How to Upgrade/Install Nginx Stable or Mainline on Ubuntu 20.04 LTS
If you’re running Ubuntu 20.04 and need a newer nginx than the one in the default repos, this guide shows two ways to get either the stable or mainline build without breaking your existing sites. You’ll see why the official nginx.org repository is usually the smarter choice, and how to fall back to Ubuntu’s packages when you just want “good enough”.
1. Decide which branch you actually need
- Stable – receives only vetted bug‑fixes; best for production servers that can’t afford surprise regressions.
- Mainline – gets the latest features (HTTP/3, new modules) as soon as they land; handy for testing or when a feature isn’t yet in stable.
I’ve been burned once by pulling mainline on a box that was serving a legacy PHP app; the new TLS implementation broke compatibility with an old OpenSSL library. That’s why I always match the branch to the risk level of the service.
2. Method A – Use Ubuntu’s native packages (quick but outdated)
sudo apt update
sudo apt install nginx
Why this works: Ubuntu 20.04 ships nginx 1.18 from its own archive, which is a stable release that will receive security updates via the distro’s regular channel. If you’re fine with “good enough” and want zero extra repos, this is all you need.
When not to use it: The version is frozen at 1.18.x, so you won’t get newer directives like proxy_ssl_server_name that appeared in 1.19+. For most static sites it’s fine; for anything needing the latest HTTP/2 tweaks, look elsewhere.
3. Method B – Pull directly from nginx.org (recommended for fresh features)
a) Add the signing key
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor -o /usr/share/keyrings/nginx-archive-keyring.gpg
The key guarantees that the packages really come from nginx, not some rogue mirror.
b) Choose stable or mainline and create a source list
For stable:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx-stable.list
For mainline:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx-mainline.list
Why separate files: It keeps the two branches isolated, so you can switch later without editing a massive list.
c) Update and install
sudo apt update
sudo apt install nginx
At this point nginx -v will report something like 1.22.x for stable or 1.23.x for mainline, depending on what you chose.
Tip: If you already have the Ubuntu package installed, the repo swap will automatically upgrade it in place. Your /etc/nginx/ config directory stays untouched, but always back up nginx.conf before a major version jump.
4. Verify the installation and restart
sudo systemctl status nginx # confirm it’s running
sudo nginx -t # syntax check your config files
sudo systemctl reload nginx # apply any changes without dropping connections
Running nginx -V (capital V) shows the compile‑time options. You’ll see flags like --with-http_ssl_module, which confirms you’ve got SSL support baked in.
5. Rolling back if something goes sideways
If the new version breaks an app, you can revert to Ubuntu’s package:
sudo apt install nginx=1.18.* # replace * with the exact sub‑version shown by apt-cache policy nginx
Then run sudo systemctl restart nginx. Having the original repo still enabled makes this painless.
6. Keep it tidy
Remove any leftover source list you don’t need:
sudo rm /etc/apt/sources.list.d/nginx-*.list # pick the one you’re not using
sudo apt update
That prevents accidental upgrades to the wrong branch later on.
That’s it—pick the repo that matches your risk tolerance, pull the packages, and you’ll have a fresh nginx ready to serve.
