Installation

Learning Focus

Leave this lesson with a working understanding of installation that you can apply immediately in production.

Full installation walkthrough for both Debian and RHEL families. Everything from the terminal.

tmux Tip

Keep this page open in one tmux pane while running commands in another:

# New vertical split
Ctrl+b %

Ubuntu / Debian Install

Option A: Distro Package (Easier, Slightly Older)

# Install from Ubuntu/Debian repos
sudo apt update
sudo apt install -y nginx

# Check installed version
nginx -v

Option B: Official Nginx Repository (Latest Stable — Recommended)

# Install dependencies
sudo apt install -y curl gnupg2 ca-certificates lsb-release

# Add Nginx signing key
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
  | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null

# Add stable repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
  http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx" \
  | sudo tee /etc/apt/sources.list.d/nginx.list

# Install
sudo apt update
sudo apt install -y nginx

# Verify
nginx -v

AlmaLinux / Rocky Linux / RHEL-Family Install

# Add official Nginx repo
sudo tee /etc/yum.repos.d/nginx.repo > /dev/null <<'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

# Install
sudo dnf install -y nginx

# Enable and start
sudo systemctl enable --now nginx

# Verify
nginx -v

Enable and Start

# Start Nginx
sudo systemctl start nginx

# Enable on boot
sudo systemctl enable nginx

# Combined (start + enable at once)
sudo systemctl enable --now nginx

# Check status
sudo systemctl status nginx

Post-Install Verification

# 1. Service is running
sudo systemctl status nginx | grep "Active:"

# 2. Nginx master process exists
ps aux | grep nginx | grep master

# 3. Worker processes exist
ps aux | grep nginx | grep worker

# 4. Listening on port 80
sudo ss -tlnp | grep :80

# 5. Default page responds
curl -I http://localhost
# Expected: HTTP/1.1 200 OK

# 6. Config test passes
sudo nginx -t
# Expected: configuration file /etc/nginx/nginx.conf test is successful

# 7. Check version
nginx -v
# Example: nginx version: nginx/1.26.2

Firewall Setup

warning

Set up the firewall immediately after install.

UFW (Ubuntu/Debian)

# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Optional: allow SSH first (if not already allowed)
sudo ufw allow 22/tcp

# Enable UFW
sudo ufw enable

# Verify
sudo ufw status numbered

firewalld (AlmaLinux/Rocky)

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

Version Pinning (Prevent Accidental Upgrades)

# Pin Nginx version (Debian/Ubuntu) — prevents accidental upgrades
sudo apt-mark hold nginx

# Unpin when you're ready to upgrade
sudo apt-mark unhold nginx

# Check pinned packages
sudo apt-mark showhold

Key Post-Install Facts

Item	Default Location
Main config	`/etc/nginx/nginx.conf`
Site configs	`/etc/nginx/conf.d/` or `/etc/nginx/sites-available/`
Default web root	`/var/www/html/` (Debian) or `/usr/share/nginx/html/` (RHEL)
Access log	`/var/log/nginx/access.log`
Error log	`/var/log/nginx/error.log`
PID file	`/run/nginx.pid`
Binary	`/usr/sbin/nginx`

Common Day-One Mistakes

Mistake	Consequence	Fix
Not testing config before reload	Nginx fails on restart	Always run `sudo nginx -t` first
Leaving port 80 blocked by firewall	Default page unreachable	`ufw allow 80/tcp`
Not enabling service	Doesn't start after reboot	`systemctl enable nginx`
Editing default config directly	Hard to maintain	Use `conf.d/` or `sites-available/`
Not checking error log	Miss startup errors	`tail -30 /var/log/nginx/error.log`

Hands-On Practice

# Verify Nginx is running
sudo systemctl status nginx

# Test config syntax
sudo nginx -t

# Reload without downtime
sudo nginx -s reload

# Check error log
sudo tail -20 /var/log/nginx/error.log

Common Pitfalls

Pitfall	What happens	Fix
Editing config without reloading	Changes not applied	`sudo nginx -s reload` after every edit
Not running `nginx -t` first	Reload breaks with syntax error	Always test syntax before reloading
Wrong socket path for PHP-FPM	502 Bad Gateway	`ls /run/php/` and verify the exact socket filename

What's Next

Continue to the next lesson in this module, or go to the module index for an overview.
Use the Cheatsheets for quick CLI reference.

Ubuntu / Debian Install​

Option A: Distro Package (Easier, Slightly Older)​

Option B: Official Nginx Repository (Latest Stable — Recommended)​

AlmaLinux / Rocky Linux / RHEL-Family Install​

Enable and Start​

Post-Install Verification​

Firewall Setup​

UFW (Ubuntu/Debian)​

firewalld (AlmaLinux/Rocky)​

Version Pinning (Prevent Accidental Upgrades)​

Key Post-Install Facts​

Common Day-One Mistakes​

Hands-On Practice​

Common Pitfalls​

What's Next​