Nginx Configuration Guide: From Installation to High Performance (2026 Update)

What Is Nginx and Why Use It?

Nginx (pronounced "engine-x") is a powerful, versatile web server designed for high performance, efficient resource usage, and exceptional scalability. Used for web hosting, reverse proxying, load balancing, and caching, nginx excels at handling high-traffic scenarios with minimal nginx latency and low resource consumption. Companies like Netflix and GitHub rely on nginx for their infrastructure. The capabilities of nginx help boost website SEO optimization while meeting the scalability demands of modern web services.

Nginx excels at serving static content, acting as a reverse proxy, and load balancing through its event-driven architecture. Understanding these nginx fundamentals helps you build high performance servers from scratch. This nginx documentation-based guide covers nginx best practices step by step, from basic setup to advanced nginx high load configuration and nginx tuning for production environments.

Nginx excels at serving static content, acting as a reverse proxy, and load balancing, all while minimizing resource usage. Here's how it compares to other web servers:

Step 1: Choosing the Best VPS for Nginx

A Virtual Private Server (aka VPS) - is a virtual machine, that acts as an isolated, virtual environment on a physical server, which is owned and operated by a cloud or web hosting provider.

Before diving into nginx configuration, ensure you have the right VPS to handle your needs. The nginx minimum requirements are modest, but choosing the right VPS impacts overall nginx performance and your ability to optimize nginx effectively.

Step 2: Nginx Installation and Basic Configuration

This section covers the complete nginx configuration process, from installation to basic setup. Follow these nginx best practices step by step to get nginx running on your server with optimal nginx settings.

sudo apt update
sudo apt install nginx

sudo systemctl status nginx

sudo systemctl start nginx

sudo systemctl stop nginx

sudo systemctl restart nginx

sudo systemctl reload nginx

sudo systemctl enable nginx

events {
    worker_connections 1024;  # Max simultaneous connections per worker process. You can adjust this based on traffic needs.
    }
    
http {
    sendfile on;  # Enables efficient file transfers. Leave enabled for serving static files.
    tcp_nopush on;  # Optimizes TCP packets for sending large files. Leave as is unless specific requirements suggest otherwise.
    types_hash_max_size 2048;  # Limits the maximum size of the hash table for MIME types. Usually, the default value is sufficient.
    include /etc/nginx/mime.types;  # Includes the MIME types configuration file that maps file extensions to MIME types. Leave as is.
    default_type application/octet-stream;  # Default MIME type for files that don't have a specific MIME type. Leave as is unless you need to specify something else.
    
    # SSL Settings

    ssl_protocols TLSv1.2 TLSv1.3;  # Enforces modern TLS protocols. Keep this for security purposes.
    ssl_prefer_server_ciphers on;  # Ensures the server's ciphers are preferred for secure connections. Leave as is.
    ssl_session_cache shared:SSL:10m;  # Enables caching of SSL sessions to improve performance on subsequent connections.
    ssl_session_timeout 10m;  # Sets the session cache timeout to 10 minutes. This is fine for most use cases.
    ssl_ciphers 'HIGH:!aNULL:!MD5';  # Specifies strong ciphers for SSL/TLS. Leave as is unless you need a specific set.
    
    # Security Headers

    add_header X-Content-Type-Options nosniff;  # Prevents browsers from interpreting files as a different MIME type. Keep for security.
    add_header X-Frame-Options DENY;  # Prevents the site from being displayed in iframes. Keep for security unless needed otherwise.
    add_header X-XSS-Protection "1; mode=block";  # Protects against cross-site scripting (XSS) attacks. Keep for security.
    server_tokens off;  # Hides Nginx version information. Keep as is to avoid revealing server details.
    
    # Logging Settings

    access_log /var/log/nginx/access.log;  # Defines where to log access requests. Keep unless you want to change the log location.
    error_log /var/log/nginx/error.log;  # Defines where to log error messages. Keep unless you need to change the log location.
    
