Copy · paste · nginx -t · reload
Nginx config you can actually paste.
Complete server and location blocks for the things you actually
configure — reverse-proxy to an app, proxy WebSockets, redirect HTTP → HTTPS and www → apex,
fall back to index.html for a SPA, compress and cache, rate-limit, add Basic Auth, raise the
upload size, and set up modern TLS — each with the nginx -t test and the reload command.
19 snippets
- Reverse proxy Proxy an app mounted under a subpath Serve an app under /app/ instead of its own domain, and understand the proxy_pass trailing-slash rule that decides whether the prefix is stripped.
- Reverse proxy Reverse proxy to a local app Forward requests to an app on localhost (Node, Python, Go, etc.) with the correct forwarded headers, so the app sees the real client IP and scheme.
- Reverse proxy Load-balance across multiple backends Define an upstream pool and balance requests across several app servers, with keepalive connections, a balancing method, and passive health checks.
- Reverse proxy Proxy WebSocket connections Pass WebSocket (and Socket.IO) traffic through Nginx with the Upgrade/Connection headers it needs, using a map block so normal HTTP keeps working too.
- Redirects & rewrites Redirect all HTTP to HTTPS Force every plain-HTTP request to the HTTPS version with a clean 301, using a dedicated port-80 server block (no rewrite, no if).
- Redirects & rewrites Redirect old URLs to new ones Move a single page, a whole path prefix, or add/remove a trailing slash with 301s — using return for fixed paths and rewrite only when you need to capture parts of the URL.
- Redirects & rewrites Redirect www to apex (or apex to www) Pick one canonical hostname and 301 the other to it, so example.com and www.example.com don't split your SEO or cookies.
- Static files & SPA Custom 404 and 50x error pages Serve your own branded 404 and 500-series pages with error_page, including how to keep the correct status code and an internal-only location.
- Static files & SPA Serve a static site Serve a folder of HTML/CSS/JS with the right root, index file, and a clean 404 — the minimal correct static server block.
- Static files & SPA Single-page-app fallback to index.html Serve a React/Vue/Svelte SPA so client-side routes like /dashboard work on refresh and deep links, while real files (JS, CSS, images) are still served directly.
- Caching & compression Cache static assets in the browser Set far-future Expires and Cache-Control on images, CSS, JS and fonts so repeat visits are instant — with the immutable trick for hashed filenames.
- Caching & compression Enable gzip (and Brotli) compression Turn on gzip for text assets with a sensible type list and threshold, and add Brotli if the module is available — smaller responses, faster loads.
- Caching & compression Cache upstream responses with proxy_cache Put a microcache in front of a slow backend so identical requests are served from disk for a few seconds or minutes, with a header showing HIT or MISS.
- HTTPS / TLS Serve the Let's Encrypt ACME challenge Let certbot issue and renew free TLS certificates by serving the /.well-known/acme-challenge/ path over plain HTTP, even while everything else redirects to HTTPS.
- HTTPS / TLS A modern HTTPS server block A solid TLS configuration — TLS 1.2/1.3, Mozilla-intermediate ciphers, session cache, OCSP stapling and HTTP/2 — that you can drop in once your certificate is issued.
- Access & rate limiting Password-protect with HTTP Basic Auth Put a username/password prompt in front of a staging site or admin path with auth_basic and an htpasswd file — and how to combine it with an IP allowlist.
- Access & rate limiting Raise the upload size limit (fix 413) Stop "413 Request Entity Too Large" by raising client_max_body_size — and set the matching proxy buffering/timeout directives so big uploads reach your backend.
- Access & rate limiting Rate-limit requests Throttle abusive clients with limit_req_zone — protect a login or API endpoint with a requests-per-second limit, a burst allowance, and a 429 response.
- Test & operate Test the config and reload without downtime The everyday Nginx operations loop — validate the config with nginx -t, reload with zero downtime, and find the right logs when something breaks.
Why this exists
You know Nginx can do it. You don't remember the exact directive.
Nginx reverse-proxies, terminates TLS, redirects, rewrites, compresses, caches, and rate-limits — but
the precise block (the WebSocket Upgrade headers? try_files vs
rewrite? the trailing-slash rule on proxy_pass?) never sticks, so you paste a
half-right snippet from a forum and hope. nginxsnippets.pages.dev is a library of
focused, copy-paste config blocks for real tasks, each with a one-line explanation, the
nginx -t / reload commands, and the gotchas (location matching order, header forwarding,
the 1m upload default).
How it works
Find the task, copy the block, test and reload
- Pick a snippet. Browse by topic in the full snippet list.
- Paste the block into the right
server(one-click copy on every block). - Run
nginx -tthen reload — each snippet gives the exact commands and where each directive belongs.
FAQ
Frequently asked questions
Are these Nginx snippets free?
Yes. Every snippet on nginxsnippets.pages.dev is free to read and copy, with no account, paywall, or sign-up. Some outbound links (for example to VPS hosting, a CDN, or courses) may be affiliate links, which never change the price you pay.
Where do I put these in my Nginx config?
A location block goes inside a server { } block. On Debian/Ubuntu that server block lives in /etc/nginx/sites-available/<site> (symlinked into sites-enabled/); on RHEL/Fedora it lives in /etc/nginx/conf.d/<site>.conf. Directives that must sit at the http { } level — limit_req_zone, map, proxy_cache_path, upstream — go in nginx.conf or a file included from conf.d.
How do I apply a change without downtime?
Always run "sudo nginx -t" first to test the syntax, then "sudo nginx -s reload" (or "sudo systemctl reload nginx") to apply it. A reload re-reads the config and starts new worker processes while finishing existing requests — zero downtime. A restart drops connections, so reload is what you want for config edits.
Will these work on my Nginx version?
The standard directives here work on Nginx 1.18+ and most work on much older builds. A couple of things are version-sensitive — the "http2 on;" directive (1.25.1+; older builds use "listen ... http2") and brotli (a separate module, ngx_brotli) — and the snippets call those out. Check your version with "nginx -v".
Reverse proxy or serve static files — which do I need?
If your app (Node, Python, Go, PHP-FPM, etc.) listens on a port or socket, reverse-proxy to it with proxy_pass. If you just have built files (HTML/CSS/JS, images), serve them statically with root + try_files. A single-page app does both: serve the static build and fall back to /index.html for client-side routes.
How does Nginx choose which location block matches?
Nginx checks an exact match ("location = /path") first, then prefix matches keeping the longest, then regex matches ("~" case-sensitive, "~*" case-insensitive) in the order they appear — and a regex match wins over a plain prefix unless that prefix used "^~". When matching order matters for a snippet (e.g. a static-asset regex vs a SPA fallback), the recipe says so.