Nginx Config Generator

Generate production-grade, highly optimized Nginx configurations derived from your server specifications using mathematical scaling models and diminishing-returns analysis.

Quick Presets

Domain Name

Tech Stack Preset

Routing

Document RootLeave blank to use default /var/www/...

Index Files

Enable Subdomain WWW

Redirect Subdomains to WWW

HTTPS

Enable HTTPS

Force HTTPS

960 MBRAM Usage

65,536Max Connections

163,840File Descriptors

655,360Est. RPS

NETWORKBottleneck

worker_connections 16384 is in the diminishing returns zone (only 10% incremental gain). Consider adding more RAM or worker processes instead.

10 files generated

nginx/etc/nginx/nginx.conf

# ═══════════════════════════════════════════════════════════════════
# nginx.conf — Auto-generated by PawanGond Config Suite
# Server: 4 cores, 8GB RAM, nvme storage
# Generated: 2026-06-07T13:43:20.297Z
# ═══════════════════════════════════════════════════════════════════

# ─── Main Context ─────────────────────────────────────────────────
user nginx nginx;

# Pinned to 4 physical cores (HT=false)
worker_processes 4;

# CPU affinity: pin each worker to a distinct physical core
worker_cpu_affinity 0001 0010 0100 1000;

# Nice value -10: higher scheduling priority for Nginx workers
worker_priority -10;

# FD limit: 65536 = worker_connections × 2 (proxy) × 1.25 safety
worker_rlimit_nofile 65536;

# Core dump limit for crash debugging
worker_rlimit_core 500m;

# Grace period for worker shutdown during reloads
worker_shutdown_timeout 15s;

# Reduce gettimeofday() syscall overhead — 250ms resolution
timer_resolution 250ms;

# JIT-compile PCRE regexes for ~40% faster location matching
pcre_jit on;

pid /run/nginx.pid;
error_log /var/log/nginx/error.log warn;

# ─── Events Context ───────────────────────────────────────────────
events {
    # RAM-bounded: 8GB available → 16384 conns/worker
    worker_connections 16384;

    # epoll: O(1) event-driven polling
    use epoll;

    # Accept all pending connections per event cycle
    multi_accept on;

    # Modern kernels handle distribution via EPOLLEXCLUSIVE/SO_REUSEPORT
    accept_mutex off;
}

# ─── HTTP Context ─────────────────────────────────────────────────
http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Hide Nginx version from headers and error pages
    server_tokens off;

    # Structured JSON log format for ELK/Grafana Loki
    log_format main_json escape=json
      '{'
        '"time": "$time_iso8601",'
        '"remote_addr": "$remote_addr",'
        '"remote_user": "$remote_user",'
        '"request": "$request",'
        '"status": $status,'
        '"body_bytes_sent": $body_bytes_sent,'
        '"request_time": $request_time,'
        '"http_referrer": "$http_referer",'
        '"http_user_agent": "$http_user_agent",'
        '"http_x_forwarded_for": "$http_x_forwarded_for",'
        '"upstream_addr": "$upstream_addr",'
        '"upstream_response_time": "$upstream_response_time",'
        '"upstream_status": "$upstream_status",'
        '"ssl_protocol": "$ssl_protocol",'
        '"ssl_cipher": "$ssl_cipher",'
        '"request_id": "$request_id"'
      '}'

    # Conditional logging: skip health checks & static assets
    map $request_uri $loggable {
        default                          1;
        ~*\.(ico|gif|jpg|jpeg|png|css|js|woff2?)$  0;
        /health                          0;
        /healthz                         0;
        /readyz                          0;
        /status                          0;
        /ping                            0;
    }

    access_log /var/log/nginx/access.log main_json buffer=32k flush=5s if=$loggable;

    # ─── Connection Tuning ────────────────────────────────────────
    keepalive_timeout 20s;
    keepalive_requests 10000;
    keepalive_time 30m;
    send_timeout 10s;
    client_header_timeout 8s;  # Slowloris defense
    client_body_timeout 8s;
    reset_timedout_connection on;  # TCP RST instead of FIN
    lingering_close on;
    lingering_time 10s;
    lingering_timeout 2s;

    # ─── Zero-Copy File Serving ───────────────────────────────────
    sendfile on;
    sendfile_max_chunk 512k;  # Prevent single-file monopoly
    tcp_nopush on;  # TCP_CORK: pack full MTU packets
    tcp_nodelay on;  # Disable Nagle's algorithm

    # ─── Buffer Sizing ────────────────────────────────────────────
    client_body_buffer_size 128k;
    client_header_buffer_size 4k;
    large_client_header_buffers 4 16k;
    client_max_body_size 10m;
    client_body_temp_path /var/cache/nginx/client_temp 1 2;

    # ─── Static File Descriptor Cache ───────────────────────────
    open_file_cache max=32768 inactive=30s;
    open_file_cache_valid 60s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    # ─── Includes ─────────────────────────────────────────────────
    include /etc/nginx/snippets/compression.conf;

    # ─── Rate Limiting Zones ───────────────────────────────────
    limit_req_zone $binary_remote_addr zone=req_limit:6m rate=20r/s;
    limit_conn_zone $binary_remote_addr zone=conn_limit:10m;

    # ─── Virtual Host Configs ─────────────────────────────────────
    include /etc/nginx/conf.d/*.conf;
}