Nginx Config Generator
Generate Nginx server blocks visually — reverse proxy, static sites, SSL, security headers
server {
listen 80;
listen [::]:80;
server_name example.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 10m;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# Gzip Compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Static Asset Caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://127.0.0.1:3000;
expires 30d;
add_header Cache-Control "public, immutable";
access_log off;
}
# Deny hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
}Save to /etc/nginx/sites-available/example.com → sudo nginx -t && sudo systemctl reload nginx
Related Tools
devtoolsShowing 8 of 94 related tools
Quick Start Guide
Generate your config in seconds
Quick Start Guide
- 1
Choose Server Type
Select Reverse Proxy (for Node.js, Python, etc.), Static Site, SPA (React/Vue/Angular), or Redirect.
- 2
Set Domain & Backend
Enter your domain name and backend address (for reverse proxy) or document root (for static/SPA).
- 3
Configure SSL
Choose Let's Encrypt (automatic paths), custom certificate, or no SSL. HTTP→HTTPS redirect is auto-generated.
- 4
Enable Features & Copy
Toggle gzip, caching, security headers, rate limiting, WebSocket support, and CORS. Copy the config.
What is Nginx?
The web's most popular server
Nginx (pronounced "engine-x") is the world's most popular web server and reverse proxy, powering over 30% of all websites. It's known for high performance, stability, and low resource consumption.
Why Generate Nginx Configs?
Nginx configuration syntax is powerful but verbose. A typical reverse proxy setup with SSL, security headers, gzip, and caching easily exceeds 80 lines. Getting the syntax wrong means silent failures or security gaps.
What This Tool Generates
- Reverse Proxy configs — proxy_pass to Node.js, Python, Go, Java backends
- Static site configs — serve HTML/CSS/JS with proper caching
- SPA configs — try_files fallback for React, Vue, Angular routing
- Redirect configs — HTTP→HTTPS, domain→domain
- SSL/TLS — Let's Encrypt or custom certs with modern cipher suites
- Security headers — HSTS, X-Frame-Options, CSP-ready
- Load balancing — upstream blocks with weighted servers
- Performance — gzip, static caching, rate limiting
Common Use Cases
Reverse Proxy for Node.js/Python
Proxy traffic from port 80/443 to your app running on localhost:3000 (or any port). Includes WebSocket support for Socket.IO/ws.
Static Site Hosting
Serve static files with proper MIME types, gzip compression, and cache headers. Perfect for Hugo, Jekyll, 11ty, or plain HTML.
SPA Deployment
Deploy React, Vue, or Angular apps with try_files fallback for client-side routing. No more 404s on page refresh.
Load Balancing
Distribute traffic across multiple backend servers with weighted round-robin. Scale horizontally without external load balancers.
How to Use Nginx Config Generator
Build your Nginx configuration step by step with sensible defaults.
Server Types
- Reverse Proxy: Forwards requests to a backend application (Node.js, Python Flask/Django, Go, Java Spring, etc.)
- Static Site: Serves files from a directory. Uses try_files for clean URLs.
- SPA: Like static but with fallback to index.html for client-side routing.
- Redirect: Simple 301/302 redirect (HTTP→HTTPS, www→non-www, etc.)
SSL Configuration
Three modes:
- No SSL: Plain HTTP on port 80 (development only)
- Let's Encrypt: Auto-generates correct cert paths and ACME challenge location
- Custom: Enter your own certificate and key paths
When SSL is enabled, an HTTP→HTTPS redirect block is automatically added.
Feature Toggles
Each feature adds production-ready config blocks:
- Gzip: Compresses text, JSON, CSS, JS, SVG (level 6)
- Caching: expires + Cache-Control for static assets
- Security Headers: HSTS, X-Frame-Options, X-Content-Type-Options, etc.
- Rate Limiting: limit_req_zone with configurable rate and burst
- WebSocket: Upgrade headers for Socket.IO, ws, etc.
- CORS: Access-Control-Allow-* headers with OPTIONS preflight
Frequently Asked Questions
Frequently Asked Questions
Security & Privacy
Server configurations contain domain names, internal IP addresses, and architecture details. This tool keeps all of that private.
- 100% client-side: No server processing. Your config never leaves your browser.
- No storage: Nothing saved or cached. Close the tab to clear.
- No analytics on content: We track page views but never log domains, IPs, or paths you enter.
- Best-practice defaults: Modern TLS 1.2+1.3, secure ciphers, HSTS, security headers included by default.
Safe for generating configs with internal IPs, production domains, and infrastructure details.