What does this nginx config generator produce?

It produces a complete server block (and an optional HTTP-to-HTTPS redirect server) covering listen ports, server_name, TLS, gzip, security headers, static caching, rate limiting and your custom location blocks. You can copy it or download it as a .conf file.

Where do I put the generated file on my server?

Save it to /etc/nginx/sites-available/yourdomain.conf, then create a symlink in /etc/nginx/sites-enabled. Run nginx -t to test the syntax and reload with systemctl reload nginx. The generated comments include these paths.

Does it handle reverse-proxy setups like Node, Django or a Docker container?

Yes. Choose reverse proxy mode and enter the upstream URL such as http://127.0.0.1:3000. It adds proxy_pass with the standard Host, X-Real-IP, X-Forwarded-For and X-Forwarded-Proto headers, plus optional WebSocket upgrade headers for real-time apps.

How does the rate limiting option work?

When enabled it emits a limit_req_zone directive as a comment to add to the http block in nginx.conf, then references that zone with limit_req inside your location blocks using a burst that is twice your requests-per-second value.

Is the SSL configuration secure by default?

It restricts protocols to TLS 1.2 and 1.3, prefers strong ECDHE ciphers, enables session caching and can add an HSTS header with preload. You still supply your own certificate and key paths, for example from Let's Encrypt.

Is my configuration sent anywhere?

No. Everything runs in your browser with JavaScript. Your domains, paths and options never leave your machine, and your last configuration is saved only in this browser via localStorage.

Nginx Config Generator

A practical nginx config generator that turns a handful of plain-language choices into a complete, production-shaped server block you can drop straight onto a server. Instead of memorising directive names and the exact syntax for TLS, gzip, proxying and rate limiting, you fill in fields and flip toggles, and the configuration is assembled live as you type. It is built for developers and sysadmins setting up a new site, wiring a reverse proxy in front of a Node, Python or Go application, or hardening an existing host without hunting through documentation.

How it works

You start with the server identity: a primary server_name, any extra hostnames (these are de-duplicated and joined for you), and the HTTP port. Then you choose what the server actually does. Static files serves a document root with a sensible try_files fallback to a 404. Single-page app swaps that fallback for try_files $uri $uri/ /index.html so client-side routing works. Reverse proxy sends traffic to an upstream URL and adds the standard forwarding headers, with an optional WebSocket upgrade block for real-time apps.

On top of that core, the TLS section emits a modern SSL setup: TLS 1.2 and 1.3 only, strong ECDHE cipher suites, session caching, optional HTTP/2, an optional permanent redirect from plain HTTP to HTTPS, and an optional HSTS header. The performance controls add gzip compression and long-lived, immutable caching for static assets with a configurable expiry. The security controls add common response headers, hide the nginx version, deny access to dotfiles such as .env and .git, and switch on token-bucket rate limiting. You can also append any number of custom location blocks to proxy or alias specific paths. A small linter flags common mistakes, such as enabling SSL without a certificate path, before you ship. Everything is computed in the browser, and your last setup is restored from local storage on your next visit.

Example

Say you are deploying a Next.js app on a fresh server behind nginx. You set the server name to app.example.com, pick reverse proxy, point the upstream at http://127.0.0.1:3000, enable WebSocket upgrade for hot-reload and live features, switch on SSL with your Let’s Encrypt fullchain.pem and privkey.pem paths, keep HTTP/2, the HTTP to HTTPS redirect and HSTS on, and leave gzip plus the security headers enabled. The tool produces two server blocks: one on port 80 that issues a 301 redirect to HTTPS, and one on 443 ssl http2 that proxies to your app with the correct forwarded headers. You click copy, paste into /etc/nginx/sites-available/app.example.com.conf, run nginx -t, reload, and you are live with a hardened, compressed, TLS-terminating proxy in under a minute.

Frequently asked questions

The FAQs above cover deployment paths, reverse-proxy header handling, rate-limiting mechanics, the TLS defaults and privacy. In short: the output is a real, reload-ready config, every option maps to a documented nginx directive, and nothing you type ever leaves your browser.