How to Install Nginx on Ubuntu (26.04, 24.04, 22.04)

Ubuntu already ships a solid Nginx package in the default repositories, so getting a reverse proxy, a static site server, or the first piece of a LEMP stack online does not need a third-party repo project. You can install Nginx on Ubuntu 26.04, 24.04, and 22.04 straight from APT and move into service checks, firewall rules, and site setup with the stock Ubuntu layout.

For the standard Ubuntu path, you do not download a separate installer. The base nginx package is enough for most deployments, while nginx-full and nginx-extras only make sense when you need their extra Ubuntu-packaged modules. Ubuntu Server, cloud VPS, and minimal images follow the same APT flow, although stripped-down images may still be missing helper tools like curl. If you need a newer upstream branch instead, use the separate guides to install Nginx Mainline on Ubuntu or build Nginx from source on Ubuntu.

Install Nginx on Ubuntu

Start with Ubuntu’s packaged branch unless you already know you need nginx.org mainline or a source build. The default repository path integrates cleanly with systemd, UFW, and the standard Ubuntu file layout.

Choose the Ubuntu Nginx package

Ubuntu offers three common Nginx package choices in the default repositories:

Package	What you get	Best for	Trade-offs
nginx	The standard Ubuntu Nginx package with the default module set	Most reverse proxies, static sites, and first-time installs	Fewer optional modules than the larger Ubuntu variants
nginx-full	nginx plus extra packaged modules such as auth PAM, DAV, GeoIP2, subs filter, and upstream fair	Servers that need more packaged modules without leaving Ubuntu repositories	Larger footprint than the default package
nginx-extras	nginx plus the broadest Ubuntu-packaged module set, including image filter, Perl, mail, stream, fancyindex, uploadprogress, and nchan	Stacks that already depend on Ubuntu’s extra modules	The heaviest package set, and a poor fit if you later switch to nginx.org packages

For most users, install nginx. Move to nginx-full only when you know you need one of its packaged modules, and treat nginx-extras as a niche option for servers that already depend on those extra Ubuntu modules. On current Ubuntu LTS releases, nginx-full and nginx-extras come from the universe repository, so some stripped-down images may need that repository enabled before those package names appear.

Update Ubuntu and install Nginx

Refresh package metadata and apply pending updates before installing the web server:

sudo apt update && sudo apt upgrade -y

This article uses sudo for commands that need root privileges. If your account is not in the sudoers file yet, follow the guide to add a new user to sudoers on Ubuntu first.

Install the default package with:

sudo apt install nginx -y

If you chose one of the larger module bundles, install it directly instead:

sudo apt install nginx-full -y
sudo apt install nginx-extras -y

Both variants install the same Nginx core package plus their extra module sets. Ubuntu starts and enables the service during installation on all three supported LTS releases, so you usually do not need a separate start command unless you disabled it earlier.

Verify the Nginx installation on Ubuntu

Check the installed version first:

nginx -v

nginx version: nginx/1.28.2 (Ubuntu)

Then confirm the service is active:

systemctl status nginx --no-pager

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running) since Tue 2026-03-10 10:54:51 AWST; 3s ago
 Invocation: b34c02167c664cfebe013e6a1af5b860
       Docs: man:nginx(8)
    Process: 11060 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 11061 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 11093 (nginx)

If the service is not active, bring it back with sudo systemctl enable --now nginx and re-run the status check.

Ubuntu’s packaged Nginx branch depends on your LTS release, so version queries are normal:

Ubuntu release	Default Nginx version	What to expect
Ubuntu 26.04	1.28.x	The newest Ubuntu-packaged branch in the current LTS set
Ubuntu 24.04	1.24.x	A long-lived baseline for most LTS deployments
Ubuntu 22.04	1.18.x	An older feature set; move to mainline if you need a newer upstream branch

Configure Firewall Rules for Nginx on Ubuntu

UFW is often installed on Ubuntu servers and cloud images, but it is usually inactive until you enable it. Check its current state before assuming the firewall is already protecting the host.

Allow SSH before enabling UFW on Ubuntu

If you are connected remotely, allow SSH first so enabling the firewall does not cut off your session:

sudo ufw status
sudo ufw allow OpenSSH

Status: inactive

Rules updated
Rules updated (v6)

If you want a broader UFW walkthrough after Nginx is online, use the guide to install and configure UFW firewall on Ubuntu.

Allow the right Nginx UFW profile on Ubuntu

After Nginx is installed, UFW exposes application profiles you can use instead of raw port numbers:

sudo ufw app list

Available applications:
  CUPS
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  Nginx QUIC
  OpenSSH

• Nginx HTTP opens port 80 only.
• Nginx HTTPS opens port 443 only.
• Nginx Full opens both ports 80 and 443.

