tool called nginx you can use to stop or reload nginx or to check config files syntax (use it as a root user or with sudo).

  • nginx -s <stop|quit|reopen|reload>
  • nginx -t: check config files syntax.

Add PHP

In order to be able to use PHP, you need to install PHP and PHP FastCGI Process Manager (php-fpm) on your system. Check package names (and versions) for these packages on your system.

# Debian 11
apt install php7.4 php-fpm

Enable PHP on your website by editing your website config file (change PHP version with the one you have installed before):

server {
  listen 80;
  root /var/www/mywebsite/;
  index index.html index.php;
  location ~ .php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  }
}

Finally, reload nginx service and add a .php file with some PHP code for testing (like <?php phpinfo(); ?>).

Enable SSL/TLS

You can encrypt the traffic between your web server and users with SSL/TLS (it’s something highly recommended if your website has some kind of authentication system, but even if it hasn’t, enable SSL is a good choice).

Before doing anything, you need a domain and that domain to redirect to your server public IP (unless you’re using self-signed certificates for testing purposes).

Add a Let’s Encrypt key and certificate (this is needed for encrypt the traffic, you can use certificates from other companies, but LE certificates are free and easy to install).

  • First, install Let’s Encrypt tool, “certbot”. Certbot website has installation info for most operating systems and web servers, but in most Linux distros there is a package called python3-certbot-nginx that contains certbot.
  • Create a new SSL certificate and key:
    # run as root or with sudo
    certbot certonly --nginx
    
  • Follow the steps (select or type your domain and email). Certbot will check that the domain redirects to your server. If everything goes as expected, there will be a certificate file in /etc/letsencrypt/live/<your domain>/fullchain.pem and a key file in /etc/letsencrypt/live/<your domain>/privkey.pem (these paths may be a bit different, check before continuing).

Add a new server block in your website config file.

server {
  listen 443 ssl;
  server_name mywebsite.com;
  root /var/www/mywebsite;
  ssl_certificate /etc/letencrypt/live/mywebsite.com/fullchain.pem; 
  ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
  ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers HIGH:!aNULL:!MD5;
}
  • If you have added PHP, add PHP config lines inside this block.

In order to redirect HTTP requests to HTTPS, modify your original server block like this:

server {
  listen 80;
  server_name mywebsite.com;
  return 301 https://$server_name$request_uri;
}
  • If you are using self-signed certificates, you may need to change $server_name to $server_addr because you are connecting to the website with the IP and not with a domain.

NOTE: You can create self-signed certificates for testing purposes. In this case you don’t need to have a domain, you just run this command to create a key and a certificate (you need to have openssl installed):

openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

SSL reverse proxy

Check Reverse proxy with SSL.