Nginx config generator

Produce a sensible, secure Nginx server block for a site or reverse proxy.

nginx server block
server { listen 80; listen [::]:80; server_name example.com www.example.com; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://example.com$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; return 301 https://example.com$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_stapling on; ssl_stapling_verify on; gzip on; gzip_vary on; gzip_types text/plain text/css application/json application/javascript application/xml image/svg+xml; server_tokens off; client_max_body_size 20m; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; add_header X-Content-Type-Options nosniff always; add_header X-Frame-Options SAMEORIGIN always; add_header Referrer-Policy strict-origin-when-cross-origin always; location ~ /\. { deny all; } root /var/www/example.com; index index.index.html; location / { try_files $uri $uri/ =404; } location ~* \.(?:css|js|jpg|jpeg|png|gif|ico|woff2?|svg|webp)$ { expires 30d; add_header Cache-Control "public, immutable"; } }
A production-ready starting point: TLS 1.2/1.3 with OCSP stapling, security headers, HTTP to HTTPS redirect and an ACME challenge location for renewals. Review paths and run nginx -t before reloading. Generated in your browser.

Have feedback or an idea for this tool?

Built by the ServerCake team

Cloud that speaks India.

These tools run on ServerCake infrastructure in India. When our cloud opens, you get VMs and managed databases priced in ₹, billed with GST, on India-resident infrastructure. Reserve your spot for early access.

Reserve your spot