Nginx Reverse Proxy Guide 2026: SSL, Load Balancing and Production Setup

⏱️3 min read · 464 words

Nginx is the most widely used web server and reverse proxy in 2026. It handles millions of requests per second, terminates SSL, load-balances backends, and serves static files at OS speeds. This guide covers Nginx from install to production configuration with SSL and caching.

📋 Table of Contents

Install Nginx
Basic Reverse Proxy
SSL with Let’s Encrypt (Free)
Full Production Config with SSL
Load Balancing
Rate Limiting
Conclusion

Install Nginx

# Ubuntu/Debian
sudo apt install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

# Check status
sudo nginx -t          # test config
sudo systemctl status nginx

# Config location
ls /etc/nginx/sites-available/

Basic Reverse Proxy

Forward traffic from port 80 to your app running on port 8000.

# /etc/nginx/sites-available/myapp
server {
    listen 80;
    server_name example.com www.example.com;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# Enable site
sudo ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

SSL with Let’s Encrypt (Free)

# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Obtain and install SSL
sudo certbot --nginx -d example.com -d www.example.com

# Auto-renewal (already added to cron by certbot)
sudo certbot renew --dry-run

Certbot automatically modifies your Nginx config to add HTTPS and HTTP-to-HTTPS redirect.

Full Production Config with SSL

# HTTP -> HTTPS redirect
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

# HTTPS server
server {
    listen 443 ssl http2;
    server_name example.com www.example.com;

    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    # Security headers
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security 'max-age=31536000' always;

    # Proxy to app
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host            $host;
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 60s;
        proxy_connect_timeout 10s;
    }

    # Static files served directly by Nginx
    location /static/ {
        alias /var/www/myapp/static/;
        expires 1y;
        add_header Cache-Control 'public, immutable';
    }
}

Load Balancing

upstream myapp_backend {
    least_conn;  # send to least busy server
    server 10.0.0.1:8000;
    server 10.0.0.2:8000;
    server 10.0.0.3:8000;
}

server {
    listen 443 ssl http2;
    location / {
        proxy_pass http://myapp_backend;
    }
}

Rate Limiting

# In http block (nginx.conf)
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;

# In server block
location /api/ {
    limit_req zone=api burst=20 nodelay;
    proxy_pass http://127.0.0.1:8000;
}

Conclusion

Nginx is the production standard for a reason — fast, stable, and flexible. Use it as a reverse proxy in front of any app (FastAPI, Django, Node, Rails). Add Certbot for free SSL, configure rate limiting, and serve static files directly for maximum performance.

📚 You might also like

🔗 Share this article

X / Twitter Facebook WhatsApp LinkedIn Telegram