Brief Answer
- Nginx is a high‑performance web server and reverse proxy: static serving, backend proxying, load balancing, TLS/SSL termination, caching, compression.
- Fits SPA and API: static via
root, backend via proxy_pass, HTTPS with Let’s Encrypt, HTTP/2, gzip/Brotli.
- Experience: reverse‑proxy for Node.js, static caching, headers, rate‑limiting, zero‑downtime reloads.
Full Answer
Core roles
- Web server: serves static assets.
- Reverse proxy: forwards requests to backends.
- Load balancer: distributes traffic across apps.
- TLS/SSL termination: encrypts traffic.
- Cache/compression: faster responses, less bandwidth.
Mini config (static + proxy)
server {
listen 80;
server_name example.com;
root /var/www/html;
location /api/ {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
HTTPS and HTTP/2
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
Cache and compression
gzip on;
gzip_types text/css application/javascript application/json;
expires 1y;
add_header Cache-Control "public, immutable";
Common pitfalls
- Missing
Host and X-Forwarded-For headers in proxy.
- Incorrect
location patterns and proxy_pass slashes.
- Enabling HTTP/2 only on 443.
- No cache policy or compression for static.
Recommendations
- Validate config (
nginx -t) and perform atomic reloads.
- Split configuration files; enforce consistent cache/security policies.
- Use rate‑limiting to protect against bursts.