Nginx

July 19, 2025

What Nginx Is, and Why It Matters (Explained Through the Lens of Yoga)

Yoga and the Flow of Energy (or Web Traffic)

Imagine you’re attending a packed yoga retreat in Bali. It's hosted by one of the world’s most respected modern yogis — let’s say Tara Stiles, known for her down-to-earth, accessible approach to yoga. Her sessions draw hundreds of participants: beginners, influencers, seasoned practitioners — all trying to find a spot, breathe, and follow the flow.

But here's the catch: not everyone can just walk up to Tara and start a conversation or ask for a pose breakdown mid-session. There’s a flow, a system. A calm but organized assistant at the front checks you in, figures out your level, tells you where to sit, and answers the common questions before they ever reach Tara. This person doesn’t do yoga on your behalf — they just direct you so that everything runs smoothly.

That assistant? That’s Nginx in the web world.

So What Is Nginx, Really?

Nginx (pronounced “engine-x”) is open-source software that’s mostly used as:

• A reverse proxy, routing incoming requests to backend apps
• A web server, serving static content
• A load balancer, distributing traffic evenly across servers
• And sometimes even as a cache layer or API gateway

If you’ve ever run a web app — like something built with PHP Swoole, Node.js, or even Flask — you’ve probably had to deal with port numbers. Your app might run on port 8080, but visitors expect your site to be available at https://yoursite.com.

Nginx is the assistant who handles all the traffic at the front door, listens on port 80/443 (HTTP/HTTPS), and calmly directs it to the right room (your app running on another port).

Why Not Just Let the App Talk to the World?

Let’s go back to the yoga retreat.

If Tara tried to talk to everyone directly, she’d get overwhelmed. People asking questions, some speaking different languages, others arriving late, some needing adjustments — it would kill the experience.

Likewise, your app server (like Swoole running a PHP app) isn't built to deal with SSL certificates, connection pooling, retries, and traffic spikes. That’s what Nginx is great at — decoupling the messy, unpredictable outer world from the clean, focused app layer.

Enter Traefik, Apache, and Friends — Who Else Is in the Yoga Studio?

There are other traffic managers in the room too — each with their own vibe:

🌀 Traefik

The minimalist, Kubernetes-native yogi with a sleek mat and smart watch. Traefik is modern and deeply integrated with Docker and Kubernetes. It autodetects services and routes traffic based on simple configuration files or container labels. Great for dynamic environments.

Use Traefik when:

• You run apps in containers (Docker, K8s)
• You like minimal manual config
• You want built-in dashboard and metrics

🔥 Apache (httpd)

The old-school teacher. Still wise, but has a thicker rulebook and sometimes slow to adapt. Apache is both a web server and a reverse proxy, but Nginx tends to outperform it in high-concurrency scenarios.

Use Apache when:

• You’re deep in the LAMP stack
• You rely on .htaccess files
• You prefer its module system

🌊 Caddy

The new age guru who believes in security by default. Caddy auto-manages HTTPS and has a very readable config system. A good choice if you just want something simple and modern with zero config.

Use Caddy when:

• You want automatic HTTPS out of the box
• You like Go-based tools
• You value a human-friendly config

Use Case: WLP on PHP Swoole and Nginx

PHP Swoole is a powerful asynchronous framework — think of it like an advanced yoga flow class that needs silence and space to shine. But Swoole apps usually bind to a non-standard port like 9501, and they don't handle HTTPS or static files well.

Here’s where Nginx steps in:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/nginx/certs/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9501;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

This config:

• Terminates HTTPS
• Proxies requests to your Swoole app
• Passes along key headers

Now your Swoole app can focus on handling business logic without worrying about SSL or headers.

Final Breath: Why Nginx Still Matters

In a world moving toward serverless and Kubernetes, Nginx might feel like the analog yoga mat in a room full of smart mirrors and heart-rate-tracking leggings. But it's stable, lightweight, battle-tested, and powerful — and it teaches you the fundamentals.

Whether you’re hosting a portfolio or scaling a real-time API with Swoole, Nginx gives you the flexibility to route, secure, and balance your traffic like a well-trained breath — intentional and in control.

🧘‍♀️ Namaste. Or, more appropriately: sudo systemctl restart nginx.

