| 🔧 Feature | 🔍 Description | 🧩 Config Addition |
|---|---|---|
| HTTPS (SSL) | Secure your site | Use listen 443 ssl; and set ssl_certificate, ssl_certificate_key |
| Redirect HTTP to HTTPS | Force all traffic to HTTPS | Add a separate server block listening on port 80 with return 301 https://$host$request_uri; |
| Compression | Speed up loading | gzip on; and related settings |
| Caching Static Files | Browser caching for performance | expires 30d; add_header Cache-Control ...; in location /static/ |
| Logging | Track access and errors | access_log and error_log directives |
| Custom Error Pages | Better UX on errors | error_page 404 /404.html; etc. |
| Security Headers | Prevent XSS, etc. | add_header for CSP, X-Frame-Options, etc. |
| Rate Limiting | Prevent abuse | Use limit_req_zone and limit_req |
| Basic Authentication | Password protection | Use auth_basic and auth_basic_user_file |
| Load Balancing | Distribute traffic | Upstream block + multiple proxy_pass targets |
| FastCGI (PHP) | Run PHP apps | Use fastcgi_pass and PHP-FPM socket |
| WebSocket Support | Real-time apps | Add headers for Upgrade and Connection in proxy |
HTTPS:
To secure your website using encryption and proctect data in transit:
server{
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certification_key /etc/ssl/private/example.com.key;
root /var/www/myproject;
index index.html;
location / {
try_file $uri $uri/=404;
}
}
Redirect HTTP to HTTPS
To ensure everyone visits your site securely via https:// instead of http://
server{
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server{
listen 443 ssl;
server_name elocalhost;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.come/privkey.pem;
location /{
root /var/ww/myproject;
index index.html;
}
}
https://Compression-gzip
to reduce the size of file sent to the browser making webite load faster,sepcially over slow connections
http {
gzip on;
gzip_disable "msie6"; # Optional: disable for old browsers
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6; # Compression level (1–9)
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}
Add this inside your http block (usually in nginx.conf, not inside a server block):
not in server block but nginx.config
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Gzip Compression
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
text/plain
text/css
application/json
application/javascript
text/xml
application/xml
application/xml+rss
text/javascript;
##
# Logging
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Virtual Host (Example Server Block)
##
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/yourdomain;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
}
cashing static files