A Minimal Nginx Tutorial: Installation, Commands, Reverse Proxy, HTTPS, Load Balancing and Advanced Configurations

Nginx (engine x) is a lightweight web server, reverse proxy server and email (IMAP/POP3) proxy server.

What Is a Reverse Proxy?

A reverse proxy receives client requests from the Internet, forwards them to internal servers, and returns the server responses to the client, acting as an intermediary.

Nginx Basics

Common commands:

nginx -s stop          # fast stop, may lose data
nginx -s quit          # graceful stop, saves state
nginx -s reload        # reload configuration
nginx -s reopen        # reopen log files
nginx -c filename     # use a specific config file
nginx -t               # test config syntax only
nginx -v               # show version
nginx -V               # show version, compiler and configure options

You can place the following batch file startup.bat in the Nginx installation directory to start it with a double‑click:

@echo off
rem kill existing nginx if pid file exists
nginx.exe -s stop

rem test config syntax
nginx.exe -t -c conf/nginx.conf

rem show version
nginx.exe -v

rem start nginx with specific config
nginx.exe -c conf/nginx.conf

On Linux you would write a similar shell script.

HTTP Reverse Proxy

Example nginx.conf for a simple HTTP reverse proxy (no complex settings):

# HTTP server
server {
    listen 80;
    server_name www.helloworld.com;
    location / {
        proxy_pass http://zp_server1;
    }
    # static files
    location ~ ^/(images|javascript|js|css|flash|media|static)/ {
        root D:_WorkspaceProjectgithubzpSpringNotesspring-securityspring-shirosrcmainwebappiews;
        expires 30d;
    }
    # status page
    location /NginxStatus {
        stub_status on;
        access_log on;
        auth_basic "NginxStatus";
        auth_basic_user_file conf/htpasswd;
    }
    # deny .ht* files
    location ~ /.ht {
        deny all;
    }
}

Steps to test:

Start the webapp on the same port defined in the upstream block.

Add a DNS entry 127.0.0.1 www.helloworld.com to your hosts file.

Run the startup.bat script.

Visit http://www.helloworld.com in a browser.

HTTPS Reverse Proxy

HTTPS uses port 443 and requires a certificate and key:

# HTTPS server
server {
    listen 443 ssl;
    server_name www.helloworld.com;
    ssl_certificate      cert.pem;
    ssl_certificate_key  cert.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
        root /root;
        index index.html index.htm;
    }
}

Load Balancing

Example of weighted round‑robin load balancing across three backend servers:

http {
    upstream load_balance_server {
        server 192.168.1.11:80 weight=5;
        server 192.168.1.12:80 weight=1;
        server 192.168.1.13:80 weight=6;
    }
    server {
        listen 80;
        server_name www.helloworld.com;
        location / {
            proxy_pass http://load_balance_server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_connect_timeout 90;
            proxy_send_timeout 90;
            proxy_read_timeout 90;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            client_max_body_size 10m;
            client_body_buffer_size 128k;
        }
    }
}

Other load‑balancing methods (round robin, weighted, least_conn, ip_hash, hash) are shown with their respective upstream blocks.

Multiple Webapp Routing

When a site hosts several independent webapps, each can run on a different port and be proxied via distinct locations:

http {
    upstream product_server { server www.helloworld.com:8081; }
    upstream admin_server   { server www.helloworld.com:8082; }
    upstream finance_server { server www.helloworld.com:8083; }
    server {
        listen 80;
        server_name www.helloworld.com;
        location / { proxy_pass http://product_server; }
        location /product/ { proxy_pass http://product_server; }
        location /admin/   { proxy_pass http://admin_server; }
        location /finance/ { proxy_pass http://finance_server; }
    }
}

Static Site Hosting

Serve a static site from /app/dist:

worker_processes 1;

events { worker_connections 1024; }

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    gzip on;
    server {
        listen 80;
        server_name static.zp.cn;
        location / {
            root /app/dist;
            index index.html;
        }
    }
}

Add 127.0.0.1 static.zp.cn to the hosts file and browse to http://static.zp.cn.

Simple File Server

Enable directory listing with size and timestamp:

autoindex on;
autoindex_exact_size on;
autoindex_localtime on;

server {
    charset utf-8,gbk;
    listen 9050 default_server;
    listen [::]:9050 default_server;
    server_name _;
    root /share/fs;
}

CORS Handling with Nginx

Define enable-cors.conf to set the appropriate Access‑Control‑* headers based on request method and origin, then include it in the /api/ location block:

# enable-cors.conf (excerpt)
set $ACAO '*';
if ($http_origin ~* (www.helloworld.com)$) { set $ACAO $http_origin; }
if ($request_method = 'OPTIONS') { set $cors "${cors}options"; }
if ($request_method = 'GET')    { set $cors "${cors}get"; }
if ($request_method = 'POST')   { set $cors "${cors}post"; }

# main server block
server {
    listen 80;
    server_name www.helloworld.com;
    location ~ ^/api/ {
        include enable-cors.conf;
        proxy_pass http://api_server;
        rewrite "^/api/(.*)$" /$1 break;
    }
    location ~ ^/ {
        proxy_pass http://front_server;
    }
}

With these configurations Nginx can serve as a reverse proxy, load balancer, static site host, file server and CORS gateway.