Linux Guides

Top 10 NGINX Configuration Tips for Performance & Security

Anmol Ahuja
Anmol Ahuja
2 Min Read

Top 10 NGINX Configuration Tips for Performance & Security (2025 Guide)

By Infradecoded.com

Contents
Top 10 NGINX Configuration Tips for Performance & Security (2025 Guide)Introduction1. Enable GZIP Compression2. Cache Static Files3. Limit Request Rate4. Enable HTTP/25. Disable Autoindex and Unused Modules6. Set a Strong Content Security Policy (CSP)7. Configure Buffer Limits8. Use TLS 1.2 or Higher with Secure Ciphers9. Hide NGINX Version10. Configure a Reverse ProxyFinal Thoughts

Introduction

NGINX is widely adopted for its exceptional performance, low resource usage, and scalability. However, its true potential is unlocked only through careful configuration. This guide outlines ten essential NGINX settings to enhance speed, tighten security, and ensure reliability in production environments.

1. Enable GZIP Compression

Compression reduces the size of transmitted data, improving load times significantly.

gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_min_length 256;

2. Cache Static Files

Use long cache headers to reduce server load and boost client-side speed.

location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 30d;
    access_log off;
}

3. Limit Request Rate

Control abusive or malicious access by limiting the number of requests from a single IP.

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

server {
  location /login {
    limit_req zone=mylimit burst=20;
  }
}

4. Enable HTTP/2

Boost performance with multiplexed streams and header compression.

listen 443 ssl http2;

5. Disable Autoindex and Unused Modules

Turn off features that can unintentionally expose server directories.

location / {
    autoindex off;
}

6. Set a Strong Content Security Policy (CSP)

Protect against content injection and XSS attacks.

add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self';";

7. Configure Buffer Limits

Prevent buffer overflows and DoS attempts by restricting buffer sizes.

client_body_buffer_size 10K;
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;

8. Use TLS 1.2 or Higher with Secure Ciphers

Enforce modern encryption and disable weak ciphers.

ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;

9. Hide NGINX Version

Obscure your server details to reduce the attack surface.

server_tokens off;

10. Configure a Reverse Proxy

Isolate and protect backend apps behind an NGINX reverse proxy. Full guide here:

How to Configure NGINX as a Reverse Proxy on Ubuntu 22.04

location /app/ {
    proxy_pass http://localhost:5000/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

Final Thoughts

Implementing these tips will ensure your NGINX server runs fast, safe, and scalable. Regular audits and configuration reviews are critical as your application grows.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

News, Insights & Events

You Might Also Like