Nginx Cheatsheet

This cheatsheet provides a comprehensive and practical reference for Nginx commands and configuration. It covers basic commands, configuration files, server blocks, location & rewrite, security, logs, command combos, and more. Use it to boost your productivity in web server management and automation.

access-log
browser-cache
cache
configuration
error-log
headers
http2
https
ip-hash
load-balancing
logging
proxy
proxy-cache
rate-limiting
request
response
security
server
service
ssl
systemctl
upgrade
upstream
variables
websocket
weight

Basic Commands

Essential Nginx commands for service management and configuration

# Service Management sudo systemctl status nginx # Check service status sudo systemctl start nginx # Start service sudo systemctl stop nginx # Stop service sudo systemctl restart nginx # Restart service sudo systemctl reload nginx # Reload configuration # Configuration nginx -t # Test configuration syntax nginx -T # Show full configuration nginx -V # Show version and build options
service
systemctl
configuration

Server Blocks

Basic server block configurations for different scenarios

# Basic HTTP Server server { listen 80; server_name example.com; root /var/www/html; location / { try_files $uri $uri/ =404; } } # HTTPS Server server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/nginx/ssl/example.com.crt; ssl_certificate_key /etc/nginx/ssl/example.com.key; # SSL Configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers off; # HSTS add_header Strict-Transport-Security "max-age=63072000" always; }
server
ssl
https
http2

Reverse Proxy

Common reverse proxy configurations for various applications

# Basic Reverse Proxy location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } # WebSocket Support location /ws { proxy_pass http://localhost:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; }
proxy
websocket
upgrade

Load Balancing

Different load balancing methods and configurations

# Basic Load Balancing upstream backend { server backend1.example.com:8080; server backend2.example.com:8080; server backend3.example.com:8080; } # Weighted Load Balancing upstream backend { server backend1.example.com:8080 weight=3; server backend2.example.com:8080 weight=2; server backend3.example.com:8080 weight=1; } # IP Hash Load Balancing upstream backend { ip_hash; server backend1.example.com:8080; server backend2.example.com:8080; server backend3.example.com:8080; }
load-balancing
upstream
weight
ip-hash

Security

Security-related configurations and best practices

# Security Headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; # Rate Limiting limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req zone=one burst=10 nodelay; # SSL Configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
security
headers
rate-limiting
ssl

Caching

Caching configurations for better performance

# Proxy Cache proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off; # Cache Configuration location / { proxy_cache my_cache; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_cache_valid 200 60m; proxy_cache_valid 404 1m; add_header X-Cache-Status $upstream_cache_status; } # Browser Caching location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 30d; add_header Cache-Control "public, no-transform"; }
cache
proxy-cache
browser-cache

Logging

Logging configurations and formats

# Access Log Format log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # Error Log Format error_log /var/log/nginx/error.log warn; # Access Log access_log /var/log/nginx/access.log main buffer=512k flush=1m;
logging
access-log
error-log

Variables

Common Nginx variables and their usage

VariableDescription
$hostHost name from request line or Host header
$remote_addrClient IP address
$request_uriFull original request URI
$schemeRequest scheme (http/https)
$server_nameServer name matching the request
$http_user_agentClient user agent
$http_refererReferrer URL
$request_methodHTTP request method
$statusResponse status code
variables
request
response

Categories

  • Basic Commands

    Start, stop, reload, test, and manage Nginx service.

  • Configuration Files

    Main config, includes, and site-specific configuration files.

  • Server Block Examples

    Common server block (virtual host) configuration patterns.

  • Location & Rewrite

    Location matching, URL rewriting, directory listing, and try_files.

  • Security & Optimization

    Headers, limits, access control, and performance tuning.

  • Logs & Monitoring

    Log files, log levels, and real-time monitoring.

  • Command Combos

    Powerful multi-step workflows and advanced usage patterns for real-world scenarios.

Features

  • Quick search functionality
  • Organized by categories
  • Clear command descriptions
  • Common and advanced use cases covered
  • Easy to copy commands
  • Responsive design
  • Perfect for quick reference