How to install and configure a reverse proxy (Nginx) to host multiple sites on one server
Running several websites from one server saves money and simplifies maintenance. This guide walks you through installing Nginx, obtaining certificates, and configuring virtual hosts so multiple domains can coexist securely and reliably. Expect to finish basic setup in 20–60 minutes depending on familiarity.
Step 1: Install Nginx and updates
Update package lists and install Nginx using your system package manager to ensure compatibility and security patches. For Ubuntu/Debian run apt update && apt install -y nginx; for CentOS/RHEL run yum install -y epel-release && yum install -y nginx. After install, enable and start the service with systemctl enable --now nginx to auto-start at boot.
[Illustration: server terminal showing apt install nginx and systemctl start nginx commands]
Step 2: Open firewall ports
Allow HTTP and HTTPS through the firewall so external clients can reach the server. With ufw run ufw allow 80 && ufw allow 443 && ufw enable; with firewalld use firewall-cmd --permanent --add-service=http && firewall-cmd --permanent --add-service=https && firewall-cmd --reload. Confirm ports 80 and 443 are reachable with a quick nmap or curl from another machine.
[Illustration: diagram of server with ports 80 and 443 highlighted and firewall rules being added]
Step 3: Plan directory layout
Create a clean directory structure to separate site files and logs, for example /var/www/example.com/html and /var/www/example.com/log. Use consistent ownership and permissions: mkdir -p /var/www/example.com/{html,log} && chown -R www-data:www-data /var/www/example.com && chmod -R 755 /var/www. This reduces configuration errors and improves security.
[Illustration: filesystem tree showing /var/www with multiple domain folders and html/log subfolders]
Step 4: Create sample site content
Place a small index.html in each site's html folder to test virtual hosts. For example echo '<h1>example.com</h1>' > /var/www/example.com/html/index.html. Set appropriate ownership and test locally with curl http://localhost:80 before adjusting Nginx to confirm files are served correctly.
[Illustration: text editor window creating index.html files in two domain folders and curl response showing HTML content]
Step 5: Define server blocks for each domain
Create separate Nginx server block files under /etc/nginx/sites-available, for example /etc/nginx/sites-available/example.com, and link them into sites-enabled. Each block should set server_name example.com www.example.com; root /var/www/example.com/html; access_log /var/www/example.com/log/access.log; error_log /var/www/example.com/log/error.log. Test configuration with nginx -t and reload with systemctl reload nginx to apply changes.
[Illustration: Nginx config snippet showing server_name, root, access_log and symbolic link from sites-available to sites-enabled]
Step 6: Obtain and install TLS certificates
Use certbot to request free Let's Encrypt certificates for each domain to enable HTTPS. Install certbot and run certbot --nginx -d example.com -d www.example.com, and allow it to update Nginx config automatically. Certificates typically renew every 90 days; set a cron or systemd timer to run certbot renew --quiet twice daily to handle renewals automatically.
[Illustration: terminal running certbot --nginx with success message and certificate file paths listed]
Step 7: Test and monitor sites
Verify each domain resolves to the server public IP and loads over HTTPS using curl -I https://example.com and a browser. Check logs in /var/www/example.com/log for errors and monitor resource usage with top or htop; consider adding free tools like fail2ban for basic protection. Plan periodic review every 30 days to confirm renewals and update packages.
[Illustration: browser window showing multiple domains loaded and terminal with curl -I responses and tailing access logs]
- Use DNS A records pointing each domain to the server's public IPv4 address; if you have IPv6 add AAAA records. Propagation typically takes 5–30 minutes but can be longer.
- Keep a single default_server block that returns a simple 444 or 404 to avoid accidental exposure of other sites when Host headers are missing.
- Automate deployments by storing site config and HTML in version control and deploying with rsync or CI to reduce manual errors.
- Use separate log files per site to quickly diagnose issues; rotate logs with logrotate configured to run daily or weekly and keep 14 copies by default.
- Limit Nginx worker_processes to the number of CPU cores (use auto or an exact core count) and set worker_connections to 1024 or higher depending on expected concurrency.
- Consider using a staging certbot --staging run when first testing to avoid hitting Let's Encrypt rate limits during development.
- Never run certbot with production flags repeatedly during testing or you may hit rate limits; use staging for repeated tests.
- Do not expose administrative ports (SSH, database management) directly to public unless protected by a firewall and strong keys; use fail2ban and key-based SSH only.
- Avoid placing sensitive configuration or credentials in the webroot; keep them outside /var/www and restrict permissions to the minimal user.
- Always run nginx -t to test syntax before reloading or restarting to prevent service outages due to typos.
Was this guide helpful?
More Computers & Electronics guides
How to set up Git, create a repository, and commit code locally
Setting up Git and committing code locally is a small, reliable skill that pays off immediately. In about 10–20 minutes you can install Git, create a repository, and make your first commits so your work is tracked and easy to manage. Follow these clear steps to get a solid local workflow going.
How to migrate email from one provider to another without losing folders or contacts
Migrating email between providers can feel risky, but with a plan you can preserve folders, labels, and contacts while minimizing downtime. This guide walks you through a careful, step-by-step transfer you can complete in a few hours to a couple days depending on mailbox size. Follow the checklist and you’ll keep structure and address data intact.
How to clean dust and replace a laptop fan to fix overheating and throttling
Overheating and CPU/GPU throttling are often caused by dust buildup or a failing fan. This guide walks you through safely cleaning dust and replacing a laptop fan to restore cooling performance and reduce temperature spikes. Read through all steps, gather basic tools, and work in a well-lit, static-safe area.