Nginx Configuration
Generate production-grade Nginx configs for reverse proxy, TLS, load balancing, and API gateway patterns without guessing directives.
Overview
Nginx Configuration is an agent skill for the Operate phase that helps solo builders configure Nginx as a high-performance reverse proxy with SSL, load balancing, caching, and API-gateway-style routing.
Install
npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill nginx-configurationWhat is this skill?
- Covers reverse proxy, upstream load balancing, and SSL/TLS termination patterns
- Includes HTTP/2, gRPC, compression, caching, and rate-limiting guidance
- Documents URL rewriting, API gateway-style routing, and DDoS-oriented limits
- Quick-start worker/events/http block with structured logging formats
- Performance tuning themes: worker processes, epoll, connection limits
Adoption & trust: 979 installs on skills.sh; 250 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need a reliable edge server in front of your app but Nginx directive combinations for TLS, upstreams, and limits are easy to get wrong under load.
Who is it for?
Solo builders self-hosting APIs or web apps on a VPS or bare metal who want HTTPS, proxying, and basic hardening in one pass.
Skip if: Teams that already run fully managed edge/CDN platforms with no self-managed Nginx, or apps with zero HTTP ingress.
When should I use this skill?
Reverse proxy setup, load balancing, SSL/TLS termination, HTTP/2 or gRPC, caching, rate limiting, URL rewriting, or API gateway functionality.
What do I get? / Deliverables
You leave with structured, production-oriented Nginx configuration blocks and patterns you can drop into /etc/nginx and iterate with logging and tuning in place.
- nginx.conf or server block snippets
- Logging and upstream proxy patterns
- SSL, caching, and rate-limit sections ready to adapt
Recommended Skills
Journey fit
Nginx runs at the edge of live traffic—routing, TLS, and protection—so it belongs in Operate where solo builders keep production web tiers healthy. Infra is the canonical shelf for web-server and reverse-proxy configuration that sits alongside deploy and monitoring concerns.
How it compares
Use for declarative edge-server recipes instead of ad-hoc chat snippets that omit upstream health, TLS chain, and rate-limit context.
Common Questions / FAQ
Who is nginx-configuration for?
Indie and solo developers shipping web APIs, SaaS backends, or static-plus-API stacks who manage their own Nginx or want the agent to draft configs they can review and apply.
When should I use nginx-configuration?
Use it during Operate when tuning infra, at Ship when putting TLS and a reverse proxy in front of a new deploy, or at Launch when adding rate limits and caching before traffic spikes.
Is nginx-configuration safe to install?
Treat generated configs as drafts: review upstream URLs, certificate paths, and rate-limit rules before reload. Check the Security Audits panel on this Prism page before installing from an unfamiliar source.
SKILL.md
READMESKILL.md - Nginx Configuration
# Nginx Configuration ## Table of Contents - [Overview](#overview) - [When to Use](#when-to-use) - [Quick Start](#quick-start) - [Reference Guides](#reference-guides) - [Best Practices](#best-practices) ## Overview Master Nginx configuration for production-grade web servers, reverse proxies, load balancing, SSL termination, caching, and API gateway patterns with advanced performance tuning. ## When to Use - Reverse proxy setup - Load balancing between backend services - SSL/TLS termination - HTTP/2 and gRPC support - Caching and compression - Rate limiting and DDoS protection - URL rewriting and routing - API gateway functionality ## Quick Start Minimal working example: ```nginx # /etc/nginx/nginx.conf user nginx; worker_processes auto; worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 4096; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # Logging log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format upstream_time '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' // ... (see reference guides for full implementation) ``` ## Reference Guides Detailed implementations in the `references/` directory: | Guide | Contents | |---|---| | [Production Nginx Configuration](references/production-nginx-configuration.md) | Production Nginx Configuration | | [HTTPS Server with Load Balancing](references/https-server-with-load-balancing.md) | HTTPS Server with Load Balancing | | [Nginx Configuration Script](references/nginx-configuration-script.md) | Nginx Configuration Script | | [Nginx Monitoring Configuration](references/nginx-monitoring-configuration.md) | Nginx Monitoring Configuration | ## Best Practices ### ✅ DO - Use HTTP/2 for performance - Enable SSL/TLS with strong ciphers - Implement proper caching strategies - Use upstream connection pooling - Monitor with stub_status or prometheus - Rate limit to prevent abuse - Add security headers - Use least_conn load balancing - Keep error logs separate from access logs ### ❌ DON'T - Disable gzip compression - Use weak SSL ciphers - Cache authenticated responses - Allow direct access to backends - Ignore upstream health checks - Mix HTTP and HTTPS without redirect - Use default error pages in production - Cache sensitive user data #!/bin/bash # validate-api.sh - Validate API specification # Usage: ./validate-api.sh <openapi_spec> set -euo pipefail SPEC_FILE="${{1:?Usage: $0 <openapi_spec>}}" echo "Validating API spec: $SPEC_FILE" # TODO: Add API validation # - Validate OpenAPI/Swagger syntax # - Check endpoint naming conventions # - Verify response schemas # - Check for required headers # - Validate authentication definitions echo "API validation complete." # Production Nginx Configuration ## Production Nginx Configuration ```nginx # /etc/nginx/nginx.conf user nginx; worker_processes auto; worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 4096; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # Logging log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format upstream_time '$remote_addr - $remote_user [$time_local] '