OpenSkillIndex← back to search
claude-code

Skillshub nginx

Nginx

install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/TerminalSkills/skills/nginx" ~/.claude/skills/comeonoliver-skillshub-nginx && rm -rf "$T"
manifest: skills/TerminalSkills/skills/nginx/SKILL.md
source content

Nginx

Overview

Nginx is a high-performance web server and reverse proxy that serves static files, proxies requests to application servers, load balances across backends, terminates TLS, and caches responses. It handles thousands of concurrent connections with minimal resource usage through an event-driven, non-blocking architecture.

Instructions

  • When configuring server blocks, define virtual hosts with 
    server_name
    for domain matching and 
    listen
    for ports, using separate blocks for HTTP (port 80, redirect to HTTPS) and HTTPS (port 443 with SSL and HTTP/2).
  • When setting up reverse proxying, use 
    proxy_pass
    to forward to upstream servers and set 
    proxy_set_header
    for Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto to preserve client information.
  • When load balancing, define 
    upstream
    blocks with multiple servers and choose the strategy: round-robin (default), 
    least_conn
    , 
    ip_hash
    for sticky sessions, or weighted distribution.
  • When configuring TLS, set modern protocols (
    TLSv1.2 TLSv1.3
    ), enable 
    ssl_stapling
    and session caching, and integrate with Let's Encrypt via certbot for automatic certificate renewal.
  • When serving static files, enable 
    gzip
    compression for text-based content, set 
    expires 1y
    for hashed assets, use 
    sendfile on
    for efficient transfer, and 
    try_files
    for SPA fallback routing.
  • When adding security, set headers (X-Frame-Options, X-Content-Type-Options, HSTS, CSP) and configure rate limiting with 
    limit_req_zone
    to prevent abuse.

Examples

Example 1: Set up Nginx as reverse proxy with TLS for a Node.js app

User request: "Configure Nginx with HTTPS to proxy to my Node.js API on port 3000"

Actions:

  1. Create a server block listening on port 443 with SSL certificate paths and HTTP/2
  2. Configure 
    proxy_pass http://localhost:3000
    with proper header forwarding
  3. Add a port 80 server block that redirects all HTTP to HTTPS
  4. Enable ssl_stapling, session caching, and modern cipher suites

Output: An Nginx configuration with TLS termination, HTTP-to-HTTPS redirect, and reverse proxy to the Node.js app.

Example 2: Configure load balancing with health checks

User request: "Load balance across three API servers with failover"

Actions:

  1. Define an 
    upstream
    block with three backend servers and 
    least_conn
    strategy
  2. Set 
    max_fails=3 fail_timeout=30s
    for automatic health checking
  3. Add a 
    backup
    server that activates only when primary servers are down
  4. Configure proxy caching for GET requests to reduce backend load

Output: A load-balanced setup with automatic failover, health checks, and response caching.

Guidelines

  • Use 
    server_name
    with specific domains; avoid the 
    _
    catch-all in production for security.
  • Always redirect HTTP to HTTPS with 
    return 301 https://$host$request_uri
    on the port 80 block.
  • Set security headers on every server block using an included snippet file for consistency.
  • Use 
    try_files
    for SPA routing instead of 
    rewrite
    since it is faster and more explicit.
  • Rate-limit API endpoints with 
    limit_req zone=api burst=20 nodelay
    to prevent abuse without affecting normal traffic.
  • Cache static assets aggressively: 
    expires 1y
    for hashed filenames and 
    expires 1h
    for HTML.
  • Always test config before reload: 
    nginx -t && nginx -s reload
    to prevent downtime from syntax errors.