Facebook Pixel

Nginx Summary and Best Practices Key Takeaways for Node.js Deployment

A comprehensive summary of Nginx best practices for deploying Node.js applications configuration, security, performance, and maintenance tips.

Nginx Summary and Best Practices

This guide summarizes everything you need to know about using Nginx for Node.js deployment.

Nginx Role in Node.js Deployment

Nginx serves as:

  1. Reverse proxy Routes traffic from port 80/443 to Node.js on port 3000
  2. SSL terminator Handles HTTPS certificates
  3. Static file server Serves React/Vue/Angular build files
  4. Load balancer Distributes traffic across multiple Node.js instances
  5. Security layer Rate limiting, security headers, DDoS protection
  6. Performance optimizer Gzip compression, caching, keep-alive

The Standard Configuration

server { listen 80; server_name yourdomain.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; # Gzip gzip on; gzip_types text/plain application/json application/javascript text/css; gzip_min_length 1000; # API proxy location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # File upload size client_max_body_size 20M; }

Best Practices Checklist

Configuration

  • Remove the default site (sudo rm /etc/nginx/sites-enabled/default)
  • Use try_files $uri $uri/ /index.html for React Router
  • Set proxy_set_header Host $host to pass the real domain
  • Set proxy_set_header X-Real-IP and X-Forwarded-For for client IP
  • Set proxy_set_header X-Forwarded-Proto for protocol awareness
  • Add WebSocket headers (Upgrade, Connection) for Socket.io
  • Set app.set('trust proxy', 1) in Express

Security

  • Set server_tokens off to hide Nginx version
  • Add security headers (HSTS, X-Frame-Options, X-Content-Type-Options, CSP)
  • Enable SSL with Let's Encrypt
  • Redirect HTTP to HTTPS (301)
  • Set rate limiting (limit_req_zone)
  • Set connection limits (limit_conn_zone)
  • Set client_max_body_size to prevent large payload attacks
  • Set short timeouts to prevent slowloris attacks
  • Block access to hidden files (location ~ /\.)

Performance

  • Enable gzip compression
  • Cache static files (expires 1y for hashed assets)
  • Set worker_processes auto and worker_connections 2048
  • Enable keep-alive connections
  • Use proxy_buffering on for API responses
  • Disable access logging for static files
  • Use HTTP/2 (listen 443 ssl http2)

Maintenance

  • Test config before reload (sudo nginx -t)
  • Use reload not restart for zero downtime
  • Set up log rotation (default is configured)
  • Monitor access and error logs
  • Set up SSL auto-renewal (certbot renew --dry-run)
  • Keep Nginx updated (sudo apt update && sudo apt upgrade)

Common Commands Cheat Sheet

# Test configuration sudo nginx -t # Reload configuration (no downtime) sudo systemctl reload nginx # Restart (brief downtime) sudo systemctl restart nginx # Check status sudo systemctl status nginx # View access logs sudo tail -f /var/log/nginx/access.log # View error logs sudo tail -f /var/log/nginx/error.log # Get SSL certificate sudo certbot --nginx -d yourdomain.com # Renew SSL sudo certbot renew --dry-run # Check all enabled sites ls /etc/nginx/sites-enabled/

Nginx + PM2 + Node.js Architecture

Internet
    ↓
Nginx (port 80/443)
- SSL termination
- Security headers
- Rate limiting
- Gzip compression
- Static files
    ↓ (proxy_pass)
PM2 (process manager)
- Keeps Node.js running
- Restarts on crash
- Cluster mode (multiple instances)
    ↓
Node.js (port 3000)
- Express app
- API routes
- Socket.io server
    ↓
MongoDB (Atlas or EC2)

When to Use What

NeedSolution
Serve React appNginx static files + try_files
Proxy API requestsNginx proxy_pass to Node.js
SSL/HTTPSLet's Encrypt + Certbot
Multiple appsServer blocks (virtual hosts)
Multiple instancesUpstream + load balancing
WebSocketUpgrade + Connection headers
Rate limitinglimit_req_zone
DDoS protectionTimeouts + body size limits
PerformanceGzip + caching + keep-alive

The Takeaway

Nginx is the front door to your Node.js application. It handles SSL, security, performance, and routing. The best practices include: proper proxy headers, security headers, SSL with Let's Encrypt, rate limiting, gzip compression, static file caching, and regular maintenance. Combined with PM2 for process management, this stack provides a production-ready deployment for any Node.js application.

Nginx serves as a reverse proxy (routes port 80/443 to Node.js on 3000), SSL terminator (handles HTTPS), static file server (React builds), load balancer (multiple Node.js instances), security layer (rate limiting, headers), and performance optimizer (gzip, caching, keep-alive).

Remove the default site, add proxy headers (Host, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, Upgrade, Connection), add security headers (HSTS, X-Frame-Options, CSP), enable SSL with Let's Encrypt, redirect HTTP to HTTPS, enable gzip, cache static files, and set rate limiting.

Always use reload (sudo systemctl reload nginx) for config changes in production. Reload applies new settings without dropping active connections. Restart stops and starts Nginx, causing a brief downtime. Always test with nginx -t before either.

Nginx receives internet traffic on port 80/443, handles SSL and security, and proxies to Node.js on port 3000. PM2 keeps the Node.js process running, restarts on crash, and can run multiple instances (cluster mode). Together they form a production-ready deployment stack.

Enable gzip compression (level 6, text types), cache static files with expires 1y and immutable, set worker_processes auto and worker_connections 2048, enable keep-alive connections, use proxy_buffering on for API responses, disable access logging for static files, and use HTTP/2 with SSL.

Ready to master Node.js completely?

Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.

Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.