    # Gzip Settings

    gzip on;  # Enables Gzip compression for better performance. Keep enabled for most sites to reduce data size.
    gzip_vary on;  # Informs proxies that the response varies based on the request's Accept-Encoding header.
    gzip_proxied any;  # Enables Gzip for all proxied requests. Keep as is unless a specific case requires modification.
    gzip_comp_level 6;  # Defines the compression level. Level 6 is a good balance between speed and compression.
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;  # Specifies file types to compress. These are common types that benefit from compression. Adjust as needed based on your site’s content.
    
    # Include virtual host configurations

    include /etc/nginx/sites-enabled/*;  # Includes all the configurations from the sites-enabled directory. Keep enabled unless you have a specific reason to disable it.
    }

Step 3: Configuring your Domain.com file

Proper domain configuration is crucial for nginx performance. This section shows you how to set up virtual hosts (server blocks) following nginx configuration best practices and implementing nginx config optimization for production environments.

sudo touch /etc/nginx/sites-available/domain.com

sudo ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/

# Redirect from IPv4 address to the domain
server {
    listen 80;
    server_name 0.0.0.0;  # Your IPv4 address
    return 301 https://domain.com$request_uri;  # Redirect to your domain.com
}

# Redirect from IPv6 address to the domain
server {
    listen [1:1:1:1:1:1:1:1]:80;  # Your IPv6 address
    return 301 https://domain.com$request_uri;  # Redirect to your domain.com
}

# Redirect from www to non-www for HTTP traffic
server {
    listen 80;
    server_name www.domain.com;  # www domain
    return 301 https://domain.com$request_uri;  # Redirect www to non-www
}

# Main server block for your domain
server {
    listen 80;
    server_name domain.com;  # Your domain name
    return 301 https://domain.com$request_uri;  # Force HTTPS
}

# Server block for handling HTTPS
server {
    listen 443 ssl http2;  # HTTPS + Enable HTTP/2 improves performance by multiplexing multiple requests over a single connection, reducing latency, and offering other benefits.
    server_name domain.com;  # Non-www domain

    ssl_certificate /etc/ssl/certificate.crt;  # Your certificate
    ssl_certificate_key /etc/ssl/private.key;   # Your private key
    ssl_trusted_certificate /etc/ssl/ca_bundle.crt;  # Your CA bundle

    root /var/www/domain.com;  # Your document root

    index index.php index;  # Ensure index.php is included

    # Error handling
    error_page 404 /404;  # Custom 404 error page
    location = /404 {
        root /var/www/domain.com;  # Location of the 404 error page
        internal;  # Marks it as internal, so users can't access it directly
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;  # Includes PHP configuration snippets
        fastcgi_pass unix:/var/run/php/php-fpm.sock;  # Pass PHP requests to PHP-FPM
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;  # Required for PHP to work correctly
        include fastcgi_params;  # Includes standard fastcgi parameters
    }

    # Cache CSS, JS, images, fonts, and HTML files for 30 days
    location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|webp|woff|woff2|ttf|eot|html)$ {
        expires 30d;
        add_header Cache-Control "public";
    }

    # Optional: Adjust client upload size if necessary
    client_max_body_size 10M;  # Set maximum upload size to 10MB - Following the Best Practices for File Uploads
}

# Server block for handling HTTPS for www
server {
    listen 443 ssl;  # HTTPS
    server_name www.domain.com;  # www domain

    ssl_certificate /etc/ssl/certificate.crt;  # Your certificate
    ssl_certificate_key /etc/ssl/private.key;   # Your private key
    ssl_trusted_certificate /etc/ssl/ca_bundle.crt;  # Your CA bundle

    return 301 https://domain.com$request_uri;  # Redirect www to non-www
}

sudo nginx -t

sudo systemctl reload nginx

Step 3*: Configure File Upload Limits (client_max_body_size)

By default, Nginx limits file uploads to just 1MB (in Step 3 - domain.com file configuration it's already set up to be 10MB). If this causes "413 Request Entity Too Large" errors when users try to upload images, documents, or media files -> let's fix this now:

# Global default (conservative)
http {
    client_max_body_size 10M;
    
    # Specific location for file uploads
    server {
        listen 80;
        server_name example.com;
        
        # Most pages use default 10Mb
        
        # API endpoint for file uploads
        location /api/upload {
            client_max_body_size 100M;
        }
        
        # Admin panel for media management
        location /admin/media {
            client_max_body_size 500M;
        }
        
        # Video upload endpoint
        location /videos/upload {
            client_max_body_size 2G;
        }
    }
}

Step 4: Configuring .htaccess File Settings

For enhanced security and performance, configure your .htaccess settings following nginx gzip configuration best practices and caching strategies to optimize nginx:

