---
title: "nginx"
lastmod: "2025-08-28"
res:
- Home: https://nginx.org/en/index.html
- Wikipedia: https://en.wikipedia.org/wiki/Nginx
---

nginx is a powerful and flexible web server that can also be used as a reverse proxy. This page covers common configuration steps and tips for serving a working website.

<!--more-->

## Configuration

All configuration happens in the `/etc/nginx` directory. Global configuration is in `nginx.conf`, but other files may be included with the `include` directive. A common use case for this is having every site in a separate file to be included.

### Global server setup

Below is an example of a functional global configuration to be put in `nginx.conf`.

```nginx
user nginx nginx;
worker_processes auto;
worker_rlimit_nofile 4096;

events {
    worker_connections 1024;
    use epoll;
}

http {
    include mime.types;
    default_type application/octet-stream;

    charset utf-8;
    server_tokens off;

    sendfile on;
    sendfile_max_chunk 1M;
    tcp_nopush on;

    gzip off;

    include http.d/*.conf;
}
```

Options such as gzip support may be enabled, but are not required for a functional server. The `include` statement makes it easier to add new sites to the server, simply by creating a new file in the `http.d` directory.

### Simple static site

Below is a server that simply serves static files from a root directory.

```nginx
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name host.tld;
    ssl_certificate /etc/ssl/nginx/host.tld.pem;
    ssl_certificate_key /etc/ssl/nginx/host.tld.key;

    root /var/www/host.tld/htdocs;

    access_log /var/log/nginx/host.tld.access.log main;
    error_log /var/log/nginx/host.tld.error.log info;
}
```

### Reverse proxying

When running a (public) web service, it would be wise to proxy the traffic to an internal server - primarily for load balancing, but it can also be an extra layer of security.

nginx can proxy servers listening on both TCP and UNIX sockets. The example below shows a working site configuration for proxying a [Miniflux](https://miniflux.app/) server listening on a UNIX socket.

```nginx
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name host.tld;
    ssl_certificate /etc/ssl/nginx/host.tld.pem;
    ssl_certificate_key /etc/ssl/nginx/host.tld.key;

    location / {
        proxy_pass http://unix:/run/miniflux/miniflux.sock;
        include conf.d/proxy.conf;
    }

    access_log /var/log/nginx/host.tld.access.log main;
    error_log /var/log/nginx/host.tld.error.log info;
}
```

Ensure you have the following in `conf.d/proxy.conf` to be able to share common proxy options between all of your sites:

```nginx
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_request_buffering off;
proxy_redirect off;
```

Some applications may require options to be tweaked, however this covers many bases.

### Tip: Redirecting HTTP to HTTPS automatically

In the modern age, browsing the web with TLS is the standard, and certificates are both free and ubiquitous. That being said, it is encouraged to only serve your web content over HTTPS. You can automatically redirect a site listening on HTTP to HTTPS with the following `server` block:

```nginx
server {
    listen 80;
    listen [::]:80;
    server_name host.tld;

    return 301 https://$host$request_uri;
}
```

### Tip: Compressing with gzip

You can increase the performance of your web server by compressing the data sent with gzip. Below is a configuration that covers a wide variety of uses; this goes in your global `http` block inside `nginx.conf`:

```nginx
http {
    # ...
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_types
        application/atom+xml
        application/geo+json
        application/javascript
        application/x-javascript
        application/json
        application/ld+json
        application/manifest+json
        application/rdf+xml
        application/rss+xml
        application/xhtml+xml
        application/xml
        font/eot
        font/otf
        font/ttf
        image/svg+xml
        text/css
        text/javascript
        text/plain
        text/xml;
    # ...
}
```

Do note `text/html` is automatically compressed, so there is no need to add it to `gzip_types`.

## External resources

* [https://wiki.gentoo.org/wiki/Nginx](https://wiki.gentoo.org/wiki/Nginx)