On Ubuntu 26.04 you may also see Nginx QUIC, which only matters after you intentionally configure HTTP/3. For a standard web server, the usual choice is Nginx Full.

sudo ufw allow 'Nginx Full'
sudo ufw --force enable
sudo ufw status numbered

Status: active

     To                         Action      From
     --                         ------      ----
[ 2] OpenSSH                    ALLOW IN    Anywhere
[ 3] Nginx Full                 ALLOW IN    Anywhere
[ 5] OpenSSH (v6)               ALLOW IN    Anywhere (v6)
[ 6] Nginx Full (v6)            ALLOW IN    Anywhere (v6)

Your server may already have extra rules, so the numbering can differ. The important part is seeing the Nginx profile you chose and an active firewall state.

Create an Nginx Server Block on Ubuntu

A fresh Nginx install serves the default welcome page from /var/www/html. For a real domain, create a separate web root and a separate server block so your site configuration stays isolated from Ubuntu’s stock default.

Create the web root for your Nginx site on Ubuntu

Ubuntu runs Nginx worker processes as www-data by default, so using that user and group keeps a simple static site straightforward.

sudo mkdir -p /var/www/example.com/html
sudo chown -R www-data:www-data /var/www/example.com

Create a basic test page for the new site:

sudo nano /var/www/example.com/html/index.html

Paste in a small test page like this, then save the file:

<html>
  <head>
    <title>example.com on Ubuntu</title>
  </head>
  <body>
    <h1>Nginx server block is working on Ubuntu</h1>
  </body>
</html>

Create the Nginx server block file on Ubuntu

Create a new site definition in sites-available:

sudo nano /etc/nginx/sites-available/example.com.conf

Use this basic server block as the starting point:

server {
    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    root /var/www/example.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

The server_name line ties this block to your domain, and the root line points Nginx at the site files you just created. Once this base site works, you can expand it into a reverse proxy, add URL rewrites, or change listening ports with guides on creating a reverse proxy in Nginx, creating rewrite rules in Nginx, and changing ports in Nginx.

Enable the Nginx server block and test the configuration

Link the new file into sites-enabled, which is the switch that tells Ubuntu’s Nginx layout to load the server block, then validate and reload the service:

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
sudo nginx -t
sudo systemctl reload nginx

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you want to confirm the symlink exists, check it directly:

ls -l /etc/nginx/sites-enabled/example.com.conf

lrwxrwxrwx 1 root root 43 Mar 10 10:58 /etc/nginx/sites-enabled/example.com.conf -> /etc/nginx/sites-available/example.com.conf

Test the Nginx server block before DNS changes finish

Opening http://example.com in a browser only works after the domain already points to this server. Until DNS catches up, test locally with curl and its --resolve switch, which sends the request to your server IP while still using the right hostname.

Some minimal Ubuntu images do not include curl yet. Install it with sudo apt install curl -y if needed, or run the same command from another Linux machine that can reach the server.

If you run the test over SSH on the server, 127.0.0.1 is the server itself. From another machine, replace 127.0.0.1 with the server’s actual public or private IP.

curl --resolve example.com:80:127.0.0.1 http://example.com/

<html>
  <head>
    <title>example.com on Ubuntu</title>
  </head>
  <body>

Manage Nginx on Ubuntu

Once the web server is online, daily maintenance mostly comes down to a few service commands, a small set of file locations, and the normal Ubuntu update path.

Use systemctl to manage Nginx on Ubuntu

Use reload after configuration changes, restart after deeper module or package changes, and enable --now if you need to restore the service immediately:

sudo systemctl reload nginx
sudo systemctl restart nginx
sudo systemctl enable --now nginx
sudo systemctl disable --now nginx

Find important Nginx files and directories on Ubuntu

Path	Purpose
/etc/nginx/nginx.conf	Main global Nginx configuration file
/etc/nginx/sites-available/	Site definitions you keep available but not necessarily enabled
/etc/nginx/sites-enabled/	Symlinks for the server blocks Nginx actually loads
/var/www/html/	Ubuntu’s default web root for the stock welcome page
/var/log/nginx/access.log	Request log
/var/log/nginx/error.log	Error log for syntax, permissions, and upstream failures

Ubuntu’s Nginx worker processes run as www-data by default, which matters when you are setting ownership on web roots, PHP-FPM sockets, cache directories, or upload locations.