ErrorDocument 404 /404.html # Custom error page for 404 errors

AddDefaultCharset UTF-8 # Sets the default character encoding for your website to UTF-8

RewriteEngine On # This activates the mod_rewrite engine, enabling the use of URL rewrites

# Force HTTPS
RewriteCond %{HTTPS} off # This checks if the connection is not using HTTPS
RewriteRule ^(.*)$ https://domain.com$1 [L,R=301] # Redirects HTTP requests to HTTPS for a secure connection

# Redirect IPv4 address to domain
RewriteCond %{HTTP_HOST} ^0.0.0.0$ [OR] # This checks if the request is coming to your IPv4 address
RewriteRule ^(.*)$ https://domain.com$1 [L,R=301] # Redirects any requests from the IP addresses to your domain

# Optional: Redirect from www to non-www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] # This checks if the URL starts with "www." (case-insensitive)
RewriteRule ^(.*)$ https://domain.com$1 [L,R=301] # Redirects any "www" requests to the non-www version of your domain, maintaining the rest of the URL

# Gzip Compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css # Compresses HTML, plain text, XML, and CSS files for faster loading
    AddOutputFilterByType DEFLATE application/javascript application/x-javascript application/xml # Compresses JavaScript and XML files
    AddOutputFilterByType DEFLATE image/svg+xml # Compresses SVG images
    AddOutputFilterByType DEFLATE application/rss+xml application/atom_xml # Compresses RSS and Atom feeds
    AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject # Compresses font files
    BrowserMatch ^Mozilla/4 gzip-only-text/html # Prevents older browsers from using gzip compression
    BrowserMatch ^Mozilla/4\.0[678] no-gzip # Prevents older browsers from using gzip compression
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # Prevents older versions of Internet Explorer from being excluded from gzip compression
    Header append Vary User-Agent # Makes sure that compressed files are sent according to the user agent
</IfModule>

# Cache Control
<IfModule mod_expires.c>
    ExpiresActive On # Enables caching for static files

    # Default cache time
    ExpiresDefault "access plus 1 day" # Default cache time is 1 day for all files

    ExpiresByType text/css "access plus 1 day" # Cache CSS files for 1 day

    # Cache images (JPEG, PNG, GIF, WebP, SVG) for 1 year
    ExpiresByType image/jpeg "access plus 1 year" # Cache JPEG images for 1 year
    ExpiresByType image/png "access plus 1 year" # Cache PNG images for 1 year
    ExpiresByType image/gif "access plus 1 year" # Cache GIF images for 1 year
    ExpiresByType image/webp "access plus 1 year" # Cache WebP images for 1 year
    ExpiresByType image/svg+xml "access plus 1 year" # Cache SVG images for 1 year
    
    # Cache video files (MP4, WebM, OGG, Quicktime) for 1 year
    ExpiresByType video/mp4 "access plus 1 year" # Cache MP4 video files for 1 year
    ExpiresByType video/webm "access plus 1 year" # Cache WebM video files for 1 year
    ExpiresByType video/ogg "access plus 1 year" # Cache OGG video files for 1 year
    ExpiresByType video/quicktime "access plus 1 year" # Cache Quicktime video files for 1 year

    # Cache JavaScript files for 1 year
    ExpiresByType application/javascript "access plus 1 year" # Cache JavaScript files for 1 year
    ExpiresByType application/x-javascript "access plus 1 year" # Cache X-JavaScript files for 1 year

    ExpiresByType application/pdf "access plus 1 year" # Cache PDF files for 1 year

    # Cache fonts for 1 year
    ExpiresByType font/ttf "access plus 1 year" # Cache TTF font files for 1 year
    ExpiresByType font/otf "access plus 1 year" # Cache OTF font files for 1 year
    ExpiresByType font/woff "access plus 1 year" # Cache WOFF font files for 1 year
    ExpiresByType font/woff2 "access plus 1 year" # Cache WOFF2 font files for 1 year
</IfModule>

