Fedora

How to Install Nginx on Fedora 44

Last updated Sunday, May 17, 2026 1:06 pm Joshua James 8 min read
Nginx logo with arrow pointing to Fedora logo on blue tech background

Most self-hosted Fedora systems need a reverse proxy or static site server before the application layer matters, and Nginx still fits that job with a small footprint and straightforward syntax. You can install Nginx on Fedora from the default DNF repositories, then use the same package for static sites, reverse proxies, and the first layer of a PHP stack.

Fedora’s Nginx package is available through the standard Fedora repositories, so the default path uses DNF-managed updates instead of a third-party repo. Exact build numbers change with Fedora updates; the Fedora 44 examples use nginx-1.30.1-1.fc44.x86_64 and keep the Fedora-native server block layout under /etc/nginx/conf.d/.

Install Nginx on Fedora

Update Fedora and install the Nginx package

Refresh package metadata first so Fedora pulls the current Nginx build and any dependency updates cleanly.

sudo dnf upgrade --refresh

These commands use sudo for tasks that need root privileges. If your account does not have sudo access yet, run them as root or follow the guide on add a user to sudoers on Fedora.

Install Nginx on Fedora with sudo dnf install nginx.

sudo dnf install nginx

Confirm the package version before you move on.

rpm -q nginx
nginx-1.30.1-1.fc44.x86_64

Fedora’s package also creates the nginx service user and sets the main config to run worker processes as that account.

grep -E '^user[[:space:]]+nginx;' /etc/nginx/nginx.conf
user nginx;

Enable and verify the Nginx service on Fedora

Fedora installs the package without starting the service, so enable it once and start it immediately with the same command.

sudo systemctl enable --now nginx

Check both the boot-time state and the live service state.

systemctl is-enabled nginx
systemctl is-active nginx
enabled
active

For a quick local response check, request the default page headers from the same Fedora host.

curl -fsSI http://127.0.0.1/

Relevant output includes:

HTTP/1.1 200 OK
Server: nginx/1.30.1
Content-Type: text/html
Content-Length: 8484

Open the default Nginx page in a browser

If you are working on the Fedora host directly, open http://localhost. From another machine, wait until the firewall section opens web traffic, then browse to the server hostname or Fedora IP address.

Screenshot showing the default Nginx test page successfully loaded on Fedora Linux.
Successful load of the default Nginx page confirms the Fedora service is responding.

The packaged welcome page proves Nginx is listening. After you add a domain-based server block, a bare IP address can still show this default page until you change the default listener as well.

Configure Firewall Rules for Nginx on Fedora

Allow HTTP and HTTPS through firewalld

Fedora Workstation and Server usually have firewalld active already, but trimmed installs may need the service enabled first. If you do not have firewalld running yet, follow the guide on install firewalld on Fedora before opening web traffic.

Add the HTTP and HTTPS service rules, then reload firewalld so the permanent changes become active.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Verify the web firewall rules on Fedora

Query each rule directly so you know both services are active in the current zone.

firewall-cmd --query-service=http
firewall-cmd --query-service=https
yes
yes

Configure a Server Block for Nginx on Fedora

Fedora’s packaged Nginx config already loads extra site definitions from /etc/nginx/conf.d/*.conf, so you do not need a Debian-style sites-available and sites-enabled layout. The example uses example.com; replace it with the domain that should point to this Fedora host.

Create the site directory and set the SELinux context

Create the document root first. The -p flag makes any missing parent directories.

sudo mkdir -p /var/www/example.com/html

Give your regular user ownership of the custom web root so you can edit site files without switching back to root every time. The $USER variable expands to the account running the command.

sudo chown -R $USER:$USER /var/www/example.com

Set the directory permissions so Nginx can read the files while you retain write access through your own account.

sudo chmod -R 755 /var/www/example.com

Fedora’s SELinux policy blocks custom web roots until the directory carries the web-content label. Install the management tools if semanage is not available, then add the correct label and apply it.

sudo dnf install policycoreutils-python-utils

Add the SELinux label to the custom site directory.

sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/example.com(/.*)?"

Apply the label to the existing files and directories.

sudo restorecon -Rv /var/www/example.com

Verify the final SELinux context before you continue.

ls -Zd /var/www/example.com/html
unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/example.com/html

The important field is the httpd_sys_content_t type. The SELinux user field can differ depending on how the directory was created.

Create a test page for the Fedora Nginx site

Because you own this document root now, you can create a quick test page without sudo.

nano /var/www/example.com/html/index.html

Add the following HTML, replacing example.com with your real domain name.

<!DOCTYPE html>
<html>
<head>
    <title>Welcome to example.com!</title>
</head>
<body>
    <h1>Success! The example.com server block is working!</h1>
</body>
</html>

Save the file, then close the editor. This page gives you an easy domain-based check before you move on to real application content.

