Nginx Reverse Proxy Config Builder

Define your upstream servers, choose a load balancing method, and get a production-ready nginx.conf block in real time.

Server Configuration
Upstream Servers
Load Balancing Method
Proxy Headers
Advanced Proxy Headers
nginx.conf
Ready
Key Terms Explained
Reverse Proxy
A server that sits in front of your backend application and accepts client connections on its behalf. The client only ever communicates with the proxy, never with the origin server directly. Nginx is one of the most widely used reverse proxies.
Upstream Server
Any backend server that Nginx forwards requests to. You define upstream servers in an upstream block with their IP address and port. The upstream block is also where you configure load balancing behavior.
Load Balancing
Distributing incoming requests across multiple backend servers to avoid overwhelming any single one. Nginx supports several methods: round robin, least connections, and IP hash, each suited to different traffic patterns and application architectures.
Round Robin
The default Nginx load balancing method. Each new request is forwarded to the next server in the list, cycling through them in order. All servers receive roughly equal shares of traffic assuming similar request durations.
SSL Termination
The process of decrypting HTTPS traffic at the reverse proxy layer so the backend servers only ever receive plain HTTP. This offloads the CPU cost of TLS handshakes from your app servers and centralizes certificate management on the proxy.
proxy_pass
The Nginx directive that tells a location block where to send matched requests. The value can be a direct IP:port or a named upstream block. This is the core directive that makes Nginx a reverse proxy.
X-Forwarded-For
An HTTP header that carries the originating client IP address through the proxy chain. Each proxy appends its own IP, building a comma-separated list. Your backend reads this header to identify the true client IP instead of seeing only the proxy's address.
server_name
An Nginx directive that binds a server block to one or more domain names. Nginx uses the Host header of the incoming request to pick the matching server block. You can list multiple names separated by spaces, and use wildcards like *.example.com.

The Complete Guide to Nginx Reverse Proxy Configuration

Nginx is the engine behind more than a third of the web's busiest sites. Its reverse proxy and upstream load balancing features let you put a fast, reliable gateway in front of any backend - Node.js, Python, Java, or anything that speaks HTTP. This guide explains every directive this tool generates so you can adapt it confidently.

How to Use This Tool

Enter your domain name and the port Nginx should listen on (port 80 for plain HTTP, or enable the 443 SSL toggle if you are terminating HTTPS here). Add at least one upstream server with its IP or hostname and port. If you add two or more servers, the tool generates a full upstream block and wires the proxy_pass directive to it. With a single server, it proxies directly. Choose a load balancing method and toggle any proxy headers on or off. The config updates instantly in the output panel above.

Understanding the Upstream Block

The upstream block defines a named pool of backend servers. Nginx selects a server from the pool for each request using your chosen balancing method. The block name (here backend_cluster) is arbitrary - you reference it in proxy_pass http://backend_cluster. If you only have one upstream server the upstream block is unnecessary, so this tool omits it and passes directly to the IP and port.

Proxy Headers Explained

X-Real-IP passes the original client IP to your backend. Without it, your app sees Nginx's loopback address for every request, making logs and IP-based rate limiting useless. X-Forwarded-For is the industry-standard header that accumulates IPs across a proxy chain, read by most frameworks automatically. X-Forwarded-Proto tells your backend whether the original client connected over HTTP or HTTPS - critical for apps that generate redirect URLs or set cookie security flags. Host preserves the original Host header value, which your backend may use for virtual hosting or link generation.

Deploying Your Config

Save the generated block to /etc/nginx/sites-available/yourdomain.conf, then symlink it: sudo ln -s /etc/nginx/sites-available/yourdomain.conf /etc/nginx/sites-enabled/. Test with sudo nginx -t before applying. If all is well, reload with sudo systemctl reload nginx. On RHEL-based systems, drop the file in /etc/nginx/conf.d/ instead.

Frequently Asked Questions

What is the difference between a web server and a reverse proxy?
A web server like Apache or Nginx serves static files and application responses directly to clients. A reverse proxy sits in front of one or more backend servers and forwards client requests to them, then returns the response back to the client. The client never talks to the backend directly. Nginx is commonly used as both, but its reverse proxy role is specifically the proxy_pass and upstream configuration.
Why do I need to pass the X-Real-IP header?
When Nginx forwards a request to your backend application, the backend only sees Nginx's IP address as the source, not the original visitor's IP. Setting proxy_set_header X-Real-IP $remote_addr tells Nginx to attach the client's actual IP to the forwarded request. Your backend app can then read that header to log, rate-limit, or geo-restrict based on the true visitor IP.
How does IP Hash load balancing work in Nginx?
With ip_hash, Nginx hashes the client's IP address and always routes that IP to the same upstream server (as long as the server is available). This creates sticky sessions without requiring any session cookie or shared session store on your backend. It is useful for applications that store session state locally on each server, but it can cause uneven load distribution if a small number of IPs generate most of your traffic.
Where do I save this configuration file on my Linux server?
On most Linux distributions, Nginx site configs go in /etc/nginx/sites-available/ using a descriptive filename like yourdomain.conf. After saving, create a symlink to /etc/nginx/sites-enabled/ with: sudo ln -s /etc/nginx/sites-available/yourdomain.conf /etc/nginx/sites-enabled/. Then test with sudo nginx -t and reload with sudo systemctl reload nginx. On some setups (RHEL, CentOS, or manual installs) you drop the file directly in /etc/nginx/conf.d/ instead.
What does proxy_pass do in Nginx?
proxy_pass tells Nginx where to forward the incoming request. It can point to a specific IP and port like http://192.168.1.10:3000, or to a named upstream block like http://backend_cluster. When you define an upstream block with multiple servers, Nginx handles load balancing automatically using whichever method you specified (round robin by default).