Skip to main content

CLI Quick Reference

Learning Focus

Leave this lesson with a working understanding of cli quick reference that you can apply immediately in production.

All Nginx commands you use regularly, organized by task.

Service Control

# Graceful reload (zero downtime — use for config changes)
sudo nginx -s reload
sudo systemctl reload nginx

# Full restart (drops active connections)
sudo systemctl restart nginx

# Start / Stop
sudo systemctl start nginx
sudo systemctl stop nginx

# Status
sudo systemctl status nginx

# Enable / disable autostart on boot
sudo systemctl enable nginx
sudo systemctl disable nginx

Config Testing

# Test syntax (run before EVERY reload)
sudo nginx -t

# Test + dump merged config
sudo nginx -T

# Safe reload (test first, reload only if OK)
sudo nginx -t && sudo nginx -s reload

# Test non-default config file
sudo nginx -t -c /etc/nginx/nginx.conf

Version and Build

nginx -v                              # Version only
nginx -V                              # Version + compile flags + modules
nginx -V 2>&1 | tr -- - '\n' | grep module   # List modules

Master Process Signals

# Get master PID
cat /run/nginx.pid

# Graceful reload (re-read config, keep serving)
sudo kill -HUP $(cat /run/nginx.pid)

# Graceful shutdown (finish current requests, then stop)
sudo kill -QUIT $(cat /run/nginx.pid)

# Fast shutdown (drop all connections immediately)
sudo kill -TERM $(cat /run/nginx.pid)

# Reopen log files (after log rotation)
sudo kill -USR1 $(cat /run/nginx.pid)

Process Inspection

# All Nginx processes
ps aux | grep nginx | grep -v grep

# Worker count
ps aux | grep "nginx: worker" | grep -v grep | wc -l

# Listening ports
sudo ss -tlnp | grep nginx

# Uptime
ps -p $(cat /run/nginx.pid) -o etime=

# Open file descriptors
sudo lsof -p $(cat /run/nginx.pid) | wc -l

Log Commands

# Live error log
sudo tail -f /var/log/nginx/error.log

# Live access log
sudo tail -f /var/log/nginx/access.log

# Last N lines of errors
sudo tail -100 /var/log/nginx/error.log

# Filter: upstream errors
sudo grep "upstream" /var/log/nginx/error.log | tail -20

# Filter: 5xx errors in access log
sudo grep '" [5]' /var/log/nginx/access.log | tail -20

# Filter errors from last hour
sudo awk -v d="$(date '+%d/%b/%Y:%H')" '$0 ~ d' /var/log/nginx/error.log

# Per-site log
sudo tail -f /var/log/nginx/example.com.error.log

Site Management

# Enable a site (Debian/Ubuntu)
sudo ln -s /etc/nginx/sites-available/example.com \
           /etc/nginx/sites-enabled/example.com

# Disable a site
sudo rm /etc/nginx/sites-enabled/example.com

# List enabled sites
ls -la /etc/nginx/sites-enabled/

# Find all server_name directives
sudo grep -rn "server_name" /etc/nginx/

# Find all root directives
sudo grep -rn "^[[:space:]]*root " /etc/nginx/

# Find all proxy_pass targets
sudo grep -rn "proxy_pass" /etc/nginx/

# Find all listen directives
sudo grep -rn "^[[:space:]]*listen " /etc/nginx/

SSL Verification

# TLS handshake test
openssl s_client -connect example.com:443 -servername example.com

# Check cert expiry
openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -enddate

# Check cert/key match (both hashes must match)
openssl x509 -noout -modulus -in /etc/ssl/certs/example.com.crt | openssl md5
openssl rsa  -noout -modulus -in /etc/ssl/private/example.com.key | openssl md5

# View cert details
openssl x509 -in /etc/ssl/certs/example.com.crt -noout -text | \
  grep -E "Subject:|DNS:|Not After"

# Find cert files referenced in Nginx config
grep -rn "ssl_certificate" /etc/nginx/

Network Diagnostics

# Count HTTPS connections
sudo ss -tn state established '( dport = :443 )' | wc -l

# Test response timing
curl -w "Connect: %{time_connect}s | TTFB: %{time_starttransfer}s | Total: %{time_total}s\n" \
  -o /dev/null -s https://example.com/

# Test with Host header
curl -H "Host: example.com" -I http://localhost/

# Test gzip
curl -H "Accept-Encoding: gzip" -I https://example.com/ | grep content-encoding

# Test HTTP/2
curl -I --http2 https://example.com/ | head -1

# Test redirect chain
curl -L -I https://example.com/ 2>&1 | grep -E "^HTTP|^Location"

PHP-FPM

# Status / restart / reload
sudo systemctl status php8.4-fpm
sudo systemctl restart php8.4-fpm
sudo systemctl reload php8.4-fpm

# PHP version
php8.4 -v

# Loaded php.ini
php8.4 --ini | grep "Loaded Configuration"

# FPM worker count
ps aux | grep php-fpm | grep -v grep | wc -l

# FPM error log
sudo tail -f /var/log/php8.4-fpm.log

# Verify socket exists
ls -la /run/php/php8.4-fpm.sock

Permissions

# Fix web root ownership (www-data is Nginx default on Debian)
sudo chown -R www-data:www-data /var/www/example.com/

# Fix directory permissions
sudo find /var/www/example.com -type d -exec chmod 755 {} \;

# Fix file permissions
sudo find /var/www/example.com -type f -exec chmod 644 {} \;

# Check Nginx worker user
grep "^user" /etc/nginx/nginx.conf

Useful Aliases (add to ~/.bashrc)

alias nginx-reload='sudo nginx -t && sudo nginx -s reload'
alias nginx-test='sudo nginx -t'
alias nginx-status='sudo systemctl status nginx'
alias nginx-log='sudo tail -f /var/log/nginx/error.log'
alias nginx-access='sudo tail -f /var/log/nginx/access.log'
alias fpm-restart='sudo systemctl restart php8.4-fpm'
alias fpm-status='sudo systemctl status php8.4-fpm'
alias fpm-workers='ps aux | grep php-fpm | grep -v grep | wc -l'

source ~/.bashrc