Nginx is a high-performance, open-source web server that serves static and dynamic content, and also functions as a reverse proxy, load balancer, and HTTP cache. Its event-driven architecture handles thousands of concurrent connections efficiently, making it a popular choice for production deployments and application delivery.

This article explains how to install Nginx on an Ubuntu 26.04 server, configure a virtual host to serve a sample web application, secure the server with a trusted SSL certificate from Let's Encrypt, and set up firewall rules for HTTP and HTTPS traffic.

Prerequisites

Before you begin, you need to:

• Have access to an Ubuntu 26.04 server instance as a non-root user with sudo privileges.
• Have a domain A record pointing to the server's public IP address. For example, app.example.com.

Install Nginx on Ubuntu 26.04

The default Ubuntu 26.04 APT repositories include the Nginx package. The following steps update the package index and install the web server.

1. Update the APT package index.

   console Copy

   $ sudo apt update
   

   Explain Code

2. Install Nginx.

   console Copy

   $ sudo apt install nginx -y
   

   Explain Code

3. Confirm the installed Nginx version.

   console Copy

   $ nginx -version
   

   Explain Code

   Your output should be similar to the one below:

   nginx version: nginx/1.28.2 (Ubuntu)

Manage the Nginx System Service

Nginx runs as a systemd service on Ubuntu, providing standard controls for starting, stopping, and restarting the web server process. The following steps enable automatic startup on boot and demonstrate the core service management commands.

1. Enable Nginx to start automatically at boot time.

   console Copy

   $ sudo systemctl enable nginx
   

   Explain Code

2. Start the Nginx service.

   console Copy

   $ sudo systemctl start nginx
   

   Explain Code

3. Stop the Nginx service.

   console Copy

   $ sudo systemctl stop nginx
   

   Explain Code

4. Restart the Nginx service.

   console Copy

   $ sudo systemctl restart nginx
   

   Explain Code

5. Verify that Nginx is active and running.

   console Copy

   $ sudo systemctl status nginx
   

   Explain Code

   Your output should be similar to the one below:

   ● nginx.service - A high performance web server and a reverse proxy server
        Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
        Active: active (running) since Wed 2026-03-25 18:48:49 UTC; 6s ago

   The Active: active (running) status confirms that Nginx is operational. If the status shows active (failed), stop any process occupying HTTP port 80 and restart the Nginx service.

Set Up Firewall Rules

Uncomplicated Firewall (UFW) is active by default on Ubuntu 26.04. Nginx requires open ports for HTTP and HTTPS traffic. The following steps configure the firewall to allow incoming connections on both ports.

1. Allow HTTP traffic on port 80.

   console Copy

   $ sudo ufw allow 80/tcp
   

   Explain Code

2. Allow HTTPS traffic on port 443.

   console Copy

   $ sudo ufw allow 443/tcp
   

   Explain Code

3. Verify the active firewall rules.

   console Copy

   $ sudo ufw status
   

   Explain Code

   Your output should be similar to the one below:

   Status: active
   
   To                         Action      From
   --                         ------      ----
   80/tcp                     ALLOW       Anywhere
   443/tcp                    ALLOW       Anywhere
   22                         ALLOW       Anywhere
   80/tcp (v6)                ALLOW       Anywhere (v6)
   443/tcp (v6)               ALLOW       Anywhere (v6)
   22 (v6)                    ALLOW       Anywhere (v6)

Create a Web Root Directory

The web root directory stores the files that Nginx serves when a client requests the domain. The following steps create the directory structure and a sample HTML page.

1. Create the web root directory for the virtual host.

   console Copy

   $ sudo mkdir -p /var/www/app.example.com
   

   Explain Code

2. Create a sample index.html file in the web root directory.

   console Copy

   $ sudo nano /var/www/app.example.com/index.html
   

   Explain Code

3. Add the following HTML content to the file.

   html Copy

   <html>
       <head></head>
       <body>
           <h1>Hello World</h1>
       </body>
   </html>
   

   Explain Code

   Save and close the file.

Create a New Nginx Virtual Host

Virtual host configurations direct Nginx to serve specific content based on the requested domain name and the corresponding document root directory. The following steps define a server block for the sample domain, enable it, and verify that Nginx serves the expected content.

1. Create a new virtual host configuration file.

   console Copy

   $ sudo nano /etc/nginx/sites-available/app.example.com.conf
   

   Explain Code

2. Add the following server block configuration.

   ini Copy

   server {
       listen 80;
       listen [::]:80;
   
       server_name app.example.com;
   
       root /var/www/app.example.com;
       index index.html;
   
       location / {
           try_files $uri $uri/ =404;
       }
   }
   

   Explain Code

   Save and close the file.

   This configuration instructs Nginx to listen on port 80 for requests matching the app.example.com domain and serve files from the /var/www/app.example.com directory.

3. Enable the virtual host by creating a symbolic link in the sites-enabled directory.

   console Copy

   $ sudo ln -s /etc/nginx/sites-available/app.example.com.conf /etc/nginx/sites-enabled/
   

   Explain Code

4. Test the Nginx configuration for syntax errors.

   console Copy

   $ sudo nginx -t
   

   Explain Code

5. Restart Nginx to activate the new virtual host.

   console Copy

   $ sudo systemctl restart nginx
   

   Explain Code

6. Verify the virtual host by sending a request to the domain using curl.

   console Copy

   $ curl http://app.example.com
   

   Explain Code

   A successful response returns the HTML content:

   <html>
       <head></head>
       <body>
           <h1>Hello World</h1>
       </body>
   </html>

Secure the Nginx Web Server

SSL certificates encrypt traffic between a client browser and the Nginx web server over HTTPS. By default, Nginx listens on the unencrypted HTTP port 80. The following steps install Certbot and generate a trusted Let's Encrypt SSL certificate to enable HTTPS on your virtual host.

1. Install the Certbot Let's Encrypt client and the Nginx plugin.

   console Copy

   $ sudo apt install certbot python3-certbot-nginx -y
   

   Explain Code

2. Verify the installed Certbot version.

   console Copy

   $ certbot --version
   

   Explain Code

   Your output should be similar to the one below:

   certbot 5.4.0

3. Generate an SSL certificate for your domain. Replace app.example.com with your actual domain name.

   console Copy

   $ sudo certbot --nginx -d app.example.com --agree-tos
   

   Explain Code

   Follow the on-screen prompts to complete the certificate generation. Certbot automatically configures the Nginx virtual host to use the new SSL certificate.

4. Verify that HTTPS is active by sending a request to your domain. Replace app.example.com with your actual domain name.

   console Copy

   $ curl https://app.example.com
   

   Explain Code

   A successful response returns the HTML content served over HTTPS:

   <html>
       <head></head>
       <body>
           <h1>Hello World</h1>
       </body>
   </html>

Conclusion

You have installed and configured Nginx on an Ubuntu 26.04 server with a virtual host, secured it with a Let's Encrypt SSL certificate, and configured firewall rules for HTTP and HTTPS traffic. Nginx supports multiple virtual hosts and integrates with backend services such as PHP-FPM and database servers for dynamic application delivery. For more configuration options, refer to the official Nginx documentation.