UtilityKit

500+ fast, free tools. Most run in your browser only; Image & PDF tools upload files to the backend when you run them.

Nginx Snippet Generator

Generate and merge common Nginx config snippets for deployment baselines.

About Nginx Snippet Generator

Nginx configuration syntax is compact and powerful but notoriously unforgiving. A misplaced semicolon causes a cryptic startup failure, the difference between a location block with or without a trailing slash changes routing behavior, and getting HTTPS, gzip, caching, and reverse proxy settings correct simultaneously requires juggling multiple directive namespaces. The Nginx Snippet Generator produces correct, production-ready server block configurations for the most common use cases: serving a static site, reverse proxying to a backend application, configuring SSL with modern TLS settings, setting up redirect rules, enabling gzip compression, and adding security headers. Enter your domain name, upstream port, and any path targets, and get a complete annotated server block ready for /etc/nginx/sites-available/. Each snippet follows current best practices including HTTP/2 hints,.

Why use Nginx Snippet Generator

Correct proxy_pass Syntax and Buffering Defaults

Getting proxy_pass right requires also setting proxy_set_header Host, X-Real-IP, and X-Forwarded-For correctly. The generator includes all required headers and sensible proxy_buffer_size settings for Node.js and Python application servers.

Modern TLS Configuration Out of the Box

The SSL server block includes ssl_protocols TLSv1.2 TLSv1.3, a strong ssl_ciphers list, HSTS header, and OCSP stapling directives following Mozilla's intermediate compatibility recommendations rather than outdated defaults.

Location Block Precedence Rules Handled Correctly

Nginx evaluates location blocks in a specific precedence order: exact match, prefix match, regex. The generator places blocks in the correct order and uses appropriate modifiers so static asset rules do not accidentally intercept API paths.

Gzip Compression Reduces Transfer Size by 60-80%

Correctly configured gzip in Nginx compresses HTML, CSS, JavaScript, and JSON responses before they leave the server. The generator sets appropriate mime types, compression level, and minimum length thresholds to avoid compressing already-compressed images.

Security Headers Included as an Opt-In Block

X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Content-Security-Policy headers close common attack vectors. Including them in the generated config ensures they are present from the first deployment rather than added after a security audit.

nginx -t Validation Guidance Included in Output

Every generated snippet includes a comment reminding you to run nginx -t to check syntax before nginx -s reload. This single habit prevents production outages from configuration typos.

How to use Nginx Snippet Generator

  1. Select the primary use case: static site, reverse proxy, redirect-only, or WordPress/PHP-FPM
  2. Enter your domain name and specify whether to include an HTTPS server block with Certbot placeholder paths
  3. For reverse proxy setups, enter the upstream address and port such as 127.0.0.1:3000
  4. Toggle optional additions: gzip compression, security headers, static asset caching, or rate limiting
  5. Click Generate to produce the complete annotated server block
  6. Save the output as /etc/nginx/sites-available/yourdomain.conf, symlink to sites-enabled, and run nginx -t before reloading

When to use Nginx Snippet Generator

  • When deploying a new domain to your VPS and needing a complete server block from scratch
  • When setting up a Node.js, Python, or Go application behind Nginx as a reverse proxy
  • When configuring Let's Encrypt SSL and needing the correct SSL certificate and key directive paths
  • When you need to redirect an old domain or HTTP traffic to a canonical HTTPS URL
  • When adding gzip compression or browser caching headers to an existing Nginx config that lacks them
  • When hardening a server by adding HSTS, X-Frame-Options, and other security response headers

Examples

Node.js reverse proxy

Input: Use case: Reverse proxy, Domain: api.example.com, Upstream: 127.0.0.1:3001

Output: server { listen 80; server_name api.example.com; location / { proxy_pass http://127.0.0.1:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache_bypass $http_upgrade; } }

Static site with HTTPS

Input: Use case: Static site, Domain: example.com, SSL: Let's Encrypt

Output: server { listen 443 ssl http2; server_name example.com www.example.com; root /var/www/example.com/dist; index index.html; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; location / { try_files $uri $uri/ =404; } location ~* \.(css|js|woff2|png|webp)$ { expires 1y; add_header Cache-Control "public, immutable"; } }

HTTP to HTTPS redirect

Input: Use case: Redirect HTTP to HTTPS, Domain: example.com

Output: server { listen 80; server_name example.com www.example.com; # Permanent redirect to HTTPS return 301 https://example.com$request_uri; }

Tips

  • Always run nginx -t after editing and before running nginx -s reload — a config error will prevent the reload from succeeding and Nginx will continue serving the old configuration without any visible error to users
  • Use the include directive to split large server blocks into smaller files such as a separate ssl-params.conf for TLS settings, which makes the main server block easier to read and reuse across virtual hosts
  • Set worker_processes auto in the main nginx.conf to automatically match the number of available CPU cores, and set worker_connections to 1024 or higher for servers handling more than a handful of concurrent connections
  • For reverse proxy configurations, add proxy_read_timeout 90 to prevent Nginx from timing out long-running API requests before your application server has finished processing them
  • Test your security headers using securityheaders.com after deployment — it grades your header configuration and flags missing or misconfigured headers with clear remediation instructions

Frequently Asked Questions

What is the difference between proxy_pass and fastcgi_pass?
proxy_pass forwards requests to an HTTP/HTTPS upstream server such as a Node.js or Python application. fastcgi_pass forwards to a FastCGI process such as PHP-FPM, which uses a different binary protocol. Use fastcgi_pass for PHP applications and proxy_pass for HTTP-speaking application servers.
Why does my location block with a trailing slash behave differently?
A location /app/ block only matches paths starting with /app/. A location /app block (no trailing slash) matches /app and everything starting with /app. Additionally, when proxy_pass has a trailing slash like proxy_pass http://backend/, Nginx strips the location prefix before forwarding.
What does nginx -t actually check?
nginx -t parses and validates the Nginx configuration for syntax errors and most semantic issues such as missing certificates or invalid upstream addresses. It does not test that upstream services are reachable or that SSL certificates are valid.
Should I put configuration in sites-available or conf.d?
sites-available with symlinks to sites-enabled is a Debian/Ubuntu convention that makes it easy to disable a site by removing the symlink. conf.d with .conf files loaded by include is common on RHEL/CentOS. Both approaches work; use the convention that matches your distribution.
How do I add basic rate limiting to prevent abuse?
Define a limit_req_zone in the http block: limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; then add limit_req zone=api burst=20 nodelay; inside the location block you want to protect. The generator includes this as a toggleable snippet.
What is OCSP stapling and should I enable it?
OCSP stapling allows Nginx to cache and include the certificate revocation status in the TLS handshake, removing the browser's need to make a separate OCSP request to the certificate authority. It improves TLS handshake speed and is recommended for production servers.
Why does the generated config include try_files for static sites?
try_files $uri $uri/ =404 tells Nginx to first look for an exact file match, then a directory with an index file, and return 404 if neither exists. Without this, Nginx may fall through to a default behavior that returns unexpected responses for non-existent paths.
Can I use the generated snippet on both Ubuntu and CentOS?
The Nginx directive syntax is the same across distributions. The differences are in file paths: Ubuntu uses /etc/nginx/sites-available/, while CentOS typically uses /etc/nginx/conf.d/. The generator notes these path differences in comments within the output.

Explore the category

Htaccess Snippet Generator Generate common Apache .htaccess snippet blocks and merge selections. Schema JSON-LD Generator Generate JSON-LD for common schema types using guided forms. License Generator Generate common OSS license templates with year and copyright holder. Dockerfile Generator Generate Dockerfile templates for Node, Python, and static Nginx apps. GitHub Actions Workflow Generator Generate starter CI/deploy workflow YAML for common project types. htpasswd Generator Generate bcrypt, MD5-APR, or SHA1 htpasswd entries for HTTP Basic Authentication, compatible with Apache and Nginx.
JWT Tokens Explained: Structure, Security, and Common Pitfalls A JWT looks like random text until you decode it — then you find a header, a payload, and a signature. This post explains exactly what each Jan 2026 · 10 min Hashing Algorithms Explained: MD5, SHA-256, bcrypt — When to Use Which MD5 and bcrypt are both called hashing algorithms, but they serve completely different purposes. This guide explains what makes a hash funct Jan 2026 · 10 min

Glossary

server block
The top-level configuration unit in Nginx that handles requests for a specific IP address, port, and server_name combination. Equivalent to a VirtualHost in Apache. Multiple server blocks can coexist in a single Nginx instance.
location block
A nested directive within a server block that matches request URIs and defines how to handle them. Supports exact matching with =, prefix matching, and regex matching with ~ (case-sensitive) or ~* (case-insensitive).
proxy_pass
An Nginx directive that forwards the incoming HTTP request to an upstream server and returns the response to the client. Requires companion directives for setting forwarded headers like X-Forwarded-For.
upstream block
A named group of backend servers defined with the upstream directive that enables load balancing across multiple application server instances. Referenced by proxy_pass using the upstream name.
try_files
An Nginx directive that attempts to serve a list of files or paths in order and falls back to a final argument (typically a named location or status code) if none are found. Essential for SPA routing and static site serving.
HSTS (HTTP Strict Transport Security)
A response header that instructs browsers to only access the domain over HTTPS for a specified max-age duration, preventing SSL stripping attacks. Set using add_header Strict-Transport-Security in the HTTPS server block.