Examples of NGINX Configs

Got it — now we’re going fully clean, precise, and efficient. No fallbacks, no try_files, no rewrites, no WordPress, no FPM. Just straight:

• 🔹 Static file servers (pure, direct, efficient)
• 🔸 Proxy servers to PHP Swoole (usually on a port like 9501)
• 🔻 No hybrid fallback logic

Here are 30 direct-use Nginx templates broken into:

🔹 15 Static File Server Configs (No PHP)

1. Serve pure static site

server {
    listen 80;
    server_name static.example.com;
    root /var/www/site;
    index index.html;
}

2. Static site with gzip compression

server {
    listen 80;
    root /var/www/site;

    gzip on;
    gzip_types text/css application/javascript application/json;
}

3. Serve from /public directory

server {
    listen 80;
    root /var/www/project/public;
}

4. Only serve .html, .css, .js

server {
    listen 80;
    root /var/www/secure;

    location / {
        location ~* .(html|css|js)$ { }
        return 403;
    }
}

5. Directory listing enabled (for dev)

server {
    listen 80;
    root /var/www/files;

    location / {
        autoindex on;
    }
}

6. Directory listing disabled (production)

server {
    listen 80;
    root /var/www/site;

    location / {
        autoindex off;
    }
}

7. Long-term cache for assets

location ~* .(css|js|png|jpg|svg|woff2?)$ {
    expires 1y;
    access_log off;
}

8. Serve static files from Docker volume

server {
    listen 80;
    root /usr/share/nginx/html;
}

9. Static files with forced download

location /files/ {
    root /var/www/public;
    add_header Content-Disposition "attachment";
}

10. Static-only, no access to dotfiles

location ~ /. {
    deny all;
}

11. Static-only, IP whitelisted

server {
    listen 80;
    root /var/www/public;

    allow 192.168.1.0/24;
    deny all;
}

12. Multi-language static folder (locale prefix)

location /en/ {
    root /var/www/site;
}
location /fr/ {
    root /var/www/site;
}

13. No caching at all

location / {
    expires off;
    add_header Cache-Control "no-store";
}

14. Static server for large file downloads

location /downloads/ {
    root /data;
    sendfile on;
    tcp_nopush on;
}

15. Static CDN-style setup

server {
    listen 80;
    server_name cdn.example.com;
    root /srv/cdn;

    location ~* .(js|css|png|jpg|svg|woff2?)$ {
        expires 7d;
    }
}

🔸 15 PHP Swoole Proxies (Direct-to-port, No fallback)

16. Basic proxy to Swoole on port 9501

server {
    listen 80;

    location / {
        proxy_pass http://127.0.0.1:9501;
    }
}

17. Swoole proxy with forwarded headers

location / {
    proxy_pass http://127.0.0.1:9501;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

18. Swoole on remote IP

location / {
    proxy_pass http://10.0.0.5:9501;
}

19. Swoole proxied via Docker bridge IP

location / {
    proxy_pass http://172.18.0.3:9501;
}

20. Separate /api/ proxied to Swoole

location /api/ {
    proxy_pass http://127.0.0.1:9501;
}

21. CORS-enabled Swoole proxy

location / {
    proxy_pass http://127.0.0.1:9501;
    add_header Access-Control-Allow-Origin *;
}

22. Limit request body size to 5MB

location / {
    client_max_body_size 5M;
    proxy_pass http://127.0.0.1:9501;
}

23. Add custom header for Swoole

location / {
    proxy_set_header X-App-Version "v1.0.0";
    proxy_pass http://127.0.0.1:9501;
}

24. Separate access log for Swoole

access_log /var/log/nginx/swoole-access.log;

location / {
    proxy_pass http://127.0.0.1:9501;
}

25. Swoole + HTTPS reverse proxy

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/cert.pem;
    ssl_certificate_key /etc/nginx/key.pem;

    location / {
        proxy_pass http://127.0.0.1:9501;
    }
}

26. Swoole behind domain-based virtual host

server {
    server_name api.example.com;

    location / {
        proxy_pass http://127.0.0.1:9501;
    }
}

27. Strip prefix before passing to Swoole

location /backend/ {
    rewrite ^/backend/(.*)$ /$1 break;
    proxy_pass http://127.0.0.1:9501;
}

28. WebSocket support with Swoole

location /ws/ {
    proxy_pass http://127.0.0.1:9501;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

29. Multiple Swoole services on different ports

location /api1/ {
    proxy_pass http://127.0.0.1:9501;
}
location /api2/ {
    proxy_pass http://127.0.0.1:9502;
}

30. Disable buffering for real-time Swoole

location / {
    proxy_pass http://127.0.0.1:9501;
    proxy_buffering off;
}