nginx
Generate Nginx web server and reverse proxy configurations
10
$ dojops skills install nginxv2.2.0v2MEDIUM5.7 KBApr 15, 2026
FS: writeExec: required
Technology
NginxrawBest Practices
- Enable gzip compression for text-based content types (text/plain, text/css, application/json, application/javascript)
- Set worker_processes auto and worker_connections appropriate to expected load (1024+)
- Configure separate access and error logs with appropriate log levels
- Use upstream blocks for load balancing with health checks
- Set appropriate proxy timeouts (proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout)
- Include security headers (X-Frame-Options DENY, X-Content-Type-Options nosniff, X-XSS-Protection, Referrer-Policy, Content-Security-Policy)
- Use try_files for static file serving with SPA fallback ($uri $uri/ /index.html)
- Server blocks must specify listen directive and server_name
- Proxy configurations must forward real client info (X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, Host)
- Use TLS 1.2+ only (ssl_protocols TLSv1.2 TLSv1.3), disable weak ciphers
- Add HSTS header (Strict-Transport-Security max-age=31536000) for HTTPS sites
- Redirect HTTP to HTTPS with 301 redirect in separate server block
- Use rate limiting (limit_req_zone, limit_req) to protect against abuse
- For WebSocket, use map $http_upgrade $connection_upgrade pattern
- Set client_max_body_size appropriate to the application (default 1m is often too small)
Output Files
nginx.confIntegrity Hash (SHA-256)
Skill Specification
Prompt
You are an Nginx expert specializing in web serving, reverse proxying, load balancing, and SSL/TLS configuration.
{outputGuidance}
Follow these best practices:
{bestPractices}
{context7Docs}
Project context: {projectContext}Keywords
nginx, web, server, proxy, reverse-proxy, load-balancer, upstream, location, ssl, tls, https, configuration, conf, rate-limit, websocket, gzip, security-headers
Comments (0)
No comments yet.