From Fedora Project Wiki

Nginx is a fast and lightweight web, http load balancer, reverse proxy and http cache server. The main characteristics are efficiency and escalability which makes Nginx suited for both the small and the bussiest servers on the Internet.


$ su
# yum install nginx

To have the server start at each boot:

# systemctl enable nginx.service

To start the server now:

# systemctl start nginx.service


The configuration of nginx is straight forward. The main configuration file is located in /etc/nginx/nginx.conf and is structured in the following way, first there is some very general configuration about nginx itself and an events block which look like this:

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/;

events {
   worker_connections  1024;

The advised number of processes is the number of cores/threads your cpu has. Remember that you should write a semicolon(;) after each option, except for the blocks themselves.

After that there is one big http block that contains the general configuration related to this protocol. Notice that inside this block there is the following line

    include /etc/nginx/conf.d/*.conf;

which tells us that the rest of the configuration files are going to be in the configuration directory /etc/nginx/conf.d/ and are going to have a .conf extension.

And inside this http block, either in the nginx.conf file itself or included from the configuration directory /etc/nginx/conf.d/ there is one server block per virtual host.


Nginx was designed to be a webserver. All you need to create a virtual host is to create a new file in the /etc/nginx/conf.d/ directory with a .conf extension and a server block in it. the server block will be automatically included in the http block.

For example, /etc/nginx/conf.d/

server {

listen 80; server_name; root /var/www/; index index.php index.html;



Nginx uses ngx_http_ssl_module which is based on OpenSSL and at the moment there are no alternatives.

Install an existing certificate

If you already have a certificate generated on another computer, move the certificate and the key file to the correct folder, and ensure their SELinux contexts, ownerships and permissions are correct:

# mv key_file.key /etc/pki/tls/private/
# restorecon /etc/pki/tls/private/
# chown root.root /etc/pki/tls/private/
# chmod 0600 /etc/pki/tls/private/
# mv certificate.crt /etc/pki/tls/certs/
# restorecon /etc/pki/tls/private/
# chown root.root /etc/pki/tls/private/
# chmod 0600 /etc/pki/tls/private/

After this set it up

Generate a new certificate

How to generate a new certificate

Configuring TLS hosts =

Modify inside the server block of a particular virtual host the following lines or add them, so it looks like this:

	listen 443 ssl;
	ssl_certificate /etc/pki/tls/certs/
	ssl_certificate_key /etc/pki/tls/private/