What is sites-available and sites-enabled in Nginx?

sites-available stores your server block files and sites-enabled holds symlinks for the active sites.

Can I install SSL before DNS points to the server?

No. Certbot needs your domain to resolve correctly to your VPS before it can validate ownership and issue a certificate.

Which firewall ports should be open for a website on Ubuntu VPS?

For a normal website server you should usually allow OpenSSH, HTTP on port 80, and HTTPS on port 443.

Server Setup Guide

How to Set Up a VPS on Ubuntu with Nginx, MySQL, SSL, Certbot, DNS and Firewall

This complete Ubuntu VPS setup guide is designed for beginners and developers who want to launch a production-ready website correctly. It covers DNS pointing, SSH access, UFW firewall rules, Nginx site configuration, MySQL installation, Certbot SSL, and what to check when DNS has not propagated yet.

Before You Start
Point Your Domain to the VPS
Connect to the VPS
Update the Server
Create a Safer Admin User
Configure Firewall
Install Nginx
Install SQL Server
Create Database and User
Create Nginx Site Config
Install Certbot and SSL
Final Checks Before Going Live

Before You Start

You need a VPS running Ubuntu 22.04 or 24.04.
You need a domain name you can manage from your DNS provider.
You need the server public IP address.
You should know whether your app uses static files, PHP, Node.js, or another runtime.

Step 1: Point Your Domain to the VPS

Create an A record in your DNS panel for your main domain or subdomain and point it to your VPS public IP.

Check current DNS resolution

nslookup yourdomain.com

dig +short yourdomain.com

DNS propagation can take a few minutes or up to 24 to 48 hours. Wait until your domain resolves to your VPS IP before requesting SSL.

Step 2: Connect to the VPS

Use SSH from your terminal. Replace the IP with your real server IP.

SSH login

ssh root@YOUR_SERVER_IP

After login, confirm your Ubuntu version:

Check OS

lsb_release -a

Step 3: Update the Server

Always update package lists and install security updates first.

System updates

apt update

apt upgrade -y

Step 4: Create a Safer Admin User

It is better to avoid using root every day. Create a sudo user.

Create user

adduser deploy

usermod -aG sudo deploy

Step 5: Configure Firewall

Use UFW to allow SSH, HTTP and HTTPS only.

UFW rules

ufw allow OpenSSH

ufw allow 'Nginx Full'

ufw enable

ufw status

Step 6: Install Nginx

Nginx will serve your website and reverse proxy your app if needed.

Install Nginx

apt install nginx -y

systemctl enable nginx

systemctl start nginx

systemctl status nginx

Step 7: Install SQL Server

If you want MySQL database support, install it now.

Install MySQL

apt install mysql-server -y

systemctl enable mysql

systemctl start mysql

mysql_secure_installation

Step 8: Create Database and User

Create a dedicated database and app user instead of using the root database account.

Open MySQL shell

mysql -u root -p

SQL commands

CREATE DATABASE appdb;

CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'StrongPasswordHere';

GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';

FLUSH PRIVILEGES;

Step 9: Create Nginx Site Config

Now add your domain server block inside sites-available and enable it through sites-enabled.

Create site file

nano /etc/nginx/sites-available/yourdomain.com

Sample Nginx server block

server_name yourdomain.com www.yourdomain.com;

root /var/www/yourdomain.com/public;

index index.html index.htm index.php;

Enable the site

ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/

nginx -t

systemctl reload nginx

Step 10: Install Certbot and SSL

Only do this after your domain resolves to your VPS IP.

Install Certbot

apt install certbot python3-certbot-nginx -y

certbot --nginx -d yourdomain.com -d www.yourdomain.com

Step 11: Test SSL Renewal

Certbot usually installs automatic renewal, but test it manually once.

Renewal test

certbot renew --dry-run

Step 12: Final Checks Before Going Live

Open your domain in browser and verify it loads over HTTPS.
Check Nginx status with systemctl status nginx.
Check firewall status with ufw status.
Confirm database login with the new app user.
Make sure your site files exist in the correct web root.
Use nginx -t every time you change Nginx config.

Frequently Asked Questions

How long does DNS propagation take?

It may update within minutes, but full global propagation can take up to 24 to 48 hours.

What is the difference between sites-available and sites-enabled?

sites-available contains your server block files. sites-enabled contains the active symlinks that Nginx reads.

Why is Certbot failing?

The most common reasons are wrong DNS, blocked ports 80/443, broken Nginx config, or domain not pointing to the VPS yet.