Mastering Nginx: Complete Guide (Install, Reverse Proxy, Load Balancer, Config & Comparisons)
What is Nginx?
Nginx (pronounced "engine-x") is an open-source web server, reverse proxy, and load balancer built for high performance and low resource usage. It is commonly used to serve static content, act as a gateway for application servers (Node, Python, PHP, Go), terminate TLS, and distribute traffic across multiple backends.
Why use Nginx?
- Event-driven architecture: handles many connections efficiently.
- Lightweight: low memory and CPU usage for static serving.
- Flexible: excellent reverse proxy and caching features.
- Modern protocol support: HTTP/2, QUIC/HTTP/3, TLS 1.3.
When should you use Nginx?
Use Nginx when you need to:
- Scale a website to many concurrent users
- Proxy traffic to application servers with SSL termination
- Load-balance traffic across multiple service instances
- Cache static or dynamic content to reduce backend load
Brief history & evolution
Created by Igor Sysoev in 2004 to solve the C10k problem, Nginx has evolved into a full-featured HTTP server and proxy. Over time it introduced features like native reverse proxying, caching, HTTP/2 support, and (in recent years) better support for HTTP/3 and TLS 1.3. Both nginx (open-source) and the commercial Nginx Plus provide production extensions.
Installation — quick, practical steps
Note: Commands below assume you have sudo access and a working internet connection on the server.
Ubuntu / Debian
sudo apt update
sudo apt install -y nginx
sudo systemctl enable --now nginxCentOS / RHEL / Fedora
sudo dnf install -y nginx
sudo systemctl enable --now nginxmacOS (Homebrew)
brew install nginx
brew services start nginxWindows
Download the official Windows build from nginx.org/en/download.html, extract the ZIP and run nginx.exe. For production on Windows, prefer a Linux environment.
Containerized
docker pull nginx
docker run --name my-nginx -p 80:80 -d nginxVersion check & config testing
Check installed version:
nginx -v
# or for build flags and modules
nginx -VAlways test config syntax before reloading:
sudo nginx -t
# reload if OK
sudo systemctl reload nginxBasic configuration & a simple web app example
This example creates a virtual host for example.com serving static files.
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html index.htm;
access_log /var/log/nginx/example-access.log;
error_log /var/log/nginx/example-error.log;
location / {
try_files $uri $uri/ =404;
}
}
Enable the config (Debian/Ubuntu style) and test:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginxReverse proxying: proxy_pass & headers
Use Nginx as a reverse proxy to forward traffic to an application server (example: Node.js on 127.0.0.1:3000).
server {
listen 80;
server_name app.example.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Key headers:
X-Forwarded-For— original client IP chainX-Real-IP— immediate client IPHost— preserves requested host
Load balancing with upstream
Example: a simple round-robin upstream that balances requests between three backend instances.
upstream backend_upstream {
server 10.0.1.10:3000;
server 10.0.1.11:3000;
server 10.0.1.12:3000;
}
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Other balancing methods
- least_conn; — sends requests to the server with the least connections
- ip_hash; — sticky sessions based on client IP
- weight= — assign weights:
server 10.0.1.10 weight=3;
Health checks
Open-source Nginx has passive checks (fail on timeouts/errors). Nginx Plus adds active health checks. For open-source, combine with external tools (consul, keepalived, or nginx-upsync-module).
Nginx vs Apache (httpd) vs Caddy — quick comparison
Nginx vs Apache
- Architecture: Nginx is event-driven (highly concurrent). Apache uses process/thread or event MPMs (more flexible .htaccess support).
- Performance: Nginx generally excels at static content & proxying; Apache remains strong for modules and legacy apps.
- Use-case: Use Nginx for high-performance front-end; Apache when you need per-directory config via
.htaccess.
Nginx vs Caddy
- Ease of use: Caddy is simpler and has automatic HTTPS built-in (Let's Encrypt by default).
- Production control: Nginx offers deeper tuning and ecosystem integrations.
- Choose Caddy: if you want "it just works" TLS with minimal config. Choose Nginx for fine-grained performance tuning and large-scale deployments.
Security & production tips
- Use strong TLS (TLS 1.2 / 1.3) and modern cipher suites.
- Redirect HTTP → HTTPS and use HSTS carefully.
- Limit request size and rate-limit abusive clients.
- Run
nginx -tbefore reload and keep a rollback plan for config changes. - Monitor logs in
/var/log/nginx/and use tools like fail2ban for brute-force protection.
FAQ — quick answers
How do I check Nginx configuration syntax?
Run sudo nginx -t — it reports syntax errors and warnings.
How to gracefully reload Nginx?
On systemd systems: sudo systemctl reload nginx. Or sudo nginx -s reload.
How to find enabled sites?
On Debian/Ubuntu: look at /etc/nginx/sites-enabled/. On other distros, virtual hosts may be in /etc/nginx/conf.d/ or included from nginx.conf.