DevOpsil
Nginx34 commands

Nginx Cheat Sheet

Essential Nginx commands and config patterns — virtual hosts, reverse proxy, SSL, load balancing, and troubleshooting.

Service Management

CommandDescription
sudo systemctl start nginx
Start Nginx
sudo systemctl stop nginx
Stop Nginx
sudo systemctl restart nginx
Restart Nginx
sudo systemctl reload nginx
Reload config without downtime
sudo systemctl status nginx
Check service status
sudo nginx -t
Test config syntax
sudo nginx -T
Test and dump full config

Reverse Proxy

CommandDescription
proxy_pass http://localhost:3000;
Forward requests to backend
proxy_set_header Host $host;
Pass original Host header
proxy_set_header X-Real-IP $remote_addr;
Pass client IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Forward chain of IPs
proxy_set_header X-Forwarded-Proto $scheme;
Pass protocol (http/https)
proxy_read_timeout 90s;
Set backend read timeout

SSL / TLS

CommandDescription
sudo certbot --nginx -d example.com
Get Let's Encrypt SSL cert
sudo certbot renew --dry-run
Test cert renewal
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
Set SSL certificate
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Set SSL private key
ssl_protocols TLSv1.2 TLSv1.3;
Restrict TLS versions
add_header Strict-Transport-Security "max-age=31536000";
Enable HSTS

Load Balancing

CommandDescription
upstream backend { server 127.0.0.1:3001; server 127.0.0.1:3002; }
Define upstream group
upstream backend { least_conn; server ...; }
Least connections strategy
upstream backend { ip_hash; server ...; }
Sticky sessions by IP
server 127.0.0.1:3001 weight=3;
Weighted load balancing
server 127.0.0.1:3001 max_fails=3 fail_timeout=30s;
Health check params

Logs & Debugging

CommandDescription
sudo tail -f /var/log/nginx/access.log
Follow access logs
sudo tail -f /var/log/nginx/error.log
Follow error logs
access_log /var/log/nginx/app.access.log;
Custom access log path
error_log /var/log/nginx/app.error.log warn;
Custom error log with level
curl -I http://localhost
Check response headers

Common Directives

CommandDescription
client_max_body_size 50m;
Set max upload size
gzip on; gzip_types text/plain application/json;
Enable gzip compression
add_header Cache-Control "public, max-age=31536000";
Set cache headers
return 301 https://$host$request_uri;
Redirect HTTP to HTTPS
try_files $uri $uri/ /index.html;
SPA fallback routing