Install nginx with TLS termination on Ubuntu 24.04
A clean nginx install with Let's Encrypt automation, HTTP/2, OCSP stapling, and a secure default header set.
Most fresh installations of nginx need the same set of adjustments before going into production — TLS, sensible headers, rate limits, and an automated certificate renewal. The version of nginx that ships with Ubuntu 24.04 is nginx/1.24.0 and handles all of this without third-party modules.
Install nginx
# install only the userspace tools — kernel side is built-in
$ apt update && apt install -y nginx
# verify
$ nginx -v
nginx version: nginx/1.24.0 (Ubuntu)Note
On Ubuntu the default site configuration lives in /etc/nginx/sites-available/default with a symlink in sites-enabled. RHEL-family distributions use a flat conf.d structure instead.
Obtain a Let’s Encrypt certificate
certbot is the standard ACME client. The nginx plugin handles the web-server reconfiguration automatically.
$ apt install -y certbot python3-certbot-nginx
$ certbot --nginx -d example.com -d www.example.comVerify automatic renewal
The certbot apt package installs a systemd timer that handles renewal automatically. You can dry-run it to confirm the configuration:
$ systemctl list-timers | grep certbot
$ certbot renew --dry-runIf the dry-run succeeds, you’re done — certificates will renew on their own and nginx will reload to pick them up.