ToolBelt

nginx Config Builder

Generate a reverse-proxy or static-site nginx server block.

Open tool

Overview

Fill in the basics - server name, port, document root or upstream backend, TLS toggle - and generate an nginx server { } block for either static site hosting or reverse proxying. Optional toggles add HTTP/2, HSTS, gzip, security headers, and basic auth.

It's for sysadmins and developers configuring nginx as a frontend for an upstream application or as a static file server. Reach for it when standing up a new site, setting up a quick HTTPS terminator in front of a backend service, or assembling a config that mirrors prod for local development.

How it works

The generator emits the canonical nginx directive shape: a server block with listen, server_name, plus either root and location / { try_files ... } for static sites or location / { proxy_pass http://backend; ... } for proxies. TLS adds ssl_certificate, ssl_certificate_key, and the recommended ssl_protocols TLSv1.2 TLSv1.3.

Security headers are emitted via add_header directives - HSTS, CSP, X-Content-Type-Options. The output follows the directive conventions documented in the nginx core docs.

Examples

  • Static site, HTTP only: 
    server {
    listen 80;
    server_name example.com;
    root /var/www/example;

    location / {
        try_files $uri $uri/ =404;
    }
}
  • TLS with redirect from port 80: 
    server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    root /var/www/example;
}
  • Reverse proxy: 
    location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
  • HSTS header: 
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;

FAQ

Where do I put the file?

/etc/nginx/sites-available/yoursite.conf (Debian/Ubuntu) with a symlink in sites-enabled/, or /etc/nginx/conf.d/yoursite.conf (RHEL/Alpine). Run nginx -t to test before reloading.

Why use HTTP/2 instead of HTTP/1.1?

HTTP/2 multiplexes requests on a single connection, cutting handshake overhead. Combined with TLS it's the modern default for everything.

Do I need proxy_set_header Host?

Yes when proxying - without it your backend sees Host: 127.0.0.1 (or whatever the proxy_pass target is) and routing breaks. Always pass the client's Host upstream.

Where do logs go?

By default access logs go to /var/log/nginx/access.log and errors to error.log. Use the access_log and error_log directives to override per-server.

Try nginx Config Builder

An unhandled error has occurred. Reload ×