CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

WEB SERVER

June 23, 2026

How to Install and Configure Nginx on Ubuntu 24.04

9 min read

CloudStick Team

Server Infrastructure

Share this article

Nginx on Ubuntu 24.04

Install Nginx on Ubuntu 24.04

Nginx is available in Ubuntu's default repositories, so installation is a single apt command. The package is kept reasonably current — Ubuntu 24.04 ships Nginx 1.24.x — though if you need the latest mainline build you can add the official Nginx PPA instead. For most production workloads, the default repository version is stable and well-tested.

# Update package index and install Nginx
sudo apt update
sudo apt install nginx -y
# Verify Nginx is running
systemctl status nginx
# Enable Nginx to start at boot
sudo systemctl enable nginx
# Open HTTP and HTTPS through UFW firewall
sudo ufw allow 'Nginx Full'
sudo ufw status

PREREQUISITE

You need a fresh Ubuntu 24.04 VPS with a non-root sudo user and UFW firewall active. If you have not done initial server setup yet, follow our Ubuntu 24.04 server setup checklist first.

Understanding the Nginx Configuration Structure

Nginx organizes configuration into a hierarchy. The main config file at /etc/nginx/nginx.conf contains global settings, worker process counts, and includes all site configs from /etc/nginx/sites-enabled/. You should rarely edit nginx.conf directly — instead create individual server block files in /etc/nginx/sites-available/ and symlink them to sites-enabled.

This separation lets you disable a site by removing its symlink without deleting the config. The default site config lives at /etc/nginx/sites-available/default and serves Nginx's welcome page on port 80. For production you will replace this with your own server block.

Create a Production Server Block

A server block is Nginx's equivalent of Apache's VirtualHost — it maps a domain name to a web root directory. The configuration below serves a PHP application (WordPress or Laravel) via PHP-FPM, handles static files directly in Nginx for performance, and includes a security block that prevents PHP execution inside the uploads directory.

# Create config file for your domain
sudo nano /etc/nginx/sites-available/example.com
# Paste this server block:
server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    root /var/www/example.com/public;
    index index.php index.html;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }
    # Block PHP in uploads (security)
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }
}
# Enable the site and reload Nginx
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

Add Security Headers

Security headers instruct browsers to refuse clickjacking, block MIME-type sniffing, and enforce HTTPS. They take seconds to add but protect against an entire class of client-side attacks. Add these inside your server block or in a shared snippet file that you include across all server blocks.

# Add inside your server {} block:
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
# Hide Nginx version from response headers
# Add to http {} block in /etc/nginx/nginx.conf:
server_tokens off;

Performance Tweaks Worth Enabling

Three settings have the largest impact on a fresh Nginx install: worker tuning, keepalive connections, and static file caching. Set worker_processes auto so Nginx spawns one worker per CPU core. Keepalive connections reduce TCP handshake overhead for repeat visitors. Static file cache headers tell browsers to cache images and CSS for 30 days.

# /etc/nginx/nginx.conf — http {} block
worker_processes auto;
worker_rlimit_nofile 65535;
events {
    worker_connections 1024;
    multi_accept on;
    use epoll;
}
http {
    keepalive_timeout 65;
    keepalive_requests 100;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
}
# Static file caching (inside server block)
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
    expires 30d;
    add_header Cache-Control "public, no-transform";
}

TIP

After any nginx.conf change, always run sudo nginx -t before reloading. This validates the config syntax and catches errors before they take your site down. A bad config with systemctl reload will cause Nginx to refuse to reload, not silently fail.

CloudStick Automates All of This

Every step above — installation, server block creation, security headers, PHP-FPM socket wiring, performance settings — is handled automatically when you add a server to CloudStick. CloudStick installs Nginx with a production-hardened configuration from the start, and each website you create through the dashboard gets its own isolated server block with correct PHP-FPM pooling.

For agencies managing 10 or 20 servers, the manual approach above becomes error-prone. CloudStick's server dashboard lets you create, modify, and rebuild site configurations through a UI without touching config files directly. The underlying Nginx config it generates follows the same best practices outlined here, but consistently across every server you manage.