Nginx on Linux — Installation, Virtual Hosts, SSL, and Performance for Your Business
> cd .. / HUB_EDITORIALE
Sistemi Operativi & Sicurezza

Nginx on Linux — Installation, Virtual Hosts, SSL, and Performance for Your Business

[2026-07-18] Author: Ing. Calogero Bono
> share
Zenithby Meteora Web The operating system for your business. Social, clients, bookings and invoices in one platform. Gyms, barbers, professionals. Discover Zenith Free demo · no card

Is your web server responding slowly? Are SSL certificates expiring without warning? Do virtual hosts feel like a puzzle?

At Meteora Web, we see businesses losing customers because a site takes 4 seconds to load the first line, or an SSL renewal failure takes everything offline for hours. Then the phone rings: 'Meteora, the site is down.'

Nginx is not just a fast, lightweight web server — it's the right choice for anyone who wants control, security, and performance without spending a fortune on licenses. In this guide we'll walk you from installation on Linux (Ubuntu/Debian) to configuring virtual hosts, SSL with Let's Encrypt, and basic optimizations to keep your site snappy. No abstract theory: only commands you can copy, paste, and test right now.

Why is Nginx the Best Choice for Your Linux Server?

The key difference between Nginx and Apache can be explained with an example: Apache spawns a new process for each connection, while Nginx handles thousands of connections with a single event-driven thread. Translation: Nginx uses less RAM and handles more concurrent traffic. For a small business running WooCommerce or a B2B portal, this means saving on server costs and avoiding crashes during traffic spikes.

We've chosen Nginx for every project from scratch, whether it's a LEMP stack (Linux Nginx MySQL PHP) or a Laravel platform. When a client comes to us with Apache, the first optimization we often make is migrating to Nginx: response times drop by 30-50% without touching a single line of application code.

Moreover, Nginx has a clear virtual host system — separate configuration files per domain, no confusion with .htaccess (which it doesn't support — and that's a good thing).

Sponsored Protocol

How to Install Nginx on Ubuntu Server?

Let's start with a VM or VPS running Ubuntu 22.04 or 24.04. Open your terminal and update the packages:

sudo apt update && sudo apt upgrade -y

Then install Nginx:

sudo apt install nginx -y

After installation, start and enable it:

sudo systemctl start nginx
sudo systemctl enable nginx

Check the status:

sudo systemctl status nginx

Open your browser and navigate to your server's IP address. You should see the default Nginx page. If not, check the firewall — on Ubuntu ufw is often disabled, but if you're on a VPS from a provider like DigitalOcean or Aruba, you may need to open ports 80 and 443.

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

Common mistake: thinking that nginx -t is enough. It only tests the syntax — you still need to reload Nginx with systemctl reload nginx after every change.

How to Configure Virtual Hosts (Server Blocks) on Nginx?

Nginx calls virtual hosts server blocks. Each domain (e.g., miosito.it and admin.miosito.it) gets a separate file in /etc/nginx/sites-available/. Then you enable it with a symlink in /etc/nginx/sites-enabled/.

Create a server block for a simple domain (static or PHP site)

Suppose your domain is example.com and your site files live in /var/www/example.com/html. Create the directory:

sudo mkdir -p /var/www/example.com/html
sudo chown -R www-data:www-data /var/www/example.com

Now create the configuration file:

Sponsored Protocol

sudo nano /etc/nginx/sites-available/example.com

And paste:

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com/html;
    index index.html index.php index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
    }
}

Enable the site:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Note: the fastcgi_pass path depends on your PHP version. If you have PHP 8.1, it will be php8.1-fpm.sock. Check with ls /var/run/php/.

If you don't use PHP (static site), just remove the location ~ \.php$ block.

Virtual host with subdomain

Same procedure — just use admin.example.com as server_name and a separate directory. You can have as many server blocks as you want.

Common mistake: forgetting to remove the default symlink /etc/nginx/sites-enabled/default if you don't use it. Otherwise Nginx will match that one and your domain might not work. Disable it with sudo rm /etc/nginx/sites-enabled/default.

How to Enable SSL on Nginx with Let's Encrypt (Free Certificate)?

