Nginx Config Generator
Generate Nginx server block configurations for common setups
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
About This Tool
You're standing up a new service and you need an Nginx config that does SSL termination, redirects HTTP to HTTPS, sets reasonable proxy headers, and points to your upstream — and you'd rather not copy-paste from the same Stack Overflow answer for the eighth time. Most of those answers are also a few years out of date.
Pick a setup (reverse proxy, static site, redirect, load balancer), fill in the basics — domain, upstream, certificate paths, ports — and the generator produces a server block you can drop into `/etc/nginx/sites-available/`. Standard headers (X-Forwarded-For, Host, X-Real-IP) are included where they make sense. The output is a reasonable starting point, not a hardened production config — review it against your security baseline before deploying.
The generator outputs a server block scoped to your domain with the listen directive on 80 (with an automatic 301 to HTTPS) and 443 (with TLS). The proxy_pass directive points to your upstream, and the location blocks include the proxy_set_header lines that actually pass client info through to the upstream — without them, your application sees Nginx's own IP for every request. WebSocket upgrades require the Connection and Upgrade headers, so reverse-proxy mode adds those when applicable. SSL settings default to TLS 1.2 and 1.3 with a modern cipher suite; older protocols (TLS 1.0, 1.1) are explicitly excluded because nothing modern needs them and they introduce known vulnerabilities.
A worked example: you have a Node.js app running on localhost:3000 and a domain example.com with a Let's Encrypt cert. Pick "reverse proxy," fill in example.com, upstream localhost:3000, cert paths /etc/letsencrypt/live/example.com/fullchain.pem and privkey.pem. The generator produces a server block listening on 443 with the cert, proxying to localhost:3000, setting the proxy headers, and a second server block listening on 80 that 301s everything to HTTPS. Drop the file into /etc/nginx/sites-available/example.com, symlink to sites-enabled, run `nginx -t` to validate, then `nginx -s reload`. Total time: under 10 minutes.
Where this stops being adequate: anything serving real traffic should also configure rate limiting, request body size limits, security headers (HSTS, X-Frame-Options, CSP), and possibly a WAF. The generator gives you the skeleton, not the security hardening pass. For HTTPS-specific concerns, run the deployed site through SSL Labs (ssllabs.com/ssltest) — anything below an A grade is worth investigating. For the broader hardening checklist, the Mozilla Web Server Security Guidelines are the standard reference. Production-grade Nginx tuning also includes worker process counts, keepalive settings, and buffer sizes, none of which are in the generator's scope.
The about text and FAQ on this page were drafted with AI assistance and reviewed by a member of the Coherence Daddy team before publishing. See our Content Policy for editorial standards.