NGINX (pronounced "Engine-X") is a free/libre webserver and reverse-proxy software. It's basically what you're meant to be using instead of Apache2.

Basic Setup

This section covers the base functionality and configuration of NGINX; Simply setting up a static HTML website served over encrypted HTTPS with a Let's Encrypt certificate.


This guide requires:

  • Debian GNU/Linux

  • Ports 80 and 443 port-forwarded on your router

  • Your own domain/subdomain with an A DNS entry pointing to your server's public IPv4 address

  • Basic UNIX knowledge

Also be sure to run

sudo apt update && sudo apt full-upgrade

Before beginning.


On Debian, use:

sudo apt install nginx

(This guide covers NGINX configuration of Debian; Other distributions may have different or more bare-bones configurations compared to Debian, and as such may require more configuration than what is seen here.)


By default, NGINX on Debian scans the /etc/nginx/sites-enabled/ directory for webserver configuration files. The instruction to do so is included in the /etc/nginx/nginx.conf file.

It is recommended to place server configuration files in the /etc/nginx/sites-available directory, and then symbolically linking them to /etc/nginx/sites-enabled to let NGINX see the configurations:

# Enabling a configuration file:
sudo ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/
# Disabling a configuration file:
sudo unlink /etc/nginx/sites-enabled/YOUR_DOMAIN

(It is generally recommended to name your configuration file in
/etc/nginx/sites-available after the server name or domain name: For
example, a website with a domain name such as denshi.org) would have
a configuration file like /etc/nginx/sites-available/denshi.org.)

The actual configuration file at
/etc/nginx/sites-available/YOUR_DOMAIN to serve a static HTML page
should look like this:

server {
        listen 80;
        listen [::]:80;

        server_name YOUR_DOMAIN;

        root /var/www/YOUR_DOMAIN;
        index index.html;

        location / {
                try_files $uri $uri/ =404;

(Once again, ensure YOUR_DOMAIN is replaced with the actual domain/subdomain you wish to use.)

Encryption with Let's Encrypt

By using Let's Encrypt's certbot tool along with the certbot-nginx extension, one can enable encrypted traffic to their server and generate a full-chain encryption certificate.

Begin by installing Certbot and the NGINX extension for it:

sudo apt install python3-certbot python3-certbot-nginx

Then, use the following command to do the rest:

sudo certbot --nginx -d YOUR_DOMAIN --register-unsafely-without-email

Once certificate generation is complete, this command will bring up a prompt to either disable or enable redirection of non-encrypted traffic through the encrypted port.
It is recommended to enable Redirect.

Systemd Service

The nginx package on Debian includes a systemd service:
sudo systemctl restart nginx

Once restarted, NGINX should find your configuration file at /etc/nginx/sites-enabled/ and successfully serve your static HTML site!

Further Configuration

NGINX config files can be edited to add various functionality to a website.
These options allow for NGINX to act as a powerful tool for much more than just serving static content.

Enabling File View/Indexing

While Apache2 has this feature enabled by default, file indexing is
turned off in NGINX unless the user specifies otherwise. Enabling
auto-indexing requires for a location to be set, from where the files
will be served:

    location / {
            autoindex on;


NGINX can proxy traffic from any network location and serve it over the ports specified in a config. To proxy traffic, one must specify the location where the traffic is to be served, and the originating address of the traffic:

    location / {
            proxy_pass http://localhost:8008;


You can redirect any URL in NGINX to any other URL:

server {
            listen 80;
            server_name example.org;
            rewrite ^/test$ https://test.example.org permanent;

This way, https://example.org/test redirects to https://test.example.org.


NGINX doesn't support the full character set required for emojis by default. It can be enabled by adding this line to the http section in /etc/nginx/nginx.conf:

charset utf-8;

Server Tokens

For security reasons, you might want to hide specific NGINX version information from being served. This can be done by uncommenting the following line in /etc/nginx/nginx.conf:

server_tokens off;