Back to Cookbook

Nginx Whisperer

Generate and debug nginx configs without the Stack Overflow scavenger hunt

Describe what you want (reverse proxy, load balancer, SSL termination, rate limiting) and get a validated nginx config. Also debugs existing configs — explains the confusing location block matching, if-is-evil pitfalls, and proxy_pass trailing slash gotchas.

House RecipeWork1 min

INGREDIENTS

🐙GitHub

PROMPT

Create a skill called "Nginx Whisperer". Help me generate, debug, and optimize nginx configurations: Mode 1 — Generate: When I describe what I need (reverse proxy to backend on port 3000, SSL with Let's Encrypt, rate limiting, etc.), generate a complete nginx config with: - Proper server blocks with listen directives - TLS configuration appropriate for the nginx/OpenSSL version in use - Reverse proxy with correct headers and websocket support if needed - Rate limiting and security headers - Comments explaining each directive Mode 2 — Debug: When I paste an existing config or describe a problem, analyze it for: - Location block matching issues (explain the priority: = > ^~ > ~ > none) - `proxy_pass` trailing slash behavior - "if is evil" violations - Missing security headers - Performance optimizations (gzip, caching, buffer sizes) Always validate with `nginx -t` if nginx is available on the system.

How It Works

Nginx has 80,000+ questions on Stack Overflow because its config syntax is

powerful but treacherous. This skill generates correct configs from plain

English and explains the "why" behind every directive.

What You Get

  • Config generation from plain English descriptions
  • SSL/TLS configuration with modern cipher suites
  • Reverse proxy setup with proper headers (X-Real-IP, X-Forwarded-For, etc.)
  • Rate limiting and connection limiting
  • Location block matching explanation (= vs ~ vs ^~ vs none)
  • Syntax validation via `nginx -t`
  • Security headers (HSTS, CSP, X-Frame-Options)

Setup Steps

  1. Describe what you need: reverse proxy, SSL, load balancing, static files, etc.
  2. Review the generated config and the explanation of each directive
  3. Validate with `nginx -t` if nginx is available
  4. Deploy and test

Tips

  • Always use `nginx -t` to validate before reloading
  • The trailing slash on proxy_pass changes path behavior — this is the #1 gotcha
  • Use `return 301` instead of `rewrite` when you can — it's simpler and faster
  • Ask your Claw to explain location block matching order — it's non-intuitive
  • Request a security audit of existing configs to catch common misconfigurations
Tags:#nginx#web-server#configuration#devops