What should a complete Nginx production config include?
HTTP to HTTPS redirect, SSL with TLSv1.2/1.3, security headers (HSTS, X-Frame-Options, CSP), rate limiting, gzip compression, static file caching with immutable, proxy headers (Host, X-Real-IP, X-Forwarded-For), WebSocket support (Upgrade, Connection), keep-alive, HTTP/2, appropriate timeouts, blocked hidden files, and worker_processes auto with 2048 connections.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Nginx Config Best Practices and Summary Complete Configuration Guide
Test before reload (nginx -t), use reload not restart (zero downtime), back up before changes, version-control config files, set server_tokens off, enable gzip and caching, add security headers, set rate limiting, block hidden files, and use HTTP/2 with SSL.
Create separate server blocks: one for api.yourdomain.com (proxy_pass to Node.js on port 3000) and one for yourdomain.com (root pointing to the React build directory with try_files for client-side routing). Add SSL for both and an HTTP to HTTPS redirect.
Add a /socket.io/ location block with proxy_http_version 1.1, proxy_set_header Upgrade $http_upgrade, proxy_set_header Connection 'upgrade', and proxy_read_timeout 86400s. If using load balancing, add ip_hash to the upstream block for sticky sessions.
Still have questions?
Browse all our FAQs or reach out to our support team
