Install nginx
apt update apt install -y nginx
Open the firewall:
ufw allow 'Nginx Full'
Visit `http://your-vps-ip/` — you should see the default welcome page.
Create a site
Drop a config in `/etc/nginx/sites-available/example.com`:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com;
index index.html;
location / { try_files $uri $uri/ =404; }
}Enable + reload:
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ nginx -t && systemctl reload nginx
HTTPS with Let's Encrypt
apt install -y certbot python3-certbot-nginx certbot --nginx -d example.com -d www.example.com
certbot edits your nginx config in place and adds the renewal cron. You can verify with `certbot renew --dry-run`.
Common pitfalls
- DNS hasn't propagated yet — certbot will fail. Check with `dig +short example.com`.
- Port 80 must be reachable from the public internet for the HTTP-01 challenge.
- If you use Cloudflare, set the SSL mode to **Full (strict)** after the cert is issued.