Applications

NGINX User Guide

Last updated: 2026-03-25 | Product: NGINX

Overview

This guide covers the deployment and configuration of NGINX on Linux using cloudimg AMIs from the AWS Marketplace. NGINX is a high performance web server, reverse proxy, and load balancer known for its stability, low resource consumption, and ability to handle a large number of concurrent connections.

What's included in this AMI:

NGINX web server with default configuration on port 80
Preconfigured systemd service for automatic startup on boot
Default web root at /usr/share/nginx
OS package update script for keeping the system current
AWS CLI v2 for AWS service integration
Systems Manager Agent (SSM) for remote management
CloudWatch Agent for monitoring
Latest security patches applied at build time
24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

Before launching this AMI, ensure you have:

An active AWS account
An active subscription to the NGINX listing on AWS Marketplace
An EC2 key pair for SSH access
Familiarity with EC2 instance management and SSH

Recommended Instance Type: t3.small (2 vCPU, 2 GB RAM) or larger. The minimum requirements are 1 vCPU, 1 GB RAM, and 20 GB disk space. NGINX is lightweight and performs well even on smaller instances.

Step 1: Launch the AMI

Navigate to the AWS Marketplace and search for "NGINX cloudimg"
Click Continue to Subscribe, accept the terms, then Continue to Configuration
Select your preferred Region and Software Version
Click Continue to Launch
Choose Launch through EC2 for full control over instance configuration
Select your instance type (t3.small recommended)
Configure storage: 20 GB gp3 minimum
Configure your Security Group with the following inbound rules:

Port	Protocol	Source	Purpose
22	TCP	Your IP	SSH access
80	TCP	0.0.0.0/0	NGINX web server (HTTP)
443	TCP	0.0.0.0/0	NGINX web server (HTTPS, if configured)

Select your EC2 key pair and launch the instance

Step 2: Connect via SSH

Once your instance is running and has passed both status checks (2/2), connect using SSH:

ssh -i your-key.pem ec2-user@<public-ip-address>

Replace your-key.pem with the path to your EC2 key pair and <public-ip-address> with your instance's public IP.

Important: Wait for the EC2 instance to reach 2/2 successful status checks before attempting to connect. If you connect too early, you may see errors such as:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

This is expected during the initial boot process. Wait for both status checks to pass and try again.

To switch to the root user:

sudo su -

Step 3: Verify NGINX is Running

NGINX starts automatically on boot. Verify the service is running:

systemctl status nginx

Open your web browser and navigate to:

http://<public-ip-address>:80

You should see the default NGINX welcome page, confirming the server is running and accessible.

Step 4: Deploy Your Website

The default web root is located at /usr/share/nginx/html. To deploy your own content, replace the files in this directory.

Upload files using SCP:

scp -i your-key.pem -r ./my-website/* ec2-user@<public-ip-address>:/tmp/

Then move the files to the web root:

sudo cp -r /tmp/my-website/* /usr/share/nginx/html/

Set correct permissions:

sudo chown -R nginx:nginx /usr/share/nginx/html/
sudo chmod -R 755 /usr/share/nginx/html/

Configuring Virtual Hosts

To serve multiple websites from a single NGINX instance, create server block configuration files.

Create a new server block:

sudo vi /etc/nginx/conf.d/mysite.conf

Example server block configuration:

server {
    listen 80;
    server_name mysite.example.com;
    root /var/www/mysite;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    access_log /var/log/nginx/mysite_access.log;
    error_log /var/log/nginx/mysite_error.log;
}

Test the configuration and reload:

sudo nginx -t
sudo systemctl reload nginx

Configuring as a Reverse Proxy

NGINX is commonly used as a reverse proxy to forward requests to application servers.

Example reverse proxy configuration:

sudo vi /etc/nginx/conf.d/proxy.conf

server {
    listen 80;
    server_name app.example.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

sudo nginx -t
sudo systemctl reload nginx

Server Components

Component	Install Path
NGINX	/etc/nginx

Note: Component versions may be updated on first boot by the automatic OS package update script.

Filesystem Layout

Mount Point	Size	Description
/	38 GB	Root filesystem
/boot	2 GB	Operating system kernel files
/usr/share/nginx	9.8 GB	NGINX web server root

Key NGINX directories:

Directory	Purpose
/etc/nginx	Main configuration directory
/etc/nginx/nginx.conf	Primary configuration file
/etc/nginx/conf.d/	Additional server block configurations
/usr/share/nginx/html	Default web root
/var/log/nginx	Access and error logs
/var/cache/nginx	Cached content

Managing the NGINX Service

NGINX is managed via systemd and starts automatically on boot.

Check service status:

systemctl status nginx

Stop NGINX:

systemctl stop nginx

Start NGINX:

systemctl start nginx

Restart NGINX:

systemctl restart nginx

Reload configuration without downtime:

systemctl reload nginx

Test configuration syntax:

nginx -t

Scripts and Log Files

Script/Log	Path	Description
initial_boot_update.sh	/stage/scripts	Updates the OS with the latest packages on first boot
initial_boot_update.log	/stage/scripts	Output log for the boot update script

NGINX logs:

Log File	Path	Description
access.log	/var/log/nginx/access.log	HTTP request log
error.log	/var/log/nginx/error.log	Error and diagnostic log

On Startup

An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:

rm -f /stage/scripts/initial_boot_update.sh

crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh

Troubleshooting

Cannot access NGINX on port 80

Verify NGINX is running: systemctl status nginx
Check that your security group allows inbound traffic on port 80
Ensure the instance has passed 2/2 status checks
Check error logs: tail -f /var/log/nginx/error.log

Configuration test fails

Run nginx -t to see the exact error and line number
Common issues: missing semicolons, unclosed brackets, duplicate server_name values
Check for syntax errors in files under /etc/nginx/conf.d/

403 Forbidden error

Check file ownership: files should be owned by nginx:nginx
Check directory permissions: directories need 755, files need 644
Verify the root directive in your server block points to the correct path
Check SELinux: getenforce. If enforcing, adjust contexts: chcon -R -t httpd_sys_content_t /var/www/mysite

502 Bad Gateway (when using as reverse proxy)

Verify the backend application is running on the expected port
Check that the proxy_pass URL is correct
Review NGINX error logs: tail -f /var/log/nginx/error.log

Security Recommendations

Enable HTTPS: Install an SSL certificate using Let's Encrypt (certbot) or your own certificate
Hide server version: Add server_tokens off; to the http block in /etc/nginx/nginx.conf
Restrict sensitive paths: Use location blocks with deny all for admin areas
Enable rate limiting: Use limit_req_zone to protect against brute force attacks
Configure security headers: Add headers such as X-Content-Type-Options, X-Frame-Options, and Content-Security-Policy
Keep NGINX updated: Regularly update with yum update nginx
Monitor access logs: Review /var/log/nginx/access.log for suspicious requests
Use firewall rules: Restrict SSH access to your IP and only open ports that are needed

Support

If you encounter any issues with this product, contact cloudimg support:

Email: support@cloudimg.co.uk
Website: www.cloudimg.co.uk
Support hours: 24/7 with guaranteed 24 hour response SLA