BestHub
Sign in
Backend Development 37 min read

Comprehensive Nginx Configuration Guide: Installation, Core Settings, Reverse Proxy, Load Balancing, Caching, HTTPS, CORS and Performance Tuning

This article provides an in‑depth tutorial on Nginx, covering installation on Linux, core configuration directives, server name and location matching, reverse proxy setup, various load‑balancing algorithms, caching strategies, HTTPS setup, CORS handling, gzip compression, and an overview of Nginx's process architecture and module system.

Top Architect
Top Architect
Top Architect
Comprehensive Nginx Configuration Guide: Installation, Core Settings, Reverse Proxy, Load Balancing, Caching, HTTPS, CORS and Performance Tuning

Introduction – Nginx is an open‑source, high‑performance web and reverse‑proxy server widely used for static content delivery, load balancing, and API gateway functions.

Installation – On CentOS 7 you can install Nginx with yum install nginx -y. After installation, use rpm -ql nginx to view installed files and directories such as /etc/nginx/nginx.conf, /etc/nginx/conf.d/, and the default document root /usr/share/nginx/html.

Core Configuration – The main sections of nginx.conf are main, events, and http. Example snippets:

# main section
user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

# events section
events {
    use epoll;
    worker_connections 1024;
}

# http section
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
}

Server Name & Location Matching – Use server_name for virtual hosts with exact, wildcard, or regex matching. The location directive supports modifiers (=, ~, ~*, ^~) and determines URI handling. Example:

server {
    listen 80;
    server_name www.example.com;
    location = /exact/ { root /var/www/exact; }
    location ~* \.(jpg|png|gif)$ { root /var/www/images; }
}

Reverse Proxy – Forward client requests to backend services using proxy_pass. The presence or absence of a trailing slash in the URL changes how the request URI is rewritten.

# No trailing slash – URI is passed unchanged
location /api/ { proxy_pass http://backend:8080; }

# With trailing slash – matched part is stripped
location /api/ { proxy_pass http://backend:8080/; }

Load Balancing – Define upstream server pools with upstream and select algorithms such as round‑robin (default), least_conn, ip_hash, or hash $request_uri. Example:

upstream backend_pool {
    server 10.0.0.1:8080;
    server 10.0.0.2:8080;
    least_conn;
}
server {
    listen 80;
    location / { proxy_pass http://backend_pool; }
}

Caching – Enable proxy caching with proxy_cache_path and proxy_cache. Configure cache key, validity, and bypass rules. Example:

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache_zone:10m max_size=2g inactive=60m;
upstream cache_backend { server 10.0.0.3:8080; }
server {
    listen 80;
    location / {
        proxy_cache cache_zone;
        proxy_cache_valid 200 5m;
        proxy_cache_key $request_uri;
        add_header X-Cache $upstream_cache_status;
        proxy_pass http://cache_backend;
    }
}

HTTPS – Configure SSL certificates with ssl_certificate and ssl_certificate_key. Example minimal SSL server block:

server {
    listen 443 ssl http2;
    server_name example.com;
    ssl_certificate /etc/nginx/ssl/example.crt;
    ssl_certificate_key /etc/nginx/ssl/example.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    location / { root /usr/share/nginx/html; }
}

CORS – To allow cross‑origin requests, add appropriate Access-Control-Allow-Origin headers in a location block or use an if statement to set them conditionally.

Gzip Compression – Enable gzip with gzip on;, specify MIME types, compression level, and buffer settings. Example:

gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml;
gzip_comp_level 6;

Architecture – Nginx uses a master‑worker model. The master process reads configuration and spawns multiple worker processes that handle client connections. Workers share memory zones for load‑balancing state, caching, and rate limiting. Reloading configuration sends a HUP signal to the master, which validates the new config, starts new workers, and gracefully shuts down the old ones.

Conclusion – By mastering Nginx’s core directives, upstream definitions, proxy settings, caching, SSL, CORS, and performance tuning, developers can build robust, scalable, and secure web infrastructures.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

load balancingConfigurationcachingNginxreverse proxyWeb serverHTTPS
Top Architect
Written by

Top Architect

Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment