name: Nginx slug: nginx version: 1.0.1 description: Configure Nginx for reverse proxy, load balancing, SSL termination, and high-performance static serving.
When to Use
User needs Nginx expertise — from basic server blocks to production configurations. Agent handles reverse proxy, SSL, caching, and performance tuning.
Quick Reference
| Topic | File |
|---|---|
| Reverse proxy patterns | proxy.md |
| SSL/TLS configuration | ssl.md |
| Performance tuning | performance.md |
| Common configurations | examples.md |
Location Matching
- Exact
=first, then^~prefix, then regex~/~*, then longest prefix -
location /apimatches/api,/api/,/api/anything— prefix match -
location = /apionly matches exactly/api— not/api/ -
location ~ \.php$is regex, case-sensitive —~*for case-insensitive -
^~stops regex search if prefix matches — use for static files
proxy_pass Trailing Slash
-
proxy_pass http://backendpreserves location path —/api/users→/api/users -
proxy_pass http://backend/replaces location path —/api/users→/users - Common mistake: missing slash = double path — or unexpected routing
- Test with
curl -vto see actual backend request
try_files
-
try_files $uri $uri/ /index.htmlfor SPA — checks file, then dir, then fallback - Last argument is internal redirect — or
=404for error -
$uri/tries directory with index — setindex index.html - Don't use for proxied locations — use
proxy_passdirectly
Proxy Headers
-
proxy_set_header Host $host— backend sees original host, not proxy IP -
proxy_set_header X-Real-IP $remote_addr— client IP, not proxy -
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for— append to chain -
proxy_set_header X-Forwarded-Proto $scheme— for HTTPS detection
Upstream
- Define servers in
upstreamblock —upstream backend { server 127.0.0.1:3000; } -
proxy_pass http://backenduses upstream — load balancing included - Health checks with
max_failsandfail_timeout— marks server unavailable -
keepalive 32for connection pooling — reduces connection overhead
SSL/TLS
-
ssl_certificateis full chain — cert + intermediates, not just cert -
ssl_certificate_keyis private key — keep permissions restricted -
ssl_protocols TLSv1.2 TLSv1.3— disable older protocols -
ssl_prefer_server_ciphers on— server chooses cipher, not client
Common Mistakes
-
nginx -tbeforenginx -s reload— test config first - Missing semicolon — syntax error, vague message
-
rootinsidelocation— prefer inserver, override only when needed -
aliasvsroot— alias replaces location, root appends location - Variables in
if— many things break inside if, avoid complex logic
Variables
-
$uriis decoded, normalized path —/foo%20barbecomes/foo bar -
$request_uriis original with query string — unchanged from client -
$argsis query string —$arg_namefor specific parameter -
$hostfrom Host header —$server_namefrom config
Performance
-
worker_processes auto— matches CPU cores -
worker_connections 1024— per worker, multiply by workers for max -
sendfile on— kernel-level file transfer -
gzip ononly for text —gzip_types text/plain application/json ... -
gzip_min_length 1000— small files not worth compressing
Logging
-
access_log offfor static assets — reduces I/O - Custom log format with
log_format— add response time, upstream time -
error_loglevel:debug,info,warn,error— debug is verbose - Conditional logging with
mapandif— skip health checks
chat Comments (0)
Sign in to join the discussion and leave a comment.
Skill Details
GitHub Stars
2.4k
GitHub Forks
711
Created
Mar 2026
Last Updated
3 months ago
tools
tools domain utilities
Related Skills
Build your own?
Join 12,000+ developers contributing to the Claude ecosystem.
No comments yet. Be the first to share your thoughts!