Skip to main content
Let’s set up the Nginx web server, serve a static site, add PHP, and chart a path to HTTPS. The commands are for root on Ubuntu/Debian; as a regular user, add sudo. The server’s IP and root access come from the VPS card in the @lumivps_bot bot.
If you don’t want to fiddle with configs by hand, it’s easier to deploy your app via Coolify: it sets up the reverse proxy and SSL for you. This guide is for those configuring things manually.

Installing Nginx

1

Install the package

apt update
apt install nginx
The service starts automatically.
2

Verify

Open http://your-server-IP in a browser. The Nginx start page should appear (“Welcome to nginx!”). If the page doesn’t open, port 80 is most likely closed (see the firewall warning below).

How the configs are organized

Sites in Nginx on Ubuntu/Debian are described by separate files:
  • /etc/nginx/sites-available/ — this is where the configs for all sites live;
  • /etc/nginx/sites-enabled/ — a symlink to the active ones goes here.
In other words, you create a file in sites-available and then “enable” it with a symlink in sites-enabled.
# enable the site
ln -s /etc/nginx/sites-available/site /etc/nginx/sites-enabled/

# check the syntax before applying
nginx -t

# apply changes without dropping connections
systemctl reload nginx
Always run nginx -t before reload. If there’s an error in the config, reload won’t apply it and Nginx will keep running on the old configuration — the site won’t go down.

A simple static site

Create a directory for the site’s files and put an index.html in it:
mkdir -p /var/www/site
echo '<h1>It works</h1>' > /var/www/site/index.html
Create the config /etc/nginx/sites-available/site:
/etc/nginx/sites-available/site
server {
    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    root /var/www/site;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}
Enable the site and reload Nginx:
ln -s /etc/nginx/sites-available/site /etc/nginx/sites-enabled/
nginx -t
systemctl reload nginx
The default default config in sites-enabled usually intercepts requests. If your site won’t open, remove the default symlink: rm /etc/nginx/sites-enabled/default and reload again.

Add PHP

For Nginx to handle .php (WordPress, scripts, etc.), you need PHP-FPM:
1

Install PHP-FPM

apt install php-fpm
2

Add a PHP handler to the site config

The socket path depends on the PHP version. The package creates a versioned socket; the unversioned /run/php/php-fpm.sock doesn’t exist — nginx will fail with a 502. First check which sockets you have:
ls /run/php/
You’ll see something like php8.3-fpm.sock. Substitute the exact name in the config below.
Add a location block for .php inside server { ... }:
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php8.3-fpm.sock;  # substitute your version
}
3

Check and reload Nginx

nginx -t
systemctl reload nginx
4

Verify PHP works

Create /var/www/site/info.php with the contents <?php phpinfo(); and open http://example.com/info.php. A table of PHP information should appear. After checking, delete this file — it exposes the server’s configuration.

HTTPS

A site on http:// is worth securing with a certificate so that https:// works. The certificate is installed separately — for free via Let’s Encrypt, automated by the certbot tool. The full walkthrough is on a separate page:

SSL certificate (Let's Encrypt)

How to issue a certificate for free and enable HTTPS with auto-renewal.
For the site to be reachable from outside, open ports 80 (HTTP) and 443 (HTTPS) in the firewall. How to set this up — see firewall.
An alternative to Nginx is the Apache web server (apt install apache2); the principles are the same, but the configs and syntax differ.

Where to next

SSL certificate

Free HTTPS via Let’s Encrypt with auto-renewal.

Firewall

Open ports 80 and 443 for web traffic.