Nginx Cheatsheet

This cheatsheet provides a comprehensive and practical reference for Nginx commands and configuration. It covers basic commands, configuration files, server blocks, location & rewrite, security, logs, command combos, and more. Use it to boost your productivity in web server management and automation.

access-log
browser-cache
cache
configuration
error-log
headers
http2
https
ip-hash
load-balancing
logging
proxy
proxy-cache
rate-limiting
request
response
security
server
service
ssl
systemctl
upgrade
upstream
variables
websocket
weight

Basic Commands

Essential Nginx commands for service management and configuration

# Service Management
sudo systemctl status nginx  # Check service status
sudo systemctl start nginx   # Start service
sudo systemctl stop nginx    # Stop service
sudo systemctl restart nginx # Restart service
sudo systemctl reload nginx  # Reload configuration

# Configuration
nginx -t                    # Test configuration syntax
nginx -T                    # Show full configuration
nginx -V                    # Show version and build options
service
systemctl
configuration

Server Blocks

Basic server block configurations for different scenarios

# Basic HTTP Server
server {
    listen 80;
    server_name example.com;
    root /var/www/html;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

# HTTPS Server
server {
    listen 443 ssl http2;
    server_name example.com;
    
    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    
    # SSL Configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;
    
    # HSTS
    add_header Strict-Transport-Security "max-age=63072000" always;
}
server
ssl
https
http2

Reverse Proxy

Common reverse proxy configurations for various applications

# Basic Reverse Proxy
location / {
    proxy_pass http://localhost:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

# WebSocket Support
location /ws {
    proxy_pass http://localhost:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
}
proxy
websocket
upgrade

Load Balancing

Different load balancing methods and configurations

# Basic Load Balancing
upstream backend {
    server backend1.example.com:8080;
    server backend2.example.com:8080;
    server backend3.example.com:8080;
}

# Weighted Load Balancing
upstream backend {
    server backend1.example.com:8080 weight=3;
    server backend2.example.com:8080 weight=2;
    server backend3.example.com:8080 weight=1;
}

# IP Hash Load Balancing
upstream backend {
    ip_hash;
    server backend1.example.com:8080;
    server backend2.example.com:8080;
    server backend3.example.com:8080;
}
load-balancing
upstream
weight
ip-hash

Security

Security-related configurations and best practices

# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;

# Rate Limiting
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req zone=one burst=10 nodelay;

# SSL Configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
security
headers
rate-limiting
ssl

Caching

Caching configurations for better performance

# Proxy Cache
proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;

# Cache Configuration
location / {
    proxy_cache my_cache;
    proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
    proxy_cache_valid 200 60m;
    proxy_cache_valid 404 1m;
    add_header X-Cache-Status $upstream_cache_status;
}

# Browser Caching
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 30d;
    add_header Cache-Control "public, no-transform";
}
cache
proxy-cache
browser-cache

Logging

Logging configurations and formats

# Access Log Format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';

# Error Log Format
error_log /var/log/nginx/error.log warn;

# Access Log
access_log /var/log/nginx/access.log main buffer=512k flush=1m;
logging
access-log
error-log

Variables

Common Nginx variables and their usage

VariableDescription
$hostHost name from request line or Host header
$remote_addrClient IP address
$request_uriFull original request URI
$schemeRequest scheme (http/https)
$server_nameServer name matching the request
$http_user_agentClient user agent
$http_refererReferrer URL
$request_methodHTTP request method
$statusResponse status code
variables
request
response

Categories

  • Basic Commands

    Start, stop, reload, test, and manage Nginx service.

  • Configuration Files

    Main config, includes, and site-specific configuration files.

  • Server Block Examples

    Common server block (virtual host) configuration patterns.

  • Location & Rewrite

    Location matching, URL rewriting, directory listing, and try_files.

  • Security & Optimization

    Headers, limits, access control, and performance tuning.

  • Logs & Monitoring

    Log files, log levels, and real-time monitoring.

  • Command Combos

    Powerful multi-step workflows and advanced usage patterns for real-world scenarios.

Features

  • Quick search functionality
  • Organized by categories
  • Clear command descriptions
  • Common and advanced use cases covered
  • Easy to copy commands
  • Responsive design
  • Perfect for quick reference