🔧 Feature 🔍 Description 🧩 Config Addition
HTTPS (SSL) Secure your site Use listen 443 ssl; and set ssl_certificate, ssl_certificate_key
Redirect HTTP to HTTPS Force all traffic to HTTPS Add a separate server block listening on port 80 with return 301 https://$host$request_uri;
Compression Speed up loading gzip on; and related settings
Caching Static Files Browser caching for performance expires 30d; add_header Cache-Control ...; in location /static/
Logging Track access and errors access_log and error_log directives
Custom Error Pages Better UX on errors error_page 404 /404.html; etc.
Security Headers Prevent XSS, etc. add_header for CSP, X-Frame-Options, etc.
Rate Limiting Prevent abuse Use limit_req_zone and limit_req
Basic Authentication Password protection Use auth_basic and auth_basic_user_file
Load Balancing Distribute traffic Upstream block + multiple proxy_pass targets
FastCGI (PHP) Run PHP apps Use fastcgi_pass and PHP-FPM socket
WebSocket Support Real-time apps Add headers for Upgrade and Connection in proxy

HTTPS:

To secure your website using encryption and proctect data in transit:

server{
listen 443 ssl;
server_name example.com;

ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certification_key /etc/ssl/private/example.com.key;

root /var/www/myproject;
index index.html;

location / {
try_file $uri $uri/=404;
}
}

Redirect HTTP to HTTPS

To ensure everyone visits your site securely via https:// instead of http://

server{
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server{
listen 443 ssl;
server_name elocalhost;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.come/privkey.pem;
location /{
root /var/ww/myproject;
index index.html;
}
}

Confirmed: This redirect is mandatory if:

Compression-gzip

to reduce the size of file sent to the browser making webite load faster,sepcially over slow connections

http {
    gzip on;
    gzip_disable "msie6";  # Optional: disable for old browsers

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;              # Compression level (1–9)
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}

Add this inside your http block (usually in nginx.conf, not inside a server block): not in server block but nginx.config


user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    ##
    # Basic Settings
    ##
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Gzip Compression
    ##
    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types
        text/plain
        text/css
        application/json
        application/javascript
        text/xml
        application/xml
        application/xml+rss
        text/javascript;

    ##
    # Logging
    ##
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Virtual Host (Example Server Block)
    ##
    server {
        listen 80;
        server_name yourdomain.com www.yourdomain.com;

        root /var/www/yourdomain;
        index index.html index.htm;

        location / {
            try_files $uri $uri/ =404;
        }
    }
}

cashing static files