How to Configure Nginx Server from scratch on Ubuntu


Nginx is a opensource High Performance HTTP web server and Reverse proxy server which is installed between the network and the application to offload concurrency processing, URL switching, HTTP load-balancing, SSL termination, caching, and security policies.

Step 1: Install Nginx on Ubuntu

# updating apt package
sudo apt-get update

#install nginx
sudo apt-get install nginx

#start nginx
sudo service nginx start

#update the system init script 
#which start/stop service as daemons
sudo update-rc.d nginx defaults

If all goes well , Try http://your.server.ip/ you will see a page like shown below

Nginx welcome page

Nginx welcome page

Step 2: Basic Nginx Configuration

#open default server block ( but you can add your own also i.e. mysite )

sudo nano /etc/nginx/sites-available/default

#Adjust the document root directive

root /var/www/nginx/html;

#Adjust the server_name to match your domain and any aliases:

server_name ;

#Your file should look something like this with these changes:

server {
listen 80;
listen [::]:80;

root /var/www/nginx/html;
index index.html index.htm;


location / {
try_files $uri $uri/ =404;

Step 3: Create a second Domain (apart form default)

# Create new server block config file by copying over the default file:

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/

# Now, open the new file you created in your in editor with root privileges:

sudo nano /etc/nginx/sites-available/

# As mentioned above change root directory for new domain content and respective alias names

server {
listen 80;
listen [::]:80;

root /var/www/mysite/html;
index index.html index.htm;


location / {
try_files $uri $uri/ =404;

##Enable your Server Blocks and Restart Nginx
##Creating symbolic links from these files to the sites-enabled directory, which Nginx reads from during startup.

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

#Also we need to adjust one setting really in the default Nginx configuration file.

sudo nano /etc/nginx/nginx.conf

#We just need to uncomment one line. Find and remove the comment from this:

server_names_hash_bucket_size: 64;

#Now, restart Nginx to enable your changes.

sudo service nginx restart

Nginx should now be serving both of your domain names.

1. 2.

Step 4: Nginx as Reverse Proxy and Regular Expression

Step 5: Nginx as Load Balancer

Add Upstream block outside the server block and inside http block

upstream example {
server localhost:8081 ;
# server localhost:8082 down ;
upstream mysite {
server localhost:8083 ;
server localhost:8084 ;

# sticky learn create=$upstream_cookie_sessionid
# lookup=$cookie_sessionid
# zone=client_sessions:1m
# timeout=1h;

Step 6: Geographical based blocking

Step 7: Other Security to Harden Nginx

Step 8: Miscellaneous Uses

# To Check Status of Nginx Server

Add Nginx Status location inside server block allow your ip atleast

location /nginx_status {
stub_status on;
access_log on;
deny all;

# To Enable Compression



# Gzip Settings

gzip on;
#gzip_comp_level 2;
#gzip_http_version 1.0;
#gzip_proxied any;
#gzip_min_length 1100;
#gzip_buffers 16 8k;
#gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
#gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

# Disable for IE < 6 because there are some known problems
gzip_disable "MSIE [1-6].(?!.*SV1)";

# Add a vary header for downstream proxies to avoid sending cached gzipped files to IE6
gzip_vary on;

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.