# Cache Control Headers (for browsers and CDNs)
<IfModule mod_headers.c> 
    # Cache CSS files for 1 day
    <FilesMatch "\.(css)$">
        Header set Cache-Control "max-age=86400, public" # Sets cache for CSS files to 1 day
    </FilesMatch>

    # Cache images for 1 year
    <FilesMatch "\.(jpg|svg|jpeg|png|gif|webp)$">
        Header set Cache-Control "max-age=31536000, public" # Sets cache for image files to 1 year
    </FilesMatch>
    
    # Cache video files for 1 year
    <FilesMatch "\.(mp4|webm|ogg|mov)$">
        Header set Cache-Control "max-age=31536000, public" # Sets cache for video files to 1 year
    </FilesMatch>

    # Cache JavaScript files for 1 year
    <FilesMatch "\.(js)$">
        Header set Cache-Control "max-age=31536000, public" # Sets cache for JavaScript files to 1 year
    </FilesMatch>

    # Cache PDFs for 1 year
    <FilesMatch "\.(pdf)$">
        Header set Cache-Control "max-age=31536000, public" # Sets cache for PDF files to 1 year
    </FilesMatch>

    # Cache fonts for 1 year
    <FilesMatch "\.(ttf|otf|woff|woff2)$">
        Header set Cache-Control "max-age=31536000, public" # Sets cache for font files to 1 year
    </FilesMatch>
</IfModule>

# The Strict-Transport-Security (HSTS) header is a critical security feature for websites served over HTTPS.
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Ensures HTTPS is enforced for all subdomains for 1 year
</IfModule>

Replace 0.0.0.0 with your actual IPv4 address. You can find it using the ifconfig or ip a command, or check your server details.

Ensure your DNS settings point to the correct IP address for your domain. You can configure DNS settings via your hosting provider's dashboard.

Step 5: Robots TXT File Example

Ensure your site is SEO-friendly by configuring your robots.txt file:

User-agent: *
Disallow: /private/
Allow: /public/
Sitemap: https://domain.com/sitemap.xml

Step 6: XML Sitemap Example

Before requesting indexing for your site, ensure your sitemap file is the last item you create, confirming all settings and pages are complete. Here's an example of how to format your sitemap for optimal search engine indexing:

<?xml version="1.0" encoding="UTF-8"?> <!-- XML declaration -->
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1" xmlns:video="http://www.google.com/schemas/sitemap-video/1.1" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"> <!-- URL Set Declaration -->
<!-- Created with Free Online Sitemap Generator www.xml-sitemaps.com --> <!-- Sitemap Generator Comment -->

<url> <!-- Start URL entry -->
<loc>https://domain.com/</loc> <!-- Homepage URL -->
<lastmod>2024-08-13T12:36:05+00:00</lastmod> <!-- Last Modified Date -->
<priority>1.00</priority> <!-- Priority = 1.00 for the main page ONLY -->
</url> <!-- End URL entry -->

<url> <!-- Start another URL entry -->
<loc>https://domain.com/page1</loc> <!-- Page 1 URL -->
<lastmod>2024-10-24T04:19:18+00:00</lastmod> <!-- Last Modified Date -->
<priority>0.80</priority> <!-- Priority = 0.8-0.9 for Important pages like Services, Categories -->
<changefreq>monthly</changefreq> <!-- Change Frequency from never, yearly, monthly, weekly... -->
<image:image> <!-- Start Image -->
<image:loc>https://domain.com/images/image1.webp</image:loc> <!-- Image Location -->
<image:caption>image_caption_text_here</image:caption> <!-- Image Caption -->
<image:title>Image_title_goes_here</image:title> <!-- Image Title -->
</image:image> <!-- End Image -->
</url> <!-- End URL entry -->

<url> <!-- Start another URL entry -->
<loc>https://domain.com/page2</loc> <!-- Page 2 URL -->
<lastmod>2024-08-04</lastmod> <!-- Last Modified Date -->
<priority>0.6-0.7</priority> <!-- Priority = 0.6-0.7 for frequently updated pages like blog articles -->
<changefreq>monthly</changefreq> <!-- Change Frequency ... till daily, hourly, always for live news -->
</url> <!-- End URL entry -->

<!-- Add more URLs here for other pages --> <!-- Comment for adding more URLs -->
</urlset> <!-- End URL Set -->

Frequently Asked Questions About Nginx Configuration

How do I optimize nginx for high traffic?

