Essential Nginx Configuration Cheat Sheet: Quick Snippets for Ports, Logs, SSL, and More

Introduction

Nginx is a high‑performance HTTP server, reverse proxy, and mail proxy. It is widely used because it offers a rich feature set, low resource consumption, and stable operation. This summary provides ready‑to‑use configuration snippets for common Nginx scenarios.

Port Listening

Define the ports and protocols that Nginx should accept. The listen directive can be used multiple times within a server block.

server {
    # Standard HTTP
    listen 80;
    # Standard HTTPS
    listen 443 ssl;
    # Enable HTTP/2 on HTTPS
    listen 443 ssl http2;
    # IPv6 on port 80
    listen [::]:80;
    # IPv6‑only mode (rejects IPv4-mapped addresses)
    listen [::]:80 ipv6only=on;
}

Access Log

Control where request logs are written and whether logging is enabled.

server {
    # Absolute or relative path to the log file
    access_log /var/log/nginx/access.log;
    # Turn logging on or off (default is on)
    access_log on;
}

Server Name (Domain)

Match incoming Host headers to one or more domain names.

server {
    # Single domain
    server_name example.com;
    # Multiple domains (including www)
    server_name example.com www.example.com;
    # Wildcard for any sub‑domain
    server_name *.example.com;
    # Wildcard for any top‑level domain under a base name
    server_name example.*;
    # Empty string matches a request without a Host header (direct IP access)
    server_name "";
}

Serving Static Assets

Serve files from a directory on the filesystem.

server {
    listen 80;
    server_name example.com;
    location / {
        root /var/www/example;
    }
}

Redirects

Use the return directive for permanent (301) redirects.

# Redirect www to the bare domain
server {
    listen 80;
    server_name www.example.com;
    return 301 http://example.com$request_uri;
}

# Redirect a specific path to another domain
server {
    listen 80;
    server_name www.example.com;
    location /old-path {
        return 301 http://newsite.com;
    }
}

Reverse Proxy

Forward all requests to an upstream application server (e.g., a Node.js app on port 3000).

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_pass http://127.0.0.1:3000;
    }
}

Load Balancing

Define an upstream group with multiple backend servers and proxy to it.

upstream app_pool {
    server 127.0.0.1:3000;
    server 127.0.0.1:4000;
    server 123.131.121.122;
}

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_pass http://app_pool;
    }
}

SSL/TLS Configuration

Enable HTTPS, specify certificates, and enforce security headers.

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.pem;
    ssl_certificate_key /etc/ssl/private/example.com.key;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/ssl/certs/fullchain.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_timeout 1h;
    ssl_session_cache shared:SSL:50m;
    add_header Strict-Transport-Security "max-age=15768000";
}

# Redirect all HTTP traffic to HTTPS
server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

Visual Configuration Generator (Optional)

An open‑source web tool can generate equivalent Nginx blocks based on selected options such as reverse proxy, HTTPS, HTTP/2, IPv6, caching, WordPress, CDN, Node.js, or Django. The tool is hosted at https://nginxconfig.io/ and its source code is available at https://github.com/digitalocean/nginxconfig.io.