Nginx is a high-performance web server commonly used to serve static files, act as a reverse proxy for application servers, and terminate SSL connections. This guide walks you through installation and basic configuration on Ubuntu and Debian.
ssh root@YOUR_SERVER_IP
Or use the web terminal in the Sitequest dashboard.
apt update
apt install -y nginx
Verify Nginx is running:
systemctl status nginx
Visit http://YOUR_SERVER_IP in your browser — you should see the default Nginx welcome page.
If you use the Sitequest firewall, ensure ports 80 (HTTP) and 443 (HTTPS) are open.
With ufw:
ufw allow 'Nginx Full'
| Path | Purpose |
|---|---|
/etc/nginx/nginx.conf |
Main configuration file |
/etc/nginx/sites-available/ |
Virtual host config files |
/etc/nginx/sites-enabled/ |
Symlinks to active configs |
/var/www/ |
Default web root |
/var/log/nginx/ |
Access and error logs |
Create a directory for your site:
mkdir -p /var/www/example.com/html
chown -R www-data:www-data /var/www/example.com
Add a test page:
echo '<h1>Hello from example.com</h1>' > /var/www/example.com/html/index.html
Create the server block configuration:
nano /etc/nginx/sites-available/example.com
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Enable the site and test the configuration:
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
nginx -t
systemctl reload nginx
To proxy traffic to an application running on localhost:3000:
server {
listen 80;
server_name app.example.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
This is useful when running Node.js, Python, or Docker applications behind Nginx.
Add to the http block in /etc/nginx/nginx.conf:
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript;
Reload Nginx after changes:
systemctl reload nginx
Add these inside your server block for improved security:
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
Brotli offers better compression ratios than Gzip, especially for text-based assets. On Ubuntu 22.04+ you can install the dynamic module:
apt install -y libnginx-mod-brotli
Then add to the http block in /etc/nginx/nginx.conf:
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript image/svg+xml;
Reload Nginx:
systemctl reload nginx
Brotli is only used over HTTPS. Browsers fall back to Gzip when Brotli is not available, so keep both enabled.
HTTP/3 uses QUIC (UDP) for faster connections, especially on mobile networks. You need Nginx 1.25.0+ (Ubuntu 24.04 ships with it, or use the official Nginx repo on older releases).
Check your version:
nginx -v
Update your SSL server block to add HTTP/3 listeners:
server {
listen 443 ssl;
listen [::]:443 ssl;
listen 443 quic;
listen [::]:443 quic;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
add_header Alt-Svc 'h3=":443"; ma=86400' always;
# ... rest of your config
}
Make sure UDP port 443 is open in your Sitequest firewall. Test HTTP/3 support at http3check.net.