This page provides a practical minimal NGINX baseline for current Debian and RHEL systems.
/etc/nginx/nginx.conf
/etc/nginx/sites-available/*.conf
/etc/nginx/sites-enabled/*.conf
/etc/nginx/nginx.conf
/etc/nginx/conf.d/*.conf
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/public;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/example-access.log;
error_log /var/log/nginx/example-error.log warn;
}
upstream app_backend {
server 127.0.0.1:3000;
keepalive 32;
}
server {
listen 80;
server_name example.com;
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://app_backend;
}
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
root /var/www/example.com/public;
}
try_files: Prevents unintended path fallback behavior.proxy_set_header: Preserves client/request metadata for upstream apps.upstream keepalive: Reduces backend connection churn.ssl + HSTS header: baseline HTTPS security posture.Validate syntax before reload:
sudo nginx -t
Apply changes:
sudo systemctl reload nginx
Check service status:
sudo systemctl status nginx
nginx -t before deploy/reload in CI/CD.For Linux DevOps professionals managing high-traffic deployments, consider these performance optimizations:
worker_processes to match the number of CPU coresworker_connections to handle more concurrent connectionsworker_rlimit_nofile to increase file descriptor limitsclient_body_buffer_size, client_header_buffer_size, and large_client_header_buffersproxy_buffer_size, proxy_buffers, and proxy_busy_buffers_size for reverse proxy setupsgzip compression to reduce bandwidth usageexpires headers for static assetsproxy_cache_path for efficient cachingkeepalive_timeout and keepalive_requests for connection reusetcp_nodelay and tcp_nopush for improved TCP performancesendfile and aio for efficient file serving