Install Nginx on Rocky Linux 8 – Quick, Reliable Setup
In this article you’ll get Nginx up and running on a fresh Rocky Linux 8 box, open the right ports in firewalld, and learn the few files you’ll be tweaking when you add real sites. I’ll also point out the bits that tend to bite people who are new to Rocky.
Pull the package from the official repo
Rocky ships Nginx straight from its default repositories, so there’s no need for third‑party PPAs or compiled binaries.
sudo dnf install nginx
When you hit Enter and type y to confirm, dnf pulls the binary and all required libs. I’ve seen a handful of newbies get a “conflicting package” error after a system update because an old repo cache was still around – run dnf clean all first if that happens.
After the install finishes, enable the service so it starts on every boot and launch it right now:
sudo systemctl enable nginx sudo systemctl start nginx
Enabling writes a symlink into /etc/systemd/system/multi-user.target.wants/, guaranteeing Nginx survives a reboot.
Open HTTP in the firewall
Rocky’s default firewall is firewalld. If you left it running during the initial server setup, port 80 will be blocked out of the box. Add the service permanently and reload:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --reload
You can verify the rule with firewall-cmd --list-all. I once forgot this step on a brand‑new VPS, tried to curl the server’s IP from my laptop, and got “Connection timed out”. The fix was just the two lines above.
Verify Nginx is alive
A quick status check tells you whether systemd thinks the process is healthy:
systemctl status nginx
Look for Active: active (running). If it’s stuck in failed, run journalctl -u nginx to see the logs – they usually point straight at a syntax error or a port conflict.
The most reliable sanity test, though, is to request the default page:
curl -4 icanhazip.com # get your public IP
Then pop that IP into a browser (http://<your_ip>). You should see the familiar “Welcome to nginx!” landing page. If you don’t, double‑check that firewalld really allowed port 80 and that SELinux isn’t blocking httpd (see step 6).
Basic service control
You’ll be stopping, starting, and reloading Nginx a lot while you tweak configs. Here’s the cheat sheet:
- Stop – sudo systemctl stop nginx
- Start – sudo systemctl start nginx
- Restart (full stop/start) – sudo systemctl restart nginx
- Reload (apply config changes without dropping connections) – sudo systemctl reload nginx
If you ever need to prevent Nginx from auto‑starting, run sudo systemctl disable nginx; re‑enable it with sudo systemctl enable nginx.
Where the important files live
| Path | What it holds |
|---|---|
| /usr/share/nginx/html | Default document root – contains only the welcome page after install. |
| /etc/nginx/ | Main configuration directory. |
| /etc/nginx/nginx.conf | Global settings; rarely edited unless you need custom worker processes or log formats. |
| /etc/nginx/conf.d/ | Drop‑in files for server blocks (virtual hosts). Each site gets its own .conf. |
| /var/log/nginx/access.log | Every request logged here (unless you turned it off). |
| /var/log/nginx/error.log | Errors, startup problems, and misconfigurations end up here. |
Knowing these locations saves you from digging through the whole filesystem when something goes sideways.
Adding a server block for a real domain
Server blocks let a single Nginx instance serve multiple sites. I usually keep the default root untouched and create per‑site directories under /var/www.
sudo mkdir -p /var/www/yourdomain.com/html
sudo chown -R $USER:$USER /var/www/yourdomain.com/html
Create a tiny test page:
nano /var/www/yourdomain.com/html/index.html
Paste in:
<html>
<head><title>Welcome to yourdomain.com</title></head>
<body>
<h1>Success! Nginx is serving yourdomain.com.</h1>
<p>This is a test page.</p>
</body>
</html>
Now make the server block:
sudo nano /etc/nginx/conf.d/yourdomain.com.conf
server {
listen 80;
listen [::]:80;
root /var/www/yourdomain.com/html;
index index.html;
server_name yourdomain.com www.yourdomain.com;
location / {
try_files $uri $uri/ =404;
}
}
Why each directive matters:
- listen – tells Nginx to accept IPv4 and IPv6 on port 80.
- root – points the block at the directory you just created.
- server_name – matches incoming Host headers; without it the request would fall back to the default block.
- try_files – ensures only existing files are served, otherwise returns a 404.
Test the config syntax before reloading:
sudo nginx -t
If you see syntax is ok and test is successful, apply the change:
sudo systemctl reload nginx
SELinux tweak (often forgotten)
Rocky runs SELinux in enforcing mode by default. To let Nginx read your new document root, set the proper context:
sudo chcon -R -t httpd_sys_content_t /var/www/yourdomain.com/html
Without this, browsers will get a 403 error even though the config looks perfect.
That’s it – you now have a clean Nginx install, firewall open for traffic, and a template for adding as many domains as your hardware can handle.
