Copy · paste · nginx -t · reload
Nginx config you can actually paste.
Complete server and location blocks — reverse-proxy to an app, proxy WebSockets, redirect HTTP→HTTPS and www→apex, SPA try_files, gzip/brotli, cache, rate-limit, Basic Auth, raise the upload size, and modern TLS — each with the test and reload commands.
19 snippets
- Reverse proxy Proxy an app mounted under a subpath Serve an app under /app/ instead of its own domain, and understand the proxy_pass trailing-slash rule that decides whether the prefix is stripped. 3 min →
- Reverse proxy Reverse proxy to a local app Forward requests to an app on localhost (Node, Python, Go, etc.) with the correct forwarded headers, so the app sees the real client IP and scheme. 3 min →
- Reverse proxy Load-balance across multiple backends Define an upstream pool and balance requests across several app servers, with keepalive connections, a balancing method, and passive health checks. 3 min →
- Reverse proxy Proxy WebSocket connections Pass WebSocket (and Socket.IO) traffic through Nginx with the Upgrade/Connection headers it needs, using a map block so normal HTTP keeps working too. 3 min →
- Redirects & rewrites Redirect all HTTP to HTTPS Force every plain-HTTP request to the HTTPS version with a clean 301, using a dedicated port-80 server block (no rewrite, no if). 2 min →
- Redirects & rewrites Redirect old URLs to new ones Move a single page, a whole path prefix, or add/remove a trailing slash with 301s — using return for fixed paths and rewrite only when you need to capture parts of the URL. 3 min →
- Redirects & rewrites Redirect www to apex (or apex to www) Pick one canonical hostname and 301 the other to it, so example.com and www.example.com don't split your SEO or cookies. 2 min →
- Static files & SPA Custom 404 and 50x error pages Serve your own branded 404 and 500-series pages with error_page, including how to keep the correct status code and an internal-only location. 2 min →
- Static files & SPA Serve a static site Serve a folder of HTML/CSS/JS with the right root, index file, and a clean 404 — the minimal correct static server block. 2 min →
- Static files & SPA Single-page-app fallback to index.html Serve a React/Vue/Svelte SPA so client-side routes like /dashboard work on refresh and deep links, while real files (JS, CSS, images) are still served directly. 3 min →
- Caching & compression Cache static assets in the browser Set far-future Expires and Cache-Control on images, CSS, JS and fonts so repeat visits are instant — with the immutable trick for hashed filenames. 2 min →
- Caching & compression Enable gzip (and Brotli) compression Turn on gzip for text assets with a sensible type list and threshold, and add Brotli if the module is available — smaller responses, faster loads. 3 min →
- Caching & compression Cache upstream responses with proxy_cache Put a microcache in front of a slow backend so identical requests are served from disk for a few seconds or minutes, with a header showing HIT or MISS. 3 min →
- HTTPS / TLS Serve the Let's Encrypt ACME challenge Let certbot issue and renew free TLS certificates by serving the /.well-known/acme-challenge/ path over plain HTTP, even while everything else redirects to HTTPS. 3 min →
- HTTPS / TLS A modern HTTPS server block A solid TLS configuration — TLS 1.2/1.3, Mozilla-intermediate ciphers, session cache, OCSP stapling and HTTP/2 — that you can drop in once your certificate is issued. 4 min →
- Access & rate limiting Password-protect with HTTP Basic Auth Put a username/password prompt in front of a staging site or admin path with auth_basic and an htpasswd file — and how to combine it with an IP allowlist. 2 min →
- Access & rate limiting Raise the upload size limit (fix 413) Stop "413 Request Entity Too Large" by raising client_max_body_size — and set the matching proxy buffering/timeout directives so big uploads reach your backend. 2 min →
- Access & rate limiting Rate-limit requests Throttle abusive clients with limit_req_zone — protect a login or API endpoint with a requests-per-second limit, a burst allowance, and a 429 response. 3 min →
- Test & operate Test the config and reload without downtime The everyday Nginx operations loop — validate the config with nginx -t, reload with zero downtime, and find the right logs when something breaks. 3 min →
You know Nginx can do it. You don't remember the exact directive.
Each snippet is a focused, copy-paste config block for a real task, with a one-line explanation, where it belongs, the nginx -t / reload commands, and the gotchas.
FAQ
Are these Nginx snippets free?
Yes. Every snippet is free to read and copy, with no account or paywall.
Where do I put them?
A location block goes inside a server { } block (sites-available/ on Debian/Ubuntu, conf.d/ on RHEL). http-level directives like limit_req_zone, map and proxy_cache_path go in nginx.conf.
How do I apply a change safely?
Run "sudo nginx -t" to test, then "sudo nginx -s reload" (or systemctl reload nginx) for zero-downtime apply.
Reverse proxy or static?
Proxy to your app if it listens on a port; serve files statically if you only have built HTML/CSS/JS. SPAs do both via try_files.