Nginx powers over 30% of all websites, but its configuration syntax — nested blocks, semicolons, regex locations — is unforgiving. A missing semicolon breaks the entire config. A generator builds valid Nginx configurations from your requirements: reverse proxy, SSL, static files, caching, and security headers.
What Is Nginx Config Generator?
An Nginx config generator provides a form-based interface for building nginx.conf server blocks. You specify the domain, upstream application, SSL certificate paths, caching rules, security headers, and redirect rules. The tool generates valid Nginx configuration with comments explaining each directive.
How to Use Nginx Config Generator on DevToolHub
- Open the Nginx Config Generator tool on DevToolHub — no signup required.
- Enter your domain name and listen port (80, 443, or both).
- Configure the upstream (reverse proxy to your app on port 3000, 8080, etc.).
- Set SSL certificate and key paths for HTTPS.
- Add security headers (HSTS, CSP, X-Frame-Options).
- Configure caching rules for static assets.
- Export the complete Nginx server block.
Reverse Proxy with SSL
The most common setup — proxy to a Node.js app with HTTPS:
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}The first block redirects HTTP→HTTPS. The second proxies to your app with WebSocket support (Upgrade headers).
Static Asset Caching
Cache images, CSS, and JS for one year:
location ~* \.(jpg|jpeg|png|gif|ico|svg|webp)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
location ~* \.(css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
location ~* \.(woff|woff2|ttf|otf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header Access-Control-Allow-Origin *;
}The immutable directive tells browsers not to revalidate — combined with hashed filenames, this eliminates unnecessary requests.
Security Headers
Comprehensive security header configuration:
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:;" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;Each header prevents a specific attack vector: clickjacking (X-Frame-Options), MIME sniffing (X-Content-Type-Options), and XSS (CSP).
Pro Tips
- Test configs before reload — run
nginx -tto validate syntax beforenginx -s reload. - Use include files — split configs into
/etc/nginx/conf.d/*.conffiles instead of one massive nginx.conf. - Enable gzip —
gzip on; gzip_types text/css application/javascript;reduces transfer sizes by 60-80%. - Log separately — set
access_loganderror_logper server block for easier debugging.
When You Need This
- Setting up reverse proxy for Node.js, Python, or Go applications
- Configuring SSL/HTTPS with Let's Encrypt certificates
- Optimizing static asset delivery with caching headers
- Hardening web server security for production deployments
Free Tools Mentioned in This Article