Applications AWS

nginx-aws

NGINX Open Source on AWS — User Guide

NGINX Open Source is the high-performance web server and reverse proxy installed from the official nginx.org repository. This guide covers connecting to your instance, verifying the server, deploying your own site, enabling the reverse-proxy starter, and configuring HTTPS with Let's Encrypt.

Prerequisites

  • An AWS account with permission to launch EC2 instances.
  • The NGINX Open Source AMI subscribed from AWS Marketplace.
  • An SSH key pair associated with the instance at launch.

Connecting to your instance

OS variant SSH login user
Ubuntu 24.04 ubuntu 
ssh -i /path/to/your-key.pem ubuntu@<instance-public-ip>

Once connected, verify NGINX is running:

nginx -v

nginx version: nginx/1.31.1

systemctl status nginx --no-pager

● nginx.service - nginx - high performance web server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-05-27 17:37:37 UTC; 8s ago
       Docs: https://nginx.org/en/docs/
    Process: 3357 ExecStart=/usr/sbin/nginx -c ${CONFFILE} (code=exited, status=0/SUCCESS)
   Main PID: 3358 (nginx)
      Tasks: 3 (limit: 4520)
     Memory: 2.9M (peak: 3.5M)
        CPU: 11ms
     CGroup: /system.slice/nginx.service
             ├─3358 "nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf"
             ├─3359 "nginx: worker process"
             └─3360 "nginx: worker process"

Confirming the default landing page

Browse to http://<instance-public-ip>/ or run from the instance:

curl -si http://127.0.0.1/ | head -10

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 27 May 2026 17:37:46 GMT
Content-Type: text/html
Content-Length: 2591
Last-Modified: Wed, 27 May 2026 17:35:55 GMT
Connection: keep-alive
ETag: "6a172b7b-a1f"
Accept-Ranges: bytes

The cloudimg default landing page confirms the server is healthy and points to the document root.

Instance information file

On first boot, nginx-firstboot.service writes a summary file:

sudo cat /root/nginx-info.txt

# NGINX Open Source — written on first boot by nginx-firstboot.service.
# This file holds no secrets; NGINX itself is unauthenticated. It is an
# informational summary only.

nginx.version=1.31.1
nginx.document.root=/var/www/html
nginx.config.root=/etc/nginx
nginx.landing.page=http://172.31.81.113/

# Monitoring (reachable from this instance only, by default):
#   http://127.0.0.1/nginx_status   live connection / request counters
#
# Place your website files in /var/www/html. To enable the reverse-proxy starter,
# rename /etc/nginx/conf.d/sample.conf.disabled to sample.conf, edit the
# upstream, run nginx -t, then systemctl reload nginx. To enable HTTPS, follow
# the Let's Encrypt section of the cloudimg user guide.

Document root and web content volume

Customer web content lives on a dedicated, independently resizable 20 GiB EBS volume mounted at /var/www:

df -h /var/www

Filesystem      Size  Used Avail Use% Mounted on
/dev/nvme1n1     20G   32K   19G   1% /var/www

The document root is /var/www/html. Replace the default landing page or deploy your site files there:

sudo cp -r /path/to/your-site/* /var/www/html/
sudo nginx -t && sudo systemctl reload nginx

To grow the volume, resize it in the AWS Console and then:

sudo resize2fs /dev/nvme1n1
df -h /var/www

NGINX configuration layout

/etc/nginx/
├── nginx.conf                       # main config (includes conf.d/*.conf and sites-enabled/*.conf)
├── conf.d/
│   ├── default.conf                 # default server block on port 80
│   ├── cloudimg-status.conf         # placeholder (stub_status is in default.conf)
│   └── sample.conf.disabled         # reverse-proxy starter (rename to enable)
└── sites-available/                 # optional Debian-style sites
    sites-enabled/                   # symlink your sites here

View the effective running configuration:

sudo nginx -T > /tmp/nginx-dump.txt 2>/dev/null; grep -E "root|index |server_name|listen 80|location" /tmp/nginx-dump.txt

    listen 80 default_server;
    server_name _;
    root /var/www/html;
    index index.html index.htm;
    location / {
    location = /nginx_status {

Monitoring with stub_status

The stub_status endpoint is enabled at /nginx_status, accessible from the instance itself:

curl -s http://127.0.0.1/nginx_status

Active connections: 1 
server accepts handled requests
 2 2 2 
Reading: 0 Writing: 1 Waiting: 0

To expose it to a trusted monitoring server, add an allow directive in /etc/nginx/conf.d/default.conf inside the /nginx_status location block, then reload:

sudo nginx -t && sudo systemctl reload nginx

Enabling the reverse-proxy starter

A documented reverse-proxy starter ships disabled at /etc/nginx/conf.d/sample.conf.disabled. To activate it:

sudo cp /etc/nginx/conf.d/sample.conf.disabled /etc/nginx/conf.d/sample.conf
sudo nano /etc/nginx/conf.d/sample.conf   # edit the upstream address
sudo nginx -t
sudo systemctl reload nginx

The starter proxies requests to a backend (e.g. a Node.js app on port 3000). Edit the proxy_pass line to point to your backend.

Enabling HTTPS with Let's Encrypt

  1. Point your domain's A record to the instance public IP.
  2. Install Certbot:

bash sudo apt-get install -y certbot python3-certbot-nginx

  1. Obtain and install a certificate (replace your-domain.com):

bash sudo certbot --nginx -d your-domain.com -d www.your-domain.com

  1. Certbot edits your nginx config and reloads the server automatically. Test auto-renewal:

bash sudo certbot renew --dry-run

Reloading vs restarting nginx

  • Reload (zero-downtime, preferred for config changes):

bash sudo nginx -t && sudo systemctl reload nginx

  • Restart (needed after package upgrades):

bash sudo systemctl restart nginx

Screenshots

NGINX version and service status

Default landing page in browser

NGINX configuration overview

Support

24/7 technical support from cloudimg — email support@cloudimg.co.uk or use the AWS Marketplace support channel.