Nginx Config Generator
Build nginx.conf visually with SSL, proxy, gzip, and security headers.
server {
listen 80;
server_name example.com;
root /var/www/html;
index index.html index.htm;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript image/svg+xml;
gzip_min_length 1000;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
What It Does
Fill in the form fields and get a production-ready nginx.conf server block — no need to memorise directive syntax. Options include SSL/TLS termination, reverse proxy to a backend app, gzip compression, static file caching, HTTP-to-HTTPS redirect, and a full suite of security headers.
Key Nginx Directives Reference
server_name— Domain(s) this block responds to (e.g.example.com www.example.com)proxy_pass— Upstream backend URL (e.g.http://localhost:3000)ssl_certificate/ssl_certificate_key— Paths to your TLS cert and keygzip on— Enable gzip compression for text responsesadd_header— Inject HTTP response headers (security, caching)location— Match URL paths to different proxy or file-serving rules
Typical Reverse Proxy Setup
Most web apps follow this pattern: nginx listens on port 443 (HTTPS), terminates TLS, and proxies to the application on localhost:PORT over plain HTTP. Static assets are served directly by nginx for speed. A second server block on port 80 redirects to HTTPS.
Common Configuration Mistakes
- Forgetting a trailing slash on
proxy_pass— it changes how the URI is rewritten to the backend. - Not setting
proxy_set_header Host $host— the backend receives the wrong Host value. - Enabling gzip on already-compressed content (images, videos) wastes CPU with no size benefit.
- Using a weak TLS configuration — prefer
ssl_protocols TLSv1.2 TLSv1.3and a strong cipher suite.
Frequently Asked Questions
- What can I configure with this Nginx config generator?
- You can configure the server name, listen port, SSL/TLS with certificate paths, reverse proxy pass targets, gzip compression, static file caching headers, and common security headers like X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy. The output is a ready-to-use nginx server block.
- How does nginx reverse proxy work?
- A reverse proxy forwards incoming HTTP requests to a backend server (e.g., a Node.js or Java app running on port 3000) and returns the response to the client. The proxy_pass directive sets the upstream address. Nginx also handles SSL termination, so backend services can speak plain HTTP internally.
- What is the difference between nginx worker_processes and worker_connections?
- worker_processes sets how many nginx worker processes run — typically set to auto to match the number of CPU cores. worker_connections sets the maximum simultaneous connections each worker can handle. Total max connections = worker_processes × worker_connections.
- How do I redirect HTTP to HTTPS in nginx?
- Add a separate server block that listens on port 80 and uses return 301 https://$host$request_uri; to permanently redirect all HTTP traffic to the HTTPS equivalent. The generator can include this block when SSL is enabled.
- What nginx security headers should every site include?
- Essential headers are: X-Frame-Options SAMEORIGIN (prevents clickjacking), X-Content-Type-Options nosniff (prevents MIME sniffing), Strict-Transport-Security (enforces HTTPS), Referrer-Policy, and a Content-Security-Policy tailored to your app. These are included in the generated config when the security headers option is enabled.