BestHub
Sign in
Backend Development 8 min read

Master Nginx: Multi-Domain, Auth, Autoindex, and Reverse Proxy Tricks

This guide walks through practical Nginx configurations—including serving multiple domains, setting up basic authentication, enabling directory listings, defining default sites, blocking unwanted IP access, handling verification files, configuring upstream reverse proxies, enabling keepalive, and redirecting 404 errors—to help operators and developers optimize their web server setups.

Efficient Ops
Efficient Ops
Efficient Ops
Master Nginx: Multi-Domain, Auth, Autoindex, and Reverse Proxy Tricks

Multiple Domains for One Site

server {
  listen 80;
  server_name ops-coffee.cn b.ops-coffee.cn;
}

Use server_name with space‑separated domain names.

One Service Hosting Multiple Sites

server {
  listen 80;
  server_name a.ops-coffee.cn;
  location / {
    root /home/project/pa;
    index index.html;
  }
}
server {
  listen 80;
  server_name ops-coffee.cn b.ops-coffee.cn;
  location / {
    root /home/project/pb;
    index index.html;
  }
}
server {
  listen 80;
  server_name c.ops-coffee.cn;
  location / {
    root /home/project/pc;
    index index.html;
  }
}

Nginx supports three types of virtual hosts:

IP‑based virtual host : requires multiple IP addresses, less common.

Port‑based virtual host : each site listens on a different port.

Name‑based virtual host : most widely used; differentiate sites by server_name.

Basic Auth with Username/Password

server {
    location / {
        auth_basic "please input user&passwd";
        auth_basic_user_file key/auth.key;
    }
}

Generate encrypted passwords with a small Perl script.

# cat pwd.pl
#!/usr/bin/perl
use strict;
my $pw=$ARGV[0];
print crypt($pw,$pw);
# perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key

Enable Directory Listing

server {
    location download {
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
    }
}
autoindex_exact_size

controls size units, and autoindex_localtime toggles timestamp display. To force download of certain file types, add:

if ($request_filename ~* ^.*?.(txt|pdf|jpg|png)$) {
    add_header Content-Disposition 'attachment';
}

Default Site Configuration

server {
    listen 80 default;
}

Place the default server first or use listen default to catch unmatched hosts.

Block Access by IP or Unconfigured Domains

server {
    listen 80 default;
    server_name _;
    return 404;
}

Alternatively, redirect all unmatched traffic to a primary domain:

server {
    rewrite ^/(.*)$ https://ops-coffee.cn/$1 permanent;
}

Serve Verification File Directly

location = /XDFyle6tNA.txt {
    default_type text/plain;
    return 200 'd6296a84657eb275c05c31b10924f6ea';
}

Upstream Reverse Proxy

http {
    upstream tomcats {
        server 192.168.106.176 weight=1;
        server 192.168.106.177 weight=1;
    }
    server {
        location /ops-coffee/ {
            proxy_pass http://tomcats;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

Distinguish proxy_pass http://tomcats (no trailing slash) from proxy_pass http://tomcats/; the former preserves the original URI, while the latter replaces it with the upstream URI.

Enable Keepalive for Upstream

upstream tomcat {
    server ops-coffee.cn:8080;
    keepalive 1024;
}
server {
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://tomcat;
    }
}

Keepalive reduces TCP connection overhead; it requires HTTP/1.1 and clearing the Connection header to avoid accidental closure.

Redirect 404 Errors to Home Page

server {
    location / {
        error_page 404 = @ops-coffee;
    }
    location @ops-coffee {
        rewrite .* / permanent;
    }
}

This configuration sends users encountering a 404 directly back to the site’s homepage.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

reverse proxyKeepaliveBasic AuthVirtual Host
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment