SSH Workbench

Nginx Config Generator

Build nginx server blocks for reverse proxy, SSL, static sites, SPAs, PHP, and load balancers.

Client-side only — nothing leaves your browser

Space-separate for multiple domains. Use _ to catch all hostnames.

Where to forward requests. Common: http://localhost:3000 for Node/Next.js.

Max upload size. Leave blank to use nginx default (1M).

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;

    # Redirect all HTTP traffic to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com www.example.com;

    # SSL certificate (e.g. issued by Let's Encrypt / certbot)
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # Modern TLS configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    client_max_body_size 10M;

    # gzip compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;

    # Forward all traffic to the upstream application
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Save to /etc/nginx/sites-available/example.conf, symlink into sites-enabled/, then run sudo nginx -t && sudo systemctl reload nginx.

What Is an Nginx Config File?

An nginx config file tells nginx how to listen for incoming requests and what to do with them — serve a static directory, proxy to a backend application, terminate TLS, load balance across upstream servers, or any combination. Nginx config uses its own declarative syntax built from directives (single-line settings like listen 443 ssl;) and contexts (curly-brace blocks like server { ... }, location / { ... }, upstream backend { ... }). On Ubuntu and Debian the main file lives at /etc/nginx/nginx.conf and per-site server blocks go in /etc/nginx/sites-available/, symlinked into sites-enabled/.

Common Nginx Directives Reference

DirectivePurposeExample
listenPort (and optional ssl/http2 flags) the server block binds tolisten 443 ssl http2;
server_nameHostname(s) this server block matchesexample.com www.example.com
rootFilesystem directory for serving files/var/www/example.com
indexDefault file(s) to serve for a directory requestindex.html index.htm
locationMatch a URL prefix or pattern to apply ruleslocation /api/ { ... }
proxy_passForward the request to an upstream URLproxy_pass http://127.0.0.1:3000;
upstreamDefine a named pool of backend serversupstream backend { server 10.0.0.1; }
returnReply immediately with a status code (great for redirects)return 301 https://$host$request_uri;
try_filesTry files in order, fall back to the last argumenttry_files $uri $uri/ /index.html;
client_max_body_sizeMax request body size (upload limit)client_max_body_size 100M;
ssl_certificatePath to the TLS certificate chain (PEM)/etc/letsencrypt/live/.../fullchain.pem
gzipToggle response compressiongzip on;

After You Paste the Config

The standard workflow on Ubuntu/Debian once you have your generated server block:

  1. Save it to /etc/nginx/sites-available/yoursite.conf.
  2. Symlink into the enabled directory: sudo ln -s /etc/nginx/sites-available/yoursite.conf /etc/nginx/sites-enabled/.
  3. Test the syntax: sudo nginx -t. If this prints "test is successful", you're good. Otherwise it tells you the line number to fix.
  4. Reload nginx without dropping connections: sudo systemctl reload nginx (or sudo nginx -s reload).
  5. For SSL, issue a certificate first: sudo certbot --nginx -d example.com -d www.example.com.

A dedicated nginx config tester / validator and nginx config checker are on the roadmap — for now, nginx -t is the canonical way to validate a generated config before reloading.

Frequently Asked Questions

Where is the nginx config file located?
The main config file is /etc/nginx/nginx.conf on Linux (Ubuntu, Debian, CentOS, Alpine, Arch). It pulls in per-site server blocks from /etc/nginx/conf.d/*.conf and, on Debian/Ubuntu, from /etc/nginx/sites-enabled/* (which are symlinks into /etc/nginx/sites-available/). On macOS installed via Homebrew, the path is /opt/homebrew/etc/nginx/nginx.conf (Apple Silicon) or /usr/local/etc/nginx/nginx.conf (Intel). In an official nginx Docker image, the default config is at /etc/nginx/nginx.conf and the default server block at /etc/nginx/conf.d/default.conf. Run nginx -V 2>&1 | grep -o '\--conf-path=\S*' to see the path your binary was compiled with.
What is the difference between sites-available, sites-enabled, and conf.d?
conf.d/ is the upstream nginx convention — every .conf file in it is loaded automatically. sites-available/ and sites-enabled/ are a Debian/Ubuntu convention that splits the two concepts: you write configs in sites-available/, then symlink the ones you want active into sites-enabled/. This lets you disable a site by removing one symlink (sudo rm /etc/nginx/sites-enabled/old.conf) without deleting the original. Both directories are included by the default nginx.conf via 'include' directives, so it's purely organizational — you can use either, or both. Inside a Docker container, most images skip sites-enabled and use only conf.d/.
How do I configure nginx as a reverse proxy?
At a minimum, a reverse proxy server block needs a server_name, a listen port, and a location with proxy_pass pointing at your upstream app. You almost always also want proxy_set_header lines for Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto so the backend sees the real client IP and original protocol — without these your app will log 127.0.0.1 for every request. For WebSocket apps (Socket.IO, HMR, GraphQL subscriptions), add proxy_http_version 1.1 plus the Upgrade and Connection headers. The generator above produces all of this when you pick 'Reverse proxy' mode.
How do I test an nginx config before reloading?
Run sudo nginx -t. This parses the current /etc/nginx/nginx.conf (plus everything it includes) and either prints 'syntax is ok / test is successful' or reports the exact file and line number of the problem. Always run this before sudo systemctl reload nginx — a reload with a bad config will leave nginx running on the old config silently, but a full restart with a bad config will refuse to start and take your site down. For a deeper check use nginx -T (capital T) which prints the fully merged config to stdout so you can confirm includes resolved correctly. A dedicated browser-based nginx config validator and tester are separate planned tools.
How do I redirect HTTP to HTTPS in nginx?
Define two server blocks. The first listens on port 80 and does nothing but 301-redirect: 'server { listen 80; server_name example.com www.example.com; return 301 https://$host$request_uri; }'. The second listens on 443 ssl with your ssl_certificate and ssl_certificate_key directives and serves the actual content. Using 'return 301' is preferred over rewrite for redirects — it's faster and the intent is explicit. Enabling 'Redirect HTTP to HTTPS' in the form above generates both blocks automatically.

Related Tools

Nginx to Caddy Converter

Convert nginx server blocks to Caddyfile syntax. Maps reverse_proxy, TLS, redirects, and headers.

Traefik Label Generator

Generate Traefik v2/v3 Docker labels visually. Build host rules, TLS, redirects, basic auth, and middleware.

Docker Compose Generator

Build docker-compose.yml visually. Add services, volumes, networks, env vars — with live YAML and lint warnings.

Dockerfile Generator

Build Dockerfiles from form inputs. Multi-stage builds, healthchecks, and best-practice hints inline.

PM2 Ecosystem Generator

Visual builder for ecosystem.config.js. Configure cluster mode, env vars, watch, and max_memory_restart.

Need to manage SSH connections?

SSH Workbench lets you connect, browse files, and manage servers visually.

Try SSH Workbench Free