OpenSkillIndex← back to search
claude-codeops

Claude-skill-registry nginx

Nginx ops skill for configuring and operating Nginx as reverse proxy, web server, and ingress layer. Use for tasks like writing safe nginx.conf/server blocks, TLS, HTTP/2, caching, rate limiting, load balancing, observability, and troubleshooting 4xx/5xx, timeouts, and performance issues.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/Nginx" ~/.claude/skills/majiayu000-claude-skill-registry-nginx && rm -rf "$T"
manifest: skills/data/Nginx/SKILL.md
tags
#nginx#ops#reverse-proxy#load-balancing#security#configuration
source content

nginx

Use this skill for Nginx 配置、发布与故障排查(ops)。

Defaults / assumptions to confirm

  • Nginx distribution and version (open source vs Plus)
  • Deployment: bare metal/VM, Docker, or Kubernetes ingress-controller
  • TLS termination location and certificate management
  • Upstream architecture (services, ports, health endpoints)

Workflow

  1. Understand traffic and requirements
  • Domains, paths, upstream services, expected QPS.
  • Timeouts, max upload size, websocket needs.
  • Caching requirements and security constraints.
  1. Safe baseline config
  • Use explicit 
    server_name
    , 
    listen
    , and 
    default_server
    strategy.
  • Set 
    client_max_body_size
    intentionally.
  • Configure 
    proxy_*
    headers correctly (Host, X-Forwarded-For, X-Request-Id).
  • Define 
    error_page
    handling and static error responses if needed.
  1. TLS / security
  • Use modern TLS settings; disable legacy protocols/ciphers.
  • Enable HSTS where appropriate.
  • Add basic security headers if not handled elsewhere.
  • Rate limit sensitive endpoints (login, OTP) with 
    limit_req
    .
  1. Performance
  • Enable gzip/brotli if appropriate.
  • Tune keepalive, buffers, and timeouts.
  • Use upstream keepalive and connection reuse.
  • Avoid expensive regex locations on hot paths.
  1. Load balancing & resilience
  • Use upstreams with health checks (where available) and failover settings.
  • Configure retries carefully to avoid retry storms.
  • Support websocket upgrade when needed.
  1. Observability
  • Access log format with request_id, upstream_time, status, bytes, user agent.
  • Error log level appropriate for production.
  • Export metrics if using nginx-prometheus-exporter or ingress metrics.
  1. Troubleshooting checklist
  • 4xx: routing, auth, body size, CORS, client IP headers.
  • 5xx: upstream failures, timeouts, DNS issues, connection limits.
  • Timeouts: 
    proxy_read_timeout
    , upstream latency, buffer/backpressure.
  • Performance: worker processes, file descriptors, CPU, TLS overhead.

Outputs

  • Proposed config snippets with rationale.
  • Rollout plan (test config, reload vs restart, rollback steps).
  • Debug report (symptom → evidence → root cause → fix).