Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.


Configure Nginx with a self-signed certificate

Login as root before you continue.

su - root

Create a certificate

Be aware: If you want to publish this, you will need to get a certificate issues by an authority such as Lets Encrypt (free). Self-signed certificates will produce warnings in almost all browsers. (More on that at the bottom).

Create a self-signed certificate:

openssl req -newkey rsa:4096 \
            -x509 \
            -sha256 \
            -days 3650 \
            -nodes \
            -out ~/example.crt \
            -keyout ~/example.key

Create a website

Create a folder to hold the files:

mkdir -p /src/http/

Now either move your static website there, or start one now.

Create an index.html file

nano /src/http/

with the following content (example from

<!DOCTYPE html>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Hello Bulma!</title>
    <link rel="stylesheet" href="">
  <section class="section">
    <div class="container">
      <h1 class="title">
        Hello World
      <p class="subtitle">
        My first website with <strong>Bulma</strong>!

Configure Nginx

To configure this, you will need to do two things:

  1. Import the web package and service module.
  2. Add the nginx-service-type to your services

Open nano /etc/system.scm to get started:

(use-modules (gnu)
             (gnu system)
             (px system)
             ;; Add this line
             (gnu packages web))

;; Add this line
;; If 'user-service-modules' already exists, just add 'web' to it
(use-service-modules web)




Modify services to look like this:

(services (cons* (service nginx-service-type
                                  (list (nginx-server-configuration
                                    (server-name '(""))
                                    (root "/src/http/")
                                    (ssl-certificate "/root/example.crt")
                                    (ssl-certificate-key "/root/example.key"))))))

Modify hosts file

To actually test this locally, we need to also modify the hosts file and add We also do this in /etc/system.scm:

  (host-name "panther")
  (timezone "Europe/Berlin")
  (locale "en_US.utf8")

  ;; Add these lines
   (plain-file "hosts"
               " localhost panther
::1       localhost panther"))


After reconfiguration, we can test.

guix system reconfigure /etc/system.scm


Just open in Firefox, skip the certificate warning and you should see the content of your index.html file.

Automatically get certificates (Lets Encrypt)

If you wanted to actually share this with others, power up a server and use proper certificates; Here’s how-to get these automatically: Certificate Services -


  1. Remove the certificate, key and website /src/http/
  2. Revert changes in /etc/config.scm
  3. Reconfigure
guix system reconfigure /etc/system.scm

PantherX & (unofficial) GNU Guix Wiki.

Last update: 2024-04-21 10:28:03 +0000 | Apache-2.0

Inspired by the excellent Arch Linux Wiki