To optimize nginx for high traffic, increase worker_connections (2048+), enable HTTP/2, implement FastCGI caching, use gzip compression, optimize buffer sizes, and configure proper timeout settings. This nginx high load configuration approach ensures minimal nginx latency. Monitor your server resources and adjust nginx settings based on actual traffic patterns for continuous nginx performance tuning.

What are the nginx minimum requirements?

Nginx minimum requirements are modest: 512MB RAM, 1 CPU core, and 10GB storage. However, for production environments requiring nginx performance and proper nginx sizing, we recommend at least 1GB RAM, 2 CPU cores, and SSD storage for optimal operation.

Where is the nginx config file located?

The main nginx config file location is /etc/nginx/nginx.conf. Virtual host configurations are typically stored in /etc/nginx/sites-available/ and enabled via symlinks in /etc/nginx/sites-enabled/. Understanding these file locations is essential for nginx configuration management.

How do I enable HTTP/2 in nginx?

To enable nginx HTTP/2, add http2 to your listen directive: listen 443 ssl http2;. HTTP/2 requires SSL/TLS, so ensure you have valid certificates configured following nginx TLS best practices 2024. This significantly improves nginx performance for modern browsers and helps speed up nginx response times.

What are nginx best practices for security?

Nginx security best practices include: hiding version numbers (server_tokens off), implementing rate limiting, using modern TLS protocols only (TLSv1.2+) following nginx ssl_prefer_server_ciphers best practice 2024, adding security headers (X-Frame-Options, CSP), enabling HSTS, regular updates, and proper log monitoring. Follow this nginx hardening guide for comprehensive security and review nginx security tips regularly.

How do I check my nginx configuration for errors?

Use sudo nginx -t to test your nginx configuration for syntax errors before applying changes. This command validates your config files and reports any issues, providing essential nginx help during configuration. Always test before reloading with sudo systemctl reload nginx to ensure nginx config best practices.

How can I improve nginx performance?

Improve nginx performance through: worker process optimization, enabling compression using nginx gzip configuration best practices, implementing caching (FastCGI, browser), optimizing buffer sizes including client_max_body_size, using HTTP/2, setting proper timeouts, serving static content efficiently, and implementing a CDN. Regular nginx performance tuning and nginx tuning based on traffic analysis is essential for nginx optimization.

What is the best client_max_body_size setting?

It depends on your use case: 10Mb for basic sites, 64MB-100MB for WordPress, 500MB-2Gb for video platforms. See our complete client_max_body_size configuration guide in Step 3* for detailed recommendations and code examples.

What's the difference between nginx and Apache?

Nginx uses an event-driven architecture with lower resource usage and better nginx performance for static content and high concurrency, making it ideal when you need to optimize nginx. Apache uses a process-driven model, better for dynamic content and .htaccess support. Nginx requires direct nginx configuration file edits, while Apache allows per-directory .htaccess files. For high performance servers, nginx typically offers better nginx latency characteristics.

Conclusion: Mastering Nginx Configuration for Peak Performance

This comprehensive nginx guide has covered everything from basic installation to advanced nginx optimization techniques. By following these nginx best practices and implementing proper nginx configuration, you can build a high-performance, secure web server capable of handling significant traffic with minimal nginx latency.

Whether you're running a small business site or preparing to optimize nginx for high traffic applications with nginx high load configuration, this guide provides the foundation for successful nginx deployment. Remember to continually monitor performance, adjust nginx settings based on real-world usage following this nginx sizing guide, and stay updated with the latest nginx documentation and security advisories.

For those building nginx fundamentals high performance servers from scratch, this nginx configuration guide offers a complete roadmap from understanding nginx minimum requirements and nginx sizing to implementing advanced nginx tuning and nginx config optimization strategies. Follow these nginx best practices step by step for optimal results.