Nginx Config Generator
Generate production-ready Nginx server blocks with upstream blocks, QUIC/HTTP3, tarpit, rate limiting, and modern TLS best practices.
SSL / TLS
Reverse Proxy
Security Headers
Access Control
Performance & Caching
Timeouts & Buffers
About This Tool
Generate production-ready Nginx server block configurations with a visual builder. Select the features you need and get a complete configuration file you can copy directly to your server.
Features
6 presets — Static, Reverse Proxy, SPA, PHP-FPM, API Server, Hardened
Upstream blocks — Named upstream with load balancing (round-robin, least connections, IP hash), keepalive connections, and multiple backend servers
Modern SSL/TLS — QUIC/HTTP3, OCSP stapling, 0-RTT early data, strong cipher suites, session tickets off, HSTS preload
Access control — Rate limiting with burst, block hidden files, block exploit paths (wp-admin, phpMyAdmin), tarpit slow responses
Security headers — X-Frame-Options, XCTO, Referrer-Policy, Permissions-Policy, COOP/CORP/COEP, basic CSP with link to CSP Policy Builder
Performance — Gzip, Brotli, static asset caching, open file cache, proxy buffering
Reverse proxy — WebSocket support, proxy headers, keepalive, buffering options
How to Use
- Start with a preset that matches your use case
- Customize domain, root path, and SSL certificate paths
- Enable QUIC/HTTP3, OCSP stapling, and modern TLS options
Configure access control: rate limiting, blocked paths, and tarpit
- Toggle security headers and performance optimizations
Copy the generated configuration and place it in your Nginx sites directory
Learn More
These blog posts provide detailed guides on the features available in this generator:
Enabling QUIC/HTTP3 in Nginx — Configure HTTP/3 and QUIC transport protocol
Implementing a Tarpit in Nginx — Slow down attackers and scanners
Implementing CSP in Nginx — Content Security Policy configuration
Secure Nginx with Client Certificates — Mutual TLS authentication