Create the Fedora Nginx server block

Fedora already reads extra site definitions from /etc/nginx/conf.d/, so place the domain config there and leave the packaged /etc/nginx/nginx.conf include path alone.

sudo nano /etc/nginx/conf.d/example.com.conf

Use a server block that points to the custom document root and matches the domain you plan to browse.

server {

    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    root /var/www/example.com/html;

    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Save the file, then close the editor. If you plan to serve only one hostname, drop the unused alias from server_name now instead of carrying it into production.

Test and reload the Fedora Nginx configuration

Check the syntax before you reload Nginx so a typo does not take the service down.

sudo nginx -t

Expected output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload Nginx only after the syntax test succeeds.

sudo systemctl reload nginx

Verify the domain-based Nginx site

Before DNS points at the server, test the name-based server block locally from the Fedora host. The --resolve option maps the example domain to loopback for this one request.

curl --noproxy '*' -fsS --resolve example.com:80:127.0.0.1 http://example.com/

Relevant output includes the custom heading from the test file:

<h1>Success! The example.com server block is working!</h1>

After public DNS points to the Fedora host, browse to http://example.com. That request should match the new server_name and serve the custom page from /var/www/example.com/html.

If the domain still lands on the packaged Fedora page, the request is still hitting the default server rooted at /usr/share/nginx/html. That usually means DNS is pointing somewhere else, the server_name does not match the hostname you used, or the custom file in /etc/nginx/conf.d/ did not load cleanly.

Secure Nginx with Let’s Encrypt on Fedora

Once the domain-based site is loading over HTTP, add TLS. Certbot’s Nginx plugin can request the certificate, write the redirect rules, and tie renewal into Fedora’s systemd timer. For extra brute-force protection around web and SSH services, you can also install Fail2Ban with firewalld on Fedora.

Install Certbot for Nginx on Fedora

Install the Certbot core package and the Nginx plugin from Fedora’s repositories.

sudo dnf install python3-certbot-nginx

Request the certificate and redirect HTTP to HTTPS

Run Certbot against the server block that already answers for your public domain. Replace the sample email and domain with your own values.

sudo certbot --nginx --agree-tos --redirect --email you@example.com -d example.com -d www.example.com

The --redirect flag writes the HTTP-to-HTTPS redirect for you. Add --hsts only after you are sure the domain should always use HTTPS, because browsers can remember HSTS and keep forcing HTTPS later. The --staple-ocsp option is also available when you want Certbot to add OCSP stapling to the generated Nginx config.

Check the automatic renewal path on Fedora

Fedora’s Certbot packages install the certbot-renew.timer unit and leave it enabled by default, but the timer can stay inactive until you start it once. Confirm the installed units first.

systemctl list-unit-files "certbot*"

Relevant output includes:

UNIT FILE             STATE   PRESET
certbot-renew.service static  -
certbot-renew.timer   enabled enabled

If the timer is inactive, start it once and then verify both its enabled and active state.

sudo systemctl start certbot-renew.timer
systemctl is-enabled certbot-renew.timer
systemctl is-active certbot-renew.timer
enabled
active

After the first certificate is in place, run a dry run to confirm renewal and reload hooks work cleanly.

sudo certbot renew --dry-run

A successful dry run ends with a confirmation that the simulated renewals succeeded.

Troubleshoot Nginx on Fedora

Most early Nginx problems on Fedora come from the default server block still answering first, a syntax error in the custom config, or SELinux blocking a new document root.

Fix the Fedora default page still showing instead of your site

If your domain still shows the packaged Nginx page, confirm that the custom config exists in Fedora’s active include path and that the domain matches the server_name line inside it.

grep -R "server_name" /etc/nginx/conf.d/
sudo nginx -t

Direct IP requests can still hit the default server rooted at /usr/share/nginx/html. Use the hostname from your server_name directive when you test the custom site.

Fix 403 Forbidden for a custom Nginx site on Fedora

A 403 response usually means the content path has the wrong SELinux label or the directory permissions no longer let Nginx traverse the path. For a broader cause list, use the dedicated guide to fix Nginx 403 Forbidden errors.

ls -Zd /var/www/example.com/html
sudo restorecon -Rv /var/www/example.com

Relevant output includes the httpd_sys_content_t label on the document root.

unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/example.com/html

If the label is still wrong after restorecon, rerun the semanage fcontext command from the setup section and make sure the parent directories keep execute permission for other users.