No excuses for not using HTTPS. Let's Encrypt is free and Certbot automates everything. We do it on every project — an e-commerce site without SSL today is like a shop with the shutter up but no door.

Install Certbot and get the certificate

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d example.com -d www.example.com

Certbot automatically modifies your server block, adding listen 443 ssl and the HTTP-to-HTTPS redirect. It will ask for an email for renewal notifications (required).

Sponsored Protocol

The certificate is valid for 90 days. For automatic renewal, Certbot sets up a systemd timer. Check with:

sudo systemctl status certbot.timer

Test renewal in dry-run mode:

sudo certbot renew --dry-run

Note: if your site is not yet publicly reachable (e.g., local dev), Let's Encrypt can't validate the domain. Use self-signed certificates for testing, but never in production.

Manual SSL configuration (if you want more control)

If you want to customize SSL parameters (e.g., disable old protocols, force HSTS), edit the server block after obtaining the certificate:

server {
    listen 443 ssl http2;
    server_name example.com www.example.com;
    root /var/www/example.com/html;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    location / {
        try_files $uri $uri/ =404;
    }
}

Then reload: sudo systemctl reload nginx.

How to Optimize Nginx for Better Performance?

Once your server is up and HTTPS is working, you can make the site faster without changing a line of PHP or HTML.

Sponsored Protocol

Gzip compression

Enable compression for text-based files (HTML, CSS, JS, JSON). In /etc/nginx/nginx.conf inside the http block:

gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

Then reload. Immediate impact: resource sizes drop by 50-70%.

Static asset caching

Set cache headers for images, fonts, CSS, JS that rarely change. Add inside a server block (or a separate file):

location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf|svg|webp|woff2)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
}

Warning: don't use expires 1y for files you update frequently without changing filenames. Use versioned filenames (e.g., style.abc123.css).

Rate limiting

Protect the server from simple attacks with limit_req. In the http context:

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

Then apply to specific locations, e.g., login or API:

location /api/ {
    limit_req zone=mylimit burst=20 nodelay;
    ...
}

It won't stop a DDoS, but it will block brute-force attempts and malicious crawlers.

Worker processes and connections

Edit /etc/nginx/nginx.conf based on CPU count. Recommended:

worker_processes auto;
events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}

auto sets worker_processes equal to the number of cores. epoll is the most efficient I/O method on Linux.

Sponsored Protocol

How to Test and Monitor Nginx Performance?

After each change, verify with simple but effective tools:

  • nginx -t : check configuration syntax.
  • curl -I https://yourdomain.com : show response headers — useful to see if cache and compression work.
  • PageSpeed Insights or GTmetrix : measure real-user loading times.
  • ab (Apache Bench) : quick load test: sudo apt install apache2-utils && ab -n 1000 -c 50 https://yourdomain.com/

At Meteora Web, we always check Nginx logs when a client reports slowness: /var/log/nginx/access.log and error.log. A 502 error often means PHP-FPM died due to low memory. A 499 means the client closed the connection — maybe because the server was too slow.

What to Do Now

  1. Install Nginx on a test server (even locally with Vagrant or Docker).
  2. Create a virtual host for a dummy domain and put a simple HTML page.
  3. Enable HTTPS with Certbot — or use a self-signed certificate to understand the mechanism.
  4. Apply the optimizations (gzip, cache, worker settings) and measure the difference with GTmetrix.
  5. Read our pillar guide on Linux for developers and sysadmins for more on shell, security, and automation: Linux for Developers and Sysadmins.

To go further, check the official Nginx documentation and the Mozilla SSL Configuration Generator for advanced SSL setups.

Do you already have a site in production? Check now if your certificate is valid and if gzip compression is active. If you don't know where to start, contact us — we'll evaluate your setup and give you a plan to secure and speed up the server.

> share
Ing. Calogero Bono

> AUTHOR_EXTRACTED

Ing. Calogero Bono

Ingegnere informatico, fondatore di Meteora Web e Zenith OS. System administrator e progettista di piattaforme, app e CMS proprietari, con esperienza in sviluppo full-stack, marketing digitale ed ecosistema Google.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> MW_JOURNAL

> READ_ALL()