Cybersecurity Updates & Tools

Install Nginx on Ubuntu 20.04: Setup, Firewall, and Config Guide

Nginx (pronounced “engine x”) is an open-source, high-performance web server and reverse proxy. It is used by some of the largest websites in the world for its ability to handle many concurrent connections with a low memory footprint.

Nginx can work as a:

  • Standalone web server for static and dynamic content
  • Reverse proxy to forward requests to backend apps
  • Load balancer to spread traffic across multiple servers
  • Content cache to reduce load on origin servers

Compared to Apache, Nginx handles more concurrent connections while using less memory per connection. This guide covers how to install Nginx on Ubuntu 20.04, open the firewall, and understand the configuration file structure.

<strong>Prerequisite:</strong>&nbsp;You need a user account with sudo access. Make sure no other web server (like Apache) is running on port 80 or 443 before you start.

Install Nginx on Ubuntu

Nginx is in the default Ubuntu repositories. Install it with:

bashsudo apt updatesudo apt install nginx

The Nginx service starts automatically after install. Confirm it is running:

bashsudo systemctl status nginx

Look for active (running) in the output. That confirms Nginx is up and serving.

You can manage Nginx like any other systemd service:

bashsudo systemctl start nginxsudo systemctl stop nginxsudo systemctl restart nginx

Use reload instead of restart when you change a config file. It applies the new settings without dropping active connections:

bashsudo systemctl reload nginx

Configure the Firewall

Nginx needs access to port 80 for HTTP and port 443 for HTTPS. Use the Nginx Full UFW profile to open both ports at once:

bashsudo ufw allow 'Nginx Full'

Verify the rule is active:

bashsudo ufw status

You should see Nginx Full listed as allowed for both IPv4 and IPv6. It is good practice to open only the ports you actively use and close everything else.

Verify the Installation

Open your browser and go to http://your_server_ip. You should see the default Nginx welcome page. This confirms the server is installed, running, and reachable from the outside.

Nginx Config Structure and Best Practices

Understanding where Nginx keeps its files makes it easier to manage your setup. Here is a quick overview:

Config files live in /etc/nginx/. The main file is /etc/nginx/nginx.conf.

Server blocks (similar to Apache virtual hosts) go in /etc/nginx/sites-available/. Each domain should have its own config file. Name each file after the domain, for example example.com.conf.

Activating a server block requires creating a symlink from the file in sites-available to /etc/nginx/sites-enabled/. Nginx only reads files that are linked to the sites-enabled directory.

Snippets go in /etc/nginx/snippets/. If you reuse the same config blocks across multiple server files, pull them into a snippet file and include it where needed. This keeps your config clean and avoids repetition.

Log files live in /var/log/nginx/. Nginx writes separate access.log and error.log files. Set up separate log files for each domain so you can track and debug issues more easily.

Document root directories can be placed anywhere on the system. The most common locations are:

  • /var/www/<site_name>
  • /var/www/html/<site_name>
  • /home/<user_name>/<site_name>

Nginx is now installed and running on your Ubuntu server. The config structure is clean and easy to work with once you know where each piece lives. When you are ready to go further, adding SSL with Let’s Encrypt is a good next step. Got questions? Leave a comment below.