Update Nginx on Ubuntu

Use the normal Ubuntu package path to pull newer Nginx updates from your configured repositories:

sudo apt update
sudo apt install --only-upgrade nginx nginx-common -y

nginx is already the newest version (1.28.2-2ubuntu1).
nginx-common is already the newest version (1.28.2-2ubuntu1).

If you installed nginx-full or nginx-extras, include that package name in the upgrade command too so the matching module bundle stays in sync.

Secure Nginx on Ubuntu with Certbot

Once your domain already points at the server and the HTTP site answers correctly, Ubuntu’s Certbot integration is the quickest path to HTTPS.

Install Certbot for Nginx on Ubuntu

Install the Nginx plugin and verify that Certbot is available:

sudo apt install python3-certbot-nginx -y
certbot --version

certbot 4.0.0

When DNS is live for your real domain, issue the certificate against the server block you already tested:

sudo certbot --nginx -d example.com -d www.example.com

Certbot will prompt for your email address and whether HTTP traffic should redirect to HTTPS. After the certificate is issued, it updates the Nginx configuration for you.

Confirm the Certbot renewal timer on Ubuntu

Current Ubuntu packages use a systemd timer for renewal checks, so you do not need to create a custom cron job:

systemctl list-timers certbot.timer --all --no-pager

NEXT                         LEFT LAST PASSED UNIT          ACTIVATES
Tue 2026-03-10 17:56:09 AWST   6h -         - certbot.timer certbot.service

1 timers listed.

That timer-based flow is the current Ubuntu behavior, so old tutorials that still tell you to build a manual Certbot cron job are out of date.

Troubleshoot Nginx on Ubuntu

Most first-run Nginx problems on Ubuntu come down to one of three things: another service already owns port 80, the configuration does not pass nginx -t, or the server is still answering with the stock welcome page instead of your own site.

Fix port 80 conflicts for Nginx on Ubuntu

If Nginx will not start, check what is already listening on TCP port 80. Pairing ss with grep keeps the output focused on the listener you actually care about.

sudo ss -lntp | grep -E '(:80\s|:80$)'

LISTEN 0      5            0.0.0.0:80        0.0.0.0:*    users:(("python3",pid=12237,fd=3))

That output means some other service already owns the port. Stop or reconfigure the conflicting process, then start Nginx again and confirm it returns to an active state.

Fix Nginx configuration test failures on Ubuntu

Always run a configuration test before you reload or restart the service:

sudo nginx -t

2026/03/10 10:59:56 [emerg] 12184#12184: unknown directive "invalid_directive" in /etc/nginx/sites-enabled/example.com.conf:14
nginx: configuration file /etc/nginx/nginx.conf test failed

The file path and line number matter more than the exact text. Fix the broken directive, missing semicolon, or mismatched brace in that file, then run sudo nginx -t again until you get the successful output shown earlier in the server-block section.

Fix the Welcome to nginx page after adding a site on Ubuntu

If your browser still shows the stock welcome page, the usual causes are unfinished DNS propagation or the default site still being enabled. The fastest split test is to hit the server locally with your real hostname.

curl --resolve example.com:80:127.0.0.1 http://example.com/

If that command returns your custom page, Nginx is already configured correctly and DNS is the remaining issue. If it still lands on the stock page and this server only needs your own site, remove the default symlink and reload Nginx:

sudo rm /etc/nginx/sites-enabled/default
sudo systemctl reload nginx

Remove Nginx from Ubuntu

If you no longer need the web server, stop it first and purge the Ubuntu packages:

sudo systemctl disable --now nginx
sudo apt remove --purge -y nginx nginx-common
sudo apt autoremove -y

Confirm the package is gone:

apt-cache policy nginx

nginx:
  Installed: (none)
  Candidate: 1.28.2-2ubuntu1

On current Ubuntu releases, purging nginx and nginx-common removes /etc/nginx for you, so a separate rm -rf /etc/nginx step is usually unnecessary.

Only remove web roots and certificate directories if you created them yourself and know you no longer need the site data. Those paths can contain your actual application files, uploads, or live TLS material.

sudo rm -rf /var/www/example.com
sudo rm -rf /etc/letsencrypt/live/example.com /etc/letsencrypt/archive/example.com
sudo rm -f /etc/letsencrypt/renewal/example.com.conf

Frequently Asked Questions

Conclusion

Nginx is running on Ubuntu with the package branch that matches your LTS release, the firewall open for web traffic, and a server block you can test before DNS fully propagates. From here, you can create a reverse proxy in Nginx, configure security headers in Nginx, or move into a full stack with install WordPress with Nginx, MariaDB, and PHP on Ubuntu.