nginx.conf snippets
Code snippets for nginx.conf configuration files.
On this page
- Blocking
- Block IP address
- Block single IP address
- Block multiple IP address
- Block IPv6 address
- Block user-agent
- Deny
- Deny access to a directory
- Deny access to a specific file
- Prevent
- Prevent hotlinking
- Prevent hotlinking with exceptions
- Force
- Force www (redirect non-www to www)
- Force non-www (redirect www to non-www)
- Force HTTPS
- Redirect
- Redirect to a new domain
- Redirect to a single page of a new domain
- Rename
- Rename .php to .html
- Remove
- Remove extensions (.html, .htm, .php) from URLs
- Remove trailing slash
- Remove trailing slash for specific URL
Blocking
Block IP address
Block single IP address
To block access to a certain IP address from accessing the website (or a directory), use
deny
.
To block a single IP from accessing the entire website, use
deny
inside the
server {}
block directive:
server {
deny 10.20.30.40;
}
To block a single IP from accessing a certain directory, use
deny
inside the
location {}
block directive:
location /mydirectory {
deny 10.20.30.40;
}
Block multiple IP address
To block access to multiple IP addresses from accessing the website (or a directory), use
deny
for each IP address.
To block a multiple IP address from accessing the entire website, use
deny
inside the
server {}
block directive:
server {
deny 10.20.30.40;
deny 20.30.40.50;
deny 30.40.50.60;
}
To block a single IP from accessing a certain directory, use
deny
inside the
location {}
block directive:
location /mydirectory {
deny 10.20.30.40;
deny 20.30.40.50;
deny 30.40.50.60;
}
Block IPv6 address
To block access to a certain IPv6 address, use
deny
inside the
server {}
block directive:
server {
deny fd98:47f0:2e63:83d7:XXXX:XXXX:XXXX:XXXX;
}
Block user-agent
To block a specific user-agent, use the
$http_user_agent
parameter with the exact user-agent value inside a
server {}
block directive:
server {
if ($http_user_agent ~ (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36)) {
return 403;
}
}
Matching options for
$http_user_agent
can be case sensitive or case insensitive:
$http_user_agent ~ (user_agent_value_goes_here)
is case sensitive. Notice the~
.$http_user_agent ~* (user_agent_value_goes_here)
is case insensitive. Notice the~*
.
Deny
Deny access to a directory
To deny access to a specific directory, use
deny
inside a
location {}
block directive specifying the directory:
server {
location /resources {
deny all;
}
}
Deny access to a specific file
To deny access to a specific file, i.e.
/secret.pdf
, use
deny
inside a
location {}
block directive specifying the directory:
server {
location /secret.pdf {
deny all;
return 404;
}
}
Prevent
Prevent hotlinking
To prevent hotlinking to static files such as images (
.png
,
.jpg
etc.), update your nginx.conf to return HTTP error code 403 if the referrer is not your own website:
server {
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
}
Replace
mydomain.com
with your own domain.
Prevent hotlinking with exceptions
To prevent hotlinking to any static files such as images (
.png
,
.jpg
etc.) from any domains except yours and Google (for example), use the same approach as above:
server {
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked mydomain.com *.mydomain.com ~\.google\.;
if ($invalid_referer) {
return 403;
}
}
}
Replace
mydomain.com
with your own domain.
Force
Force www (redirect non-www to www)
To force a redirect from
non-www
to
www
, use the
return 301
parameter:
server {
server_name mydomain.com;
return 301 $scheme://www.mydomain.com$request_uri;
}
Replace
mydomain
and
.com
accordingly.
Force non-www (redirect www to non-www)
To force a redirect from
www
to
non-www
, use the
return 301
parameter:
server {
server_name www.mydomain.com;
return 301 $scheme://mydomain.com$request_uri;
}
Replace
mydomain
and
.com
accordingly.
Force HTTPS
To force HTTPS (i.e.
https://
), use the
return 301
parameter:
server {
listen 80;
server_name mydomain.com;
return 301 $scheme://mydomain.com$request_uri;
}
Replace
mydomain
and
.com
accordingly.
Note that
listen 80;
is mandatory as you redirect
http://
over to
https://
.
Redirect
Redirect to a new domain
To redirect a domain to a different domain while keeping the URLs intact, use the
rewrite
parameter inside the
server {}
block directive:
server {
server_name mydomain.com;
rewrite ^ http://myotherdomain.com$request_uri? permanent;
}
Replace
mydomain
,
myotherdomain
and
.com
accordingly.
Redirect to a single page of a new domain
To redirect a domain and all its URLs to a single page of a new domain, use the
rewrite
parameter inside the
server {}
block directive:
server {
server_name mydomain.com;
rewrite ^ http://myotherdomain.com/mypage permanent;
}
Replace
mydomain
,
myotherdomain
,
mypage
.com
accordingly.
Rename
Rename .php to .html
To redirect all website URLs that end with
.php
to
.html
, use the
rewrite
parameter inside the
server {}
block directive:
server {
location ~ \.php$ {
if (!-f $request_filename) {
rewrite ^(.*)\.php$ $1.html permanent;
}
}
}
Remove
Remove extensions (.html, .htm, .php) from URLs
To remove a file extension extension (.html, .htm) from URLs, use the
rewrite
parameter inside the
server {}
block directive:
server {
location / {
try_files $uri/ $uri.html $uri.php$is_args$query_string;
}
}
Remove trailing slash
To force website domain URLs to not end with a trailing slash, i.e.
mydomain.com/about/
, use the
rewrite
parameter to redirect the URL from a URL with ending slash (
mydomain.com/about/
) to a URL without an ending slash (
mydomain.com/about
).
server {
listen 80;
server_name mydomain.com;
rewrite ^/(.*)/$ /$1 permanent;
}
Replace
mydomain
and
.com
accordingly.
Remove trailing slash for specific URL
To remove the trailing slash only for a specific URL, you can use the same
rewrite
parameter:
server {
listen 80;
server_name mydomain.com;
rewrite ^/mypage/$ /mypage permanent;
}
Replace
mydomain
,
mypage
and
.com
accordingly.