Config Syntax Reference

Learning Focus

Leave this lesson with a working understanding of config syntax reference that you can apply immediately in production.

Complete directive reference for the most common Nginx configuration needs.

nginx.conf — Core Template

/etc/nginx/nginx.conf
user                    www-data;
worker_processes        auto;
worker_rlimit_nofile    65535;
pid                     /run/nginx.pid;

events {
  worker_connections    1024;
  multi_accept          on;
  use                   epoll;
}

http {
  include               /etc/nginx/mime.types;
  default_type          application/octet-stream;

  log_format main '$remote_addr [$time_local] "$request" $status $body_bytes_sent $request_time';
  access_log  /var/log/nginx/access.log main;
  error_log   /var/log/nginx/error.log  warn;

  sendfile              on;
  tcp_nopush            on;
  tcp_nodelay           on;
  keepalive_timeout     65;
  server_tokens         off;

  gzip                  on;
  gzip_types            text/plain text/css application/json application/javascript
                        text/xml image/svg+xml;
  gzip_min_length       1024;
  gzip_vary             on;

  client_max_body_size       64m;
  client_body_buffer_size    128k;

  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

Server Block — Full Template

/etc/nginx/conf.d/example.com.conf
server {
  listen      80;
  server_name example.com www.example.com;
  return 301  https://$host$request_uri;
}

server {
  listen              443 ssl http2;
  server_name         example.com www.example.com;

  ssl_certificate         /etc/ssl/certs/example.com.crt;
  ssl_certificate_key     /etc/ssl/private/example.com.key;
  ssl_protocols           TLSv1.2 TLSv1.3;
  ssl_session_cache       shared:SSL:10m;
  ssl_session_timeout     10m;
  ssl_stapling            on;

  root  /var/www/example.com/public;
  index index.php index.html;

  access_log /var/log/nginx/example.com.access.log main;
  error_log  /var/log/nginx/example.com.error.log  warn;

  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  add_header X-Frame-Options           "SAMEORIGIN"                          always;
  add_header X-Content-Type-Options    "nosniff"                             always;

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    try_files     $uri =404;
    include       fastcgi.conf;
    fastcgi_pass  unix:/run/php/php8.4-fpm.sock;
  }

  location ~* \.(css|js|png|jpg|jpeg|gif|ico|webp|svg|woff|woff2)$ {
    expires    1y;
    add_header Cache-Control "public, immutable";
    access_log off;
  }

  location ~* \.(env|log|ini|bak|sql|sh)$ { deny all; }
  location ~ /\.                           { deny all; }
}

Location Matching Priority

location = /exact       { }   # Exact — highest priority
location ^~ /prefix/    { }   # Prefix — stops regex search
location ~ \.php$       { }   # Case-sensitive regex
location ~* \.(jpg|png) { }   # Case-insensitive regex
location /fallback/     { }   # Regular prefix
location /              { }   # Catch-all — lowest priority

Directive Quick Reference

HTTP Context

Directive	Example	Purpose
`sendfile`	`on`	Kernel file sending
`tcp_nopush`	`on`	Batch headers + body
`keepalive_timeout`	`65`	Keep-alive seconds
`gzip`	`on`	Enable compression
`server_tokens`	`off`	Hide Nginx version
`client_max_body_size`	`64m`	Max upload size

Server Context

Directive	Example	Purpose
`listen`	`443 ssl http2`	Port + SSL + HTTP/2
`server_name`	`example.com`	Matched hostnames
`root`	`/var/www/site/public`	Document root
`ssl_certificate`	`/etc/ssl/certs/...`	TLS cert file
`ssl_protocols`	`TLSv1.2 TLSv1.3`	Allowed TLS versions
`return`	`301 https://...`	Redirect
`add_header`	`X-Frame-Options SAMEORIGIN`	Response header

Location / Proxy Context

Directive	Example	Purpose
`try_files`	`$uri $uri/ =404`	File fallback chain
`proxy_pass`	`http://127.0.0.1:3000`	Upstream proxy
`fastcgi_pass`	`unix:/run/php/...`	PHP-FPM pass
`expires`	`1y`	Browser cache
`deny all`		Block access
`allow`	`192.168.1.0/24`	Allow IP range
`proxy_set_header Host`	`$host`	Forward hostname
`proxy_set_header X-Real-IP`	`$remote_addr`	Real client IP
`proxy_read_timeout`	`60s`	Read timeout

Built-In Variables

Variable	Value
`$host`	Request Host header
`$remote_addr`	Client IP
`$scheme`	`http` or `https`
`$request_uri`	Full URI with query string
`$uri`	URI path only
`$args`	Query string
`$document_root`	Current `root` value
`$fastcgi_script_name`	PHP script path
`$http_upgrade`	`Upgrade` header value
`$request_time`	Total request time (s)
`$upstream_response_time`	Backend response time
`$upstream_cache_status`	`HIT`, `MISS`, `BYPASS`

nginx.conf — Core Template​

Server Block — Full Template​

Location Matching Priority​

Directive Quick Reference​

HTTP Context​

Server Context​

Location / Proxy Context​

Built-In Variables​