Nginx Reverse Proxy Generator

Generate a production-ready nginx.conf for reverse proxying with proxy_pass, headers, timeouts, and gzip from a focused form

Reverse Proxy modepreset

Front a Node / Python / Go upstream with sensible proxy headers and timeouts.

Switch mode:

Server

server_name

HTTP portEnable HTTPS listen

Proxy

proxy_pass

Timeout (s)

Forward HostX-Forwarded-For

Common

Gzip compressionSecurity headers (X-Content-Type, Frame-Options, Referrer-Policy)

access_logerror_log

Custom add_header lines

nginx.conf preview

Drop into /etc/nginx/conf.d/ or/etc/nginx/sites-available/.

server {
  listen 80;
  listen [::]:80;
  server_name example.com;

  # Recommended security headers
  add_header X-Content-Type-Options nosniff always;
  add_header X-Frame-Options SAMEORIGIN always;
  add_header Referrer-Policy strict-origin-when-cross-origin always;

  # Compression
  gzip            on;
  gzip_vary       on;
  gzip_min_length 1024;
  gzip_proxied    any;
  gzip_comp_level 5;
  gzip_types      text/plain text/css application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;

  access_log /var/log/nginx/access.log;
  error_log  /var/log/nginx/error.log warn;

  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_connect_timeout 60s;
    proxy_send_timeout    60s;
    proxy_read_timeout    60s;
  }
}

Validate before reloading

sudo nginx -t && sudo systemctl reload nginx

Heads up

Replace `example.com` with your real hostname before deploying.

Loading tool...

What is Nginx Reverse Proxy Generator

Written by Giorgos Kostas. Last reviewed: April 18, 2026

Nginx Reverse Proxy Generator builds a focused server block that forwards requests to a single upstream — typically a Node, Python, Go, Rails, or PHP-FPM process listening on `127.0.0.1`.

It pre-fills the headers that broken proxies most often forget — `Host`, `X-Real-IP`, `X-Forwarded-For`, `X-Forwarded-Proto`, `X-Forwarded-Host` — and exposes the timeout dials you'll actually want to change.

Why use it

Skip the Stack Overflow scavenger hunt — the output already includes `proxy_http_version 1.1` and the right `proxy_set_header` lines.
Configure `proxy_connect_timeout`, `proxy_send_timeout`, and `proxy_read_timeout` from a single field instead of three separate spots.
Toggle X-Forwarded headers off if your upstream framework already trusts another proxy in front.
Layer in optional security headers and gzip without copy-pasting recipe blogs.
Get `nginx -t` reload guidance baked into the page.

Features

Live nginx.conf preview with copy + download
Configurable proxy timeouts (one input → all three directives)
Forwarded-header toggles (Host, X-Real-IP, X-Forwarded-*)
Optional gzip and recommended security headers
Custom add_header lines

How to use Nginx Reverse Proxy Generator

Set the server name. Enter your hostname (e.g. `api.example.com`).
Point proxy_pass. Set the upstream URL — usually `http://127.0.0.1:<port>`.
Tune timeouts and headers. Adjust the timeout, then enable forwarded headers if needed.
Copy & deploy. Drop into `/etc/nginx/conf.d/`, run `nginx -t`, reload.

Example (before/after)

Form input

server_name = api.example.com
proxy_pass = http://127.0.0.1:3000
timeout    = 60s
forward X-Forwarded-* = on

Generated server block

server {
  listen 80;
  server_name api.example.com;
  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 60s;
  }
}

Common errors

502 Bad Gateway

Nginx can't reach the upstream — wrong port, wrong host, or the process isn't running.

Fix: Verify the upstream with `curl http://127.0.0.1:3000` from the same host before reloading Nginx.

Application sees Nginx as the client IP

Headers are forwarded, but the upstream isn't configured to trust them.

Fix: Enable proxy trust in your framework (e.g. Express `app.set('trust proxy', true)`, Rails `config.action_dispatch.trusted_proxies`).

Long-running request times out at 60s

Default `proxy_read_timeout` is 60s — short for SSE or slow APIs.

Fix: Bump the timeout in this generator (e.g. 300s) and consider streaming endpoints separately.

FAQ

Where does the output file go?

Drop it into `/etc/nginx/conf.d/<name>.conf` (most distros) or `/etc/nginx/sites-available/<name>` and `ln -s` to `sites-enabled/`. Test with `sudo nginx -t`, then reload with `sudo systemctl reload nginx`.

Why HTTP/1.1 in the proxy block?

Nginx uses HTTP/1.0 to upstreams by default, which disables keep-alive and breaks websocket upgrades. Setting `proxy_http_version 1.1` is the universal fix.

Should I also enable HTTPS here?

If your traffic terminates TLS at this Nginx, switch to the Nginx SSL Config Generator (it shares the same proxy fields and adds the certificate plumbing).

What if my upstream is on another host?

Replace `http://127.0.0.1:3000` with the upstream URL — but be aware that Nginx resolves the hostname once at startup unless you configure a `resolver` directive.

Does this configure a load balancer?

No — for multiple upstream servers with round-robin / least-conn / IP hash, use the Nginx Load Balancer Config Generator.

Why is `proxy_set_header Host $host` important?

Without it, Nginx sends the literal upstream IP/port as the `Host` header, which breaks virtual-host routing on the upstream and confuses framework URL helpers.

Related tools

Pair with the rest of the Nginx generators. You can also browse the full DevOps & Infra category for more options.

Nginx SSL Config Generator

Generate an HTTPS-ready nginx.conf with SSL certificate paths, modern protocols, ciphers, HSTS, and HTTP-to-HTTPS redirect

Nginx Load Balancer Config Generator

Generate an nginx upstream + load balancer config with round-robin, least_conn, ip_hash, weights, health checks, and keepalive

Nginx WebSocket Proxy Generator

Generate an nginx config for proxying WebSocket connections with Upgrade and Connection headers and long read timeouts

Nginx Static Site Config Generator

Generate an nginx.conf for serving a static site with try_files, SPA fallback, gzip, brotli, and aggressive cache headers

CSP Policy Builder

Build a Content Security Policy header from per-directive cards with chip-style sources, presets, and a live header + meta-tag preview

HTTP Header Inspector

Paste response headers to audit HSTS, CSP, CORS, X-Powered-By disclosure, and Set-Cookie flags

Docker Compose Validator

Validate docker-compose.yml against the Compose Spec schema with hand-written lints (port collisions, undefined networks, depends_on cycles)

ENV File Editor

Edit .env files in a key/value table with type detection, masked secrets, duplicate-key warnings, and export to JSON, YAML, shell, or docker-compose

Kubernetes YAML Explorer

Explore multi-document Kubernetes manifests grouped by kind with a cross-reference graph (Service to Deployment, ConfigMap mounts, Ingress backends)