Top 40 Nginx Interview Questions Every DevOps Engineer Should Master

What is Nginx?

Nginx is a lightweight, high‑performance reverse‑proxy web server that supports HTTP, HTTPS, SMTP, POP3 and IMAP protocols, capable of handling tens of thousands of concurrent connections with low memory usage.

What are the advantages of Nginx?

Cross‑platform and easy to configure.

Non‑blocking, high‑concurrency handling (2‑3 万 connections, up to 5 万 reported).

Low memory consumption (10 workers use ~150 MB).

Open‑source and cost‑effective.

High stability with minimal downtime.

Built‑in health‑check: failed back‑ends are automatically bypassed.

Typical Nginx use cases

Standalone HTTP server for static content.

Virtual hosting to serve multiple sites on one machine.

Reverse proxy and load balancing for high‑traffic applications.

API gateway and security management.

How does Nginx process a request?

server {
    # first server block – independent virtual host
    listen 80;               # default port
    server_name localhost;   # host name
    location / {
        root html;          # site root directory
        index index.html index.html;
    }
}

When Nginx starts, the master process parses the configuration, creates listening sockets, then forks worker processes. Workers accept connections, create ngx_connection_t structures, register read/write events, and handle data exchange. After the client or server closes the connection, the connection is terminated.

How does Nginx achieve high concurrency?

Nginx uses an asynchronous, non‑blocking event model. A small number of worker processes handle many connections by registering events for I/O‑waiting operations (e.g., upstream requests) and returning to the event loop, allowing a few processes to serve massive concurrent traffic.

What is a forward proxy?

A forward proxy sits between a client and the origin server; the client sends requests to the proxy, which forwards them to the target server and returns the response.

What is a reverse proxy?

A reverse proxy receives Internet requests, forwards them to internal servers, and returns the results to the client, hiding the origin servers and providing security, load balancing, and caching.

Nginx directory structure

[root@localhost ~]# tree /usr/local/nginx
/usr/local/nginx
├── client_body_temp
├── conf                     # configuration files
│   ├── fastcgi.conf
│   ├── fastcgi.conf.default
│   ├── fastcgi_params
│   ├── fastcgi_params.default
│   ├── mime.types
│   ├── mime.types.default
│   ├── nginx.conf            # main config
│   └── ...
├── fastcgi_temp
├── html                     # default site
│   ├── 50x.html
│   └── index.html
├── logs
│   ├── access.log
│   └── error.log
├── sbin
│   └── nginx                # executable
└── ...

What modules are defined in nginx.conf ?

worker_processes 1;               # number of workers

events {
    worker_connections 1024;    # max connections per worker
}

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    server {
        listen 80;
        server_name localhost;
        location / {
            root html;
            index index.html index.htm;
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html { root html; }
    }
}

Cookie vs Session

Common : both store user data as key‑value pairs.

Cookie – stored in the client browser, one per domain, visible and editable by the user, set via HTTP response headers.

Session – stored on the server (files, DB, Redis), can hold sensitive data, identified by a session ID cookie.

Why doesn’t Nginx use multithreading?

Unlike Apache, which spawns many processes/threads, Nginx uses a single‑threaded, event‑driven model (epoll) that avoids per‑request CPU/memory allocation, reducing context switches and supporting higher concurrency.

Difference between Nginx and Apache

Nginx is lightweight, uses less memory, handles connections asynchronously, and is highly modular, whereas Apache follows a process‑oriented model and consumes more resources under high load.

Dynamic vs static resource separation

Separating static files (CSS, JS, images) from dynamic content allows caching of static assets, improving response speed and reducing backend load.

What is a CDN?

A Content Delivery Network distributes content to edge nodes close to users, reducing latency and increasing bandwidth.

How to configure static‑resource handling in Nginx

location /image/ {
    root /usr/local/static/;
    autoindex on;
}

Load‑balancing algorithms

Round‑robin (default)

Weight‑based

IP‑hash (session affinity)

Fair (third‑party module)

URL‑hash (third‑party module)

# round‑robin
upstream backserver {
    server 1112;
    server 1113;
}

# weight
upstream backserver {
    server 1112 weight=2;
    server 1113 weight=8;
}

# ip_hash
upstream backserver {
    ip_hash;
    server 1112:88;
    server 1113:80;
}

How to solve front‑end cross‑origin issues with Nginx

Configure Nginx to proxy cross‑origin API calls to the real backend, making the request appear same‑origin to the browser.

Virtual host configuration

Domain‑based, port‑based, and IP‑based virtual hosts can be defined with separate server blocks.

# domain‑based
server {
    listen 80;
    server_name www.example.com;
    location / { root /data/www; index index.html; }
}

# port‑based
server {
    listen 8080;
    server_name example.com;
    location / { root /data/www; index index.html; }
}

Location directive purpose

Matches request URIs to apply specific handling. Syntax examples:

# exact match
location =/ { return 400; }
# prefix match
location ^~ /av { root /data/av/; }
# case‑sensitive regex
location ~ /media { alias /data/static/; }
# case‑insensitive regex for static files
location ~* .*\\.(jpg|gif|png|js|css)$ { root /data/av/; }
# generic catch‑all
location / { return 403; }

Rate limiting (flow control)

Nginx can limit request rates using the leaky‑bucket algorithm via ngx_http_limit_req_module.

# limit one request per minute per IP
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/m;
server {
    location /seckill.html {
        limit_req zone=one;
        proxy_pass http://backend;
    }
}

For burst traffic, add burst and nodelay parameters.

limit_req zone=one burst=5 nodelay;

Concurrent connection limiting

http {
    limit_conn_zone $binary_remote_addr zone=myip:10m;
    limit_conn_zone $server_name zone=myServerName:10m;
}
server {
    location / {
        limit_conn myip 10;
        limit_conn myServerName 100;
    }
}

Leak‑bucket vs token‑bucket algorithms

Leak‑bucket: requests enter a bucket that drains at a fixed rate; excess requests are dropped.

Token‑bucket: tokens are added at a constant rate; a request proceeds only if a token is available.

High availability configuration

server {
    listen 80;
    server_name www.example.com;
    location / {
        proxy_pass http://backServer;
        proxy_connect_timeout 1s;
        proxy_send_timeout 1s;
        proxy_read_timeout 1s;
    }
}

Blocking specific IPs

if ($remote_addr = 111.15.0.1) { return 403; }

Blocking browsers (e.g., Chrome)

if ($http_user_agent ~ Chrome) { return 500; }

Global rewrite variables

$remote_addr   # client IP
$binary_remote_addr # client IP in binary
$remote_port  # client port
$host          # request host header
$request       # full request line
$request_uri   # URI with args
$scheme        # http or https
... (other variables listed in source)

Health checks for upstream servers

Using built‑in ngx_http_proxy_module and ngx_http_upstream_module or the third‑party nginx_upstream_check_module to monitor backend health.

Enabling gzip compression

http {
    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 2;
    gzip_types text/plain application/javascript text/css application/xml image/jpeg image/gif image/png;
    gzip_vary on;
}

Common Nginx status codes

499 – client closed request before server responded.

502 – bad gateway (upstream error, timeout, buffer issues, etc.).

# example fastcgi timeouts
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;

# buffer settings
fastcgi_buffer_size 32k;
fastcgi_buffers 8 32k;

# proxy buffer settings
proxy_buffer_size 16k;
proxy_buffers 4 16k;