🌐 DevOps

Nginx Config Generator

Generate production-ready Nginx configs for reverse proxy, SSL termination, static file serving, rate limiting and gzip compression.

📖 How to Use

▼

Enter your domain and upstream server (e.g. localhost:3000)

Toggle options: SSL, gzip, rate limiting, security headers

Copy the generated config to /etc/nginx/sites-available/

⚙️ Configuration

Domain

Upstream (backend)

SSL / HTTPS Gzip compression Rate limiting Security headers WebSocket proxy www → non-www redirect

📄 Generated nginx.conf

What is an Nginx Config Generator?

An Nginx config generator produces a production-ready Nginx server block for your specific use case — reverse proxy, SSL termination, static file serving, WebSocket proxy, or a combination — without requiring you to memorize Nginx directive syntax. Nginx is the most widely deployed web server and reverse proxy in modern infrastructure, used in front of Node.js, Python, Ruby, Go, and Java applications as well as Kubernetes ingress controllers and CDN edge nodes. Getting the configuration right matters: a misconfigured Nginx block can expose security gaps, prevent SSL from working, or cause WebSocket connections to drop.

Nginx configuration is notoriously difficult to write from scratch. Directives like ssl_session_cache, ssl_stapling, proxy_set_header X-Forwarded-For, gzip_types, and limit_req_zone each have subtle defaults and interactions that take time to learn. This generator encapsulates common best-practice patterns so you get a correct starting point that you can tune for your specific requirements.

When to Use This Tool

New server setup: Quickly generate a reverse proxy config for a fresh VPS or cloud VM where you need to point a domain at an application running on a local port.
SSL/TLS termination: Generate the full SSL block including Let's Encrypt certificate paths, TLS 1.2/1.3 cipher configuration, HSTS headers, and OCSP stapling.
WebSocket proxying: Add the Upgrade and Connection headers needed for WebSocket connections to work through Nginx, which plain reverse proxy configs omit.
Adding rate limiting: Generate the limit_req_zone and limit_req directives with configurable burst and rate to protect APIs from abuse.

How It Works

The generator builds the config string by composing template blocks based on your selected options. The domain and upstream fields set the server_name and proxy_pass directives. Each toggle (SSL, gzip, rate limiting, security headers, WebSocket, www redirect) conditionally inserts a pre-written block of directives in the correct position within the server block hierarchy. The result follows Nginx's required block ordering — limit_req_zone must appear at the http context level, security and compression directives precede the location block, and so on — so the generated config passes nginx -t validation without modification.

Frequently Asked Questions

What Nginx configurations can this tool generate?

The tool generates production-ready configs covering the most common Nginx use cases: reverse proxy to a local backend port, SSL/TLS termination using Let's Encrypt certificates with TLS 1.2 and 1.3 and strong cipher suites, gzip compression for common text and asset types, rate limiting using the limit_req module with configurable burst tolerance, WebSocket proxying with the required Upgrade and Connection headers, www-to-non-www redirect, and a security headers block including HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy.

How do I use the generated Nginx config?

Copy the generated config into /etc/nginx/sites-available/your-domain.conf, then create a symlink: sudo ln -s /etc/nginx/sites-available/your-domain.conf /etc/nginx/sites-enabled/. Before reloading, always test the configuration with sudo nginx -t — Nginx will report any syntax errors with the file name and line number. If the test passes, reload with sudo systemctl reload nginx. Replace placeholder values like example.com and 127.0.0.1:3000 with your actual domain and backend address.

Should I enable HTTP/2 in my Nginx config?

Yes, in almost all cases. HTTP/2 requires SSL/TLS to be active (all major browsers only support HTTP/2 over HTTPS), but once that requirement is met it delivers meaningful performance improvements. Request multiplexing allows multiple assets to be fetched simultaneously over a single TCP connection instead of blocking, which is particularly beneficial for pages that load many JavaScript and CSS files. Header compression (HPACK) reduces overhead for API calls that send large cookie headers. The generated config includes the http2 parameter on the listen directive automatically whenever SSL is enabled.