How to Install Nginx Webserver on Debian 12
Introduction
Nginx is an open-source, high-performance webserver that also works as a reverse proxy and a load balancer for backend applications. Nginx integrates with modern server-side scripting languages like Python, Golang, and PHP to run dynamic data-driven web applications.
This article explains how to install Nginx on Debian 12, set up virtual hosts, and secure the webserver with Let's Encrypt.
Prerequisites
Before you begin:
- Deploy a Debian 12 instance on Vultr.
- Access the instance through SSH.
- Create a non-root user with
sudoprivileges. - Create a domain or subdomain with an A record pointing to your server's IP. For example,
app.example.com. - Update the instance.
Install Nginx
Nginx is available in the default package repositories on Debian 12. Follow the steps below to update the server package index and install Nginx using the APT package manager.
Update the server's package information index.
console$ sudo apt update
Install Nginx.
console$ sudo apt install nginx -y
Allow HTTP port
80through the firewall.console$ sudo ufw allow 80/tcp
Reload UFW to apply the firewall changes.
console$ sudo ufw reload
Visit your server's public IP address using a web browser such as Chrome to test access to the default Nginx welcome page.
http://SERVER-IP
Manage the Nginx System Service
Nginx uses the nginx systemd service profile to manage the webserver application processes. Follow the steps below to manage the service using systemctl.
Enable the Nginx service to automatically start at boot.
console$ sudo systemctl enable nginx
Output:
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable nginx Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.Start the Nginx service.
console$ sudo systemctl start nginx
View the Nginx service status and verify that it's running.
console$ sudo systemctl status nginx
Output:
● nginx.service - A high performance webserver and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled) Active: active (running) since Sat 2024-08-24 07:00:58 UTC; 1min 35s ago Docs: man:nginx(8) Process: 2560 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 2561 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 2584 (nginx) Tasks: 2 (limit: 1091) Memory: 1.7M CPU: 12ms CGroup: /system.slice/nginx.service ├─2584 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;" └─2585 "nginx: worker process"Stop the Nginx service.
console$ sudo systemctl stop nginx
Restart the Nginx service.
console$ sudo systemctl restart nginx
Create a New Nginx Virtual Host
Nginx virtual host configurations enable the webserver to host multiple websites on a single server. A virtual host configuration consists of multiple directives that define the root directory, server name, error files, and index pages for a specific domain name. Follow the steps below to create a new Nginx virtual host.
Create a new Nginx virtual host configuration file. For example,
app.example.com.conf.console$ sudo touch /etc/nginx/conf.d/app.example.com.conf
Open the file using a text editor like
nano.console$ sudo nano /etc/nginx/conf.d/app.example.com.conf
Add the following contents to the file. Replace
app.example.comwith your actual domain.nginxserver { listen 80; listen [::]:80; server_name app.example.com; root /var/www/html/app.example.com; index index.html; location / { try_files $uri $uri/ =404; } }
Save and close the file.
The above Nginx configuration creates a new virtual host that listens for incoming connections for the
app.example.comdomain and delivers web application files from the/var/www/html/app.example.comdirectory.Create the virtual host's web root directory.
console$ sudo mkdir -p /var/www/html/app.example.com
Create a new
index.htmlweb application file in the directory.console$ sudo nano /var/www/html/app.example.com/index.html
Add the following contents to the file.
html<html> <head></head> <body> <h1>Greetings from Vultr</h1> </body> </html>
Save and close the file.
The above HTML web application displays a
Greetings from Vultrmessage when you access it in a web browser.Grant the
www-datawebserver user and group ownership privileges to the/var/www/html/app.example.comdirectory.console$ sudo chown -R www-data:www-data /var/www/html/app.example.com
Test the Nginx configuration for errors.
console$ sudo nginx -t
Output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successfulRestart the Nginx service to apply the changes.
console$ sudo systemctl restart nginx
Access your domain on a web browser and verify that your web application displays.
http://app.example.com
Secure the Nginx Webserver
Nginx listens for incoming HTTP connections on port 80. To secure the Nginx virtual host through the HTTP port 443, you must install a trusted SSL certificate. Follow the steps below to install a Let's Encrypt SSL certificate.
Install the Certbot Let's Encrypt client tool and the Nginx plugin.
console$ sudo apt install python3-certbot-nginx certbot -y
Generate a new SSL certificate for the virtual host. Replace
app.example.comwith your actual virtual host domain andhello@example.comwith your active email address.console$ sudo certbot --nginx -d app.example.com -m hello@example.com --agree-tos
Ensure Certbot can renew the SSL certificate.
console$ sudo certbot renew --dry-run
Restart Nginx to apply the configuration changes.
console$ sudo systemctl restart nginx
Set Up Firewall Rules
Uncomplicated Firewall (UFW) is available and active on Vultr Debian instances by default. Follow the steps below to allow HTTP and HTTPS ports through the firewall.
View the UFW status and verify that it's active.
console$ sudo ufw status
Allow HTTP port
80through the firewall.console$ sudo ufw allow 80/tcp
Allow HTTPS port
443through the firewall.console$ sudo ufw allow 443/tcp
View the UFW status and verify the new connection rules are available.
console$ sudo ufw status numbered
Output:
Status: active To Action From -- ------ ---- [ 1] 22/tcp ALLOW IN Anywhere [ 2] 80/tcp ALLOW IN Anywhere [ 3] 443/tcp ALLOW IN Anywhere [ 4] 22/tcp (v6) ALLOW IN Anywhere (v6) [ 5] 80/tcp (v6) ALLOW IN Anywhere (v6) [ 6] 443/tcp (v6) ALLOW IN Anywhere (v6)Visit your virtual host domain using HTTPS and verify that your web application displays.
https://app.example.com
Conclusion
You have installed Nginx on Debian 12, set up a new virtual host, and installed a Let's Encrypt Certificate. Nginx works as a webserver, a load balancer, or a reverse proxy. For more information, visit the Nginx documentation.