Nginx Command Cheatsheet

A comprehensive reference for Nginx web server commands and configuration.

Basic Commands

Service Management

# SystemD (Ubuntu 16.04+, CentOS 7+)
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
sudo systemctl reload nginx
sudo systemctl status nginx
sudo systemctl enable nginx
sudo systemctl disable nginx
 
# SysVinit (older systems)
sudo service nginx start
sudo service nginx stop
sudo service nginx restart
sudo service nginx reload
sudo service nginx status

Configuration Testing

nginx -t                    # Test configuration
nginx -T                    # Test and dump configuration
nginx -v                    # Show version
nginx -V                    # Show version and configure options

Signal Commands

nginx -s stop               # Fast shutdown
nginx -s quit               # Graceful shutdown
nginx -s reload             # Reload configuration
nginx -s reopen             # Reopen log files

Configuration Files

Main Configuration

# /etc/nginx/nginx.conf
 
user www-data;
worker_processes auto;
pid /run/nginx.pid;
 
events {
    worker_connections 768;
}
 
http {
    # Basic Settings
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    
    # MIME types
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    
    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript 
               application/json application/javascript application/xml+rss;
    
    # Virtual Host Configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Server Blocks (Virtual Hosts)

Basic HTTP Server

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    
    root /var/www/example.com;
    index index.html index.htm;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

HTTPS Server with SSL

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com www.example.com;
    
    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    
    root /var/www/example.com;
    index index.html;
    
    location / {
        try_files $uri $uri/ =404;
    }
}

HTTP to HTTPS Redirect

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

Location Blocks

Static Files

location / {
    root /var/www/html;
    index index.html index.htm;
    try_files $uri $uri/ =404;
}

Reverse Proxy

location / {
    proxy_pass http://localhost:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_cache_bypass $http_upgrade;
}

PHP-FPM

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}

Deny Access

location ~ /\.ht {
    deny all;
}
 
location /admin {
    deny all;
    allow 192.168.1.0/24;
}

Load Balancing

Upstream Configuration

upstream backend {
    least_conn;  # or ip_hash, or round-robin (default)
    server backend1.example.com weight=3;
    server backend2.example.com;
    server backend3.example.com backup;
}
 
server {
    location / {
        proxy_pass http://backend;
    }
}

Caching

Proxy Cache

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m 
                 max_size=10g inactive=60m use_temp_path=off;
 
server {
    location / {
        proxy_cache my_cache;
        proxy_cache_valid 200 60m;
        proxy_cache_valid 404 1m;
        proxy_cache_use_stale error timeout updating;
        add_header X-Cache-Status $upstream_cache_status;
        
        proxy_pass http://backend;
    }
}

Security Headers

Common Security Headers

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;

Rate Limiting

Limit Requests

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
 
server {
    location /api/ {
        limit_req zone=mylimit burst=20 nodelay;
    }
}

Logging

Custom Log Format

log_format custom '$remote_addr - $remote_user [$time_local] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent"';
 
access_log /var/log/nginx/access.log custom;

Conditional Logging

map $status $loggable {
    ~^[23] 0;
    default 1;
}
 
access_log /var/log/nginx/access.log combined if=$loggable;

Common Configurations

WordPress

location / {
    try_files $uri $uri/ /index.php?$args;
}
 
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}

Node.js Application

location / {
    proxy_pass http://localhost:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}

WebSocket

location /ws {
    proxy_pass http://localhost:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;
}

Useful Variables

Variable	Description
`$host`	Host name
`$uri`	Current URI
`$request_uri`	Full original request URI
`$remote_addr`	Client IP address
`$server_name`	Server name
`$request_method`	Request method (GET, POST, etc.)
`$scheme`	Request scheme (http or https)
`$status`	Response status code

Troubleshooting

Check Logs

tail -f /var/log/nginx/error.log
tail -f /var/log/nginx/access.log

Test Configuration

nginx -t

Common Issues

# Permission denied
sudo chown -R www-data:www-data /var/www/html
 
# Port already in use
sudo lsof -i :80
sudo netstat -tulpn | grep :80
 
# SELinux issues (CentOS/RHEL)
sudo setsebool -P httpd_can_network_connect 1

Tips

Always test configuration before reloading
Use reload instead of restart when possible
Enable gzip compression for better performance
Set up SSL with Let's Encrypt
Use caching for static content
Implement rate limiting for APIs
Monitor logs regularly
Keep Nginx updated for security
Use upstream for load balancing
Optimize worker_processes based on CPU cores

Resources

Official Documentation: https://nginx.org/en/docs/
Nginx Config Generator: https://www.digitalocean.com/community/tools/nginx
SSL Test: https://www.ssllabs.com/ssltest/