Manage Nginx on Fedora

Manage the Nginx service on Fedora

Use these systemctl commands when you need to stop, start, reload, or change the boot-time behavior of the Nginx service.

sudo systemctl stop nginx

Start the service again when you want Nginx back online:

sudo systemctl start nginx

When configuration changes require a full process restart, use the restart command:

sudo systemctl restart nginx

Reload the service when you want Nginx to pick up config changes without dropping the main process:

sudo systemctl reload nginx

Enable Nginx at boot if this host should start serving traffic automatically after a reboot:

sudo systemctl enable nginx

Disable that autostart behavior if you only want to run Nginx manually:

sudo systemctl disable nginx

Review Nginx logs on Fedora

Fedora stores Nginx request and error logs under /var/log/nginx/. List the directory when you need to confirm which logs exist on the host.

sudo ls -l /var/log/nginx/

Follow the access log live while you test requests against the server:

sudo tail -f /var/log/nginx/access.log

Print the last 30 access-log lines when you want a quick snapshot instead of a live stream:

sudo tail -n 30 /var/log/nginx/access.log

For filtering, the grep command in Linux can isolate one IP address or a dated error pattern.

sudo grep 'IP_ADDRESS' /var/log/nginx/access.log
sudo grep "$(date '+%Y/%m/%d')" /var/log/nginx/error.log

Replace IP_ADDRESS with the address you are investigating. If you want a quick status-code summary, extract the ninth access-log field and count the results:

sudo awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -n

Review Nginx log rotation on Fedora

Fedora installs the Nginx logrotate policy at /etc/logrotate.d/nginx. Review the file before changing retention, compression, or post-rotation behavior.

sudo sed -n '1,80p' /etc/logrotate.d/nginx

Fedora 44 currently ships this policy:

/var/log/nginx/*.log {
    create 0640 nginx root
    daily
    rotate 10
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /usr/bin/systemctl kill --signal=SIGUSR1 --kill-who=main nginx.service 2>/dev/null || \
        true
    endscript
}

Keep the packaged defaults unless your retention or monitoring requirements differ. If Fail2Ban watches Nginx logs, reload or restart the relevant jail after changing log paths or rotation timing.

Update Nginx on Fedora

Back up the Nginx configuration on Fedora

Back up the main Nginx config before a major package update or a risky config change. For a fuller rollback point, archive the whole Nginx directory as well.

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sudo tar -czf "$HOME/nginx-config-$(date +%F).tar.gz" -C /etc nginx

The archive command stores the Nginx directory as nginx-config-YYYY-MM-DD.tar.gz in your home directory.

Run the Nginx update on Fedora

Confirm that Nginx is installed, then refresh Fedora’s package metadata and apply the packaged Nginx update.

rpm -q nginx
sudo dnf upgrade --refresh nginx

If rpm -q nginx says the package is not installed, use the install section first. DNF upgrades the installed Fedora package and its required dependencies from the enabled repositories.

Review the package changes before confirming the upgrade on production hosts.

Remove Nginx from Fedora

If you no longer need Nginx, remove the Fedora package with DNF. Review the transaction before confirming because DNF can remove unused Nginx dependencies in the same operation.

sudo dnf remove nginx

Verify the package is removed:

rpm -q nginx

The output confirms removal:

package nginx is not installed

Website files in /var/www/, custom server blocks in /etc/nginx/conf.d/, and certificates under /etc/letsencrypt/ are not removed by DNF. Delete those paths only after backing up content or certificates you still need.

Remove the example server block, document root, and SELinux file-context rule only when those paths belong to the site you are deleting.

sudo rm -f /etc/nginx/conf.d/example.com.conf
sudo rm -rf /var/www/example.com
sudo semanage fcontext -d "/var/www/example.com(/.*)?"

Conclusion

Nginx is running on Fedora with firewalld rules in place, a domain-based server block under /etc/nginx/conf.d/, and a clear path to HTTPS through Certbot. If this host will serve PHP, the next step is to configure Nginx for PHP-FPM on Fedora. For proxy or hardening work, create a reverse proxy in Nginx or configure security headers in Nginx next.

Follow LinuxCapable

Want more LinuxCapable guides in Google?

Add LinuxCapable as a preferred source so Google can show more of our fresh Linux tutorials in Top Stories and From your sources when relevant.

Add LinuxCapable as a preferred source on Google
Search LinuxCapable

Need another guide?

Search LinuxCapable for package installs, commands, troubleshooting, and follow-up guides related to what you just read.

Found this guide useful?

Support LinuxCapable to keep tutorials free and up to date.

Buy me a coffeeBuy me a coffee
Before commenting, please review our Comments Policy.
Formatting tips for your comment

You can use basic HTML to format your comment. Useful tags currently allowed in published comments:

You type Result
<code>command</code> command
<strong>bold</strong> bold
<em>italic</em> italic
<blockquote>quote</blockquote> quote block

Got a Question or Feedback?

We read and reply to every comment - let us know how we can help or improve this guide.

Let us know you are human: