Skills nginx

install

source · Clone the upstream repo

git clone https://github.com/TerminalSkills/skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/TerminalSkills/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/nginx" ~/.claude/skills/terminalskills-skills-nginx && rm -rf "$T"

manifest: skills/nginx/SKILL.md

source content

Nginx

Overview

Nginx is a high-performance web server and reverse proxy that serves static files, proxies requests to application servers, load balances across backends, terminates TLS, and caches responses. It handles thousands of concurrent connections with minimal resource usage through an event-driven, non-blocking architecture.

Instructions

When configuring server blocks, define virtual hosts with
```
server_name
```
for domain matching and
```
listen
```
for ports, using separate blocks for HTTP (port 80, redirect to HTTPS) and HTTPS (port 443 with SSL and HTTP/2).
When setting up reverse proxying, use
```
proxy_pass
```
to forward to upstream servers and set
```
proxy_set_header
```
for Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto to preserve client information.
When load balancing, define
```
upstream
```
blocks with multiple servers and choose the strategy: round-robin (default),
```
least_conn
```
,
```
ip_hash
```
for sticky sessions, or weighted distribution.
When configuring TLS, set modern protocols (
```
TLSv1.2 TLSv1.3
```
), enable
```
ssl_stapling
```
and session caching, and integrate with Let's Encrypt via certbot for automatic certificate renewal.
When serving static files, enable
```
gzip
```
compression for text-based content, set
```
expires 1y
```
for hashed assets, use
```
sendfile on
```
for efficient transfer, and
```
try_files
```
for SPA fallback routing.
When adding security, set headers (X-Frame-Options, X-Content-Type-Options, HSTS, CSP) and configure rate limiting with
```
limit_req_zone
```
to prevent abuse.

Examples

Example 1: Set up Nginx as reverse proxy with TLS for a Node.js app

User request: "Configure Nginx with HTTPS to proxy to my Node.js API on port 3000"

Actions:

Create a server block listening on port 443 with SSL certificate paths and HTTP/2
Configure
```
proxy_pass http://localhost:3000
```
with proper header forwarding
Add a port 80 server block that redirects all HTTP to HTTPS
Enable ssl_stapling, session caching, and modern cipher suites

Output: An Nginx configuration with TLS termination, HTTP-to-HTTPS redirect, and reverse proxy to the Node.js app.

Example 2: Configure load balancing with health checks

User request: "Load balance across three API servers with failover"

Actions:

Define an
```
upstream
```
block with three backend servers and
```
least_conn
```
strategy
Set
```
max_fails=3 fail_timeout=30s
```
for automatic health checking
Add a
```
backup
```
server that activates only when primary servers are down
Configure proxy caching for GET requests to reduce backend load

Output: A load-balanced setup with automatic failover, health checks, and response caching.

Guidelines

Use
```
server_name
```
with specific domains; avoid the
```
_
```
catch-all in production for security.
Always redirect HTTP to HTTPS with
```
return 301 https://$host$request_uri
```
on the port 80 block.
Set security headers on every server block using an included snippet file for consistency.
Use
```
try_files
```
for SPA routing instead of
```
rewrite
```
since it is faster and more explicit.
Rate-limit API endpoints with
```
limit_req zone=api burst=20 nodelay
```
to prevent abuse without affecting normal traffic.
Cache static assets aggressively:
```
expires 1y
```
for hashed filenames and
```
expires 1h
```
for HTML.
Always test config before reload:
```
nginx -t && nginx -s reload
```
to prevent downtime from syntax errors.