nginx.conf snippets
Code snippets for nginx.conf configuration files.
On this page
- Blocking
- Block IP address
- Block single IP address
- Block multiple IP address
- Block IPv6 address
- Block user-agent
- Deny
- Deny access to a directory
- Deny access to a specific file
- Prevent
- Prevent hotlinking
- Prevent hotlinking with exceptions
- Force
- Force www (redirect non-www to www)
- Force non-www (redirect www to non-www)
- Force HTTPS
- Redirect
- Redirect to a new domain
- Redirect to a single page of a new domain
- Rename
- Rename .php to .html
- Remove
- Remove extensions (.html, .htm, .php) from URLs
- Remove trailing slash
- Remove trailing slash for specific URL
Blocking
Block IP address
Block single IP address
To block access to a certain IP address from accessing the website (or a directory), use
deny.
To block a single IP from accessing the entire website, use
deny inside the
server {} block directive:
server {
deny 10.20.30.40;
}To block a single IP from accessing a certain directory, use
deny inside the
location {} block directive:
location /mydirectory {
deny 10.20.30.40;
}Block multiple IP address
To block access to multiple IP addresses from accessing the website (or a directory), use
deny for each IP address.
To block a multiple IP address from accessing the entire website, use
deny inside the
server {} block directive:
server {
deny 10.20.30.40;
deny 20.30.40.50;
deny 30.40.50.60;
}To block a single IP from accessing a certain directory, use
deny inside the
location {} block directive:
location /mydirectory {
deny 10.20.30.40;
deny 20.30.40.50;
deny 30.40.50.60;
}Block IPv6 address
To block access to a certain IPv6 address, use
deny inside the
server {} block directive:
server {
deny fd98:47f0:2e63:83d7:XXXX:XXXX:XXXX:XXXX;
}Block user-agent
To block a specific user-agent, use the
$http_user_agent parameter with the exact user-agent value inside a
server {} block directive:
server {
if ($http_user_agent ~ (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36)) {
return 403;
}
}Matching options for
$http_user_agent can be case sensitive or case insensitive:
$http_user_agent ~ (user_agent_value_goes_here)is case sensitive. Notice the~.$http_user_agent ~* (user_agent_value_goes_here)is case insensitive. Notice the~*.
Deny
Deny access to a directory
To deny access to a specific directory, use
deny inside a
location {} block directive specifying the directory:
server {
location /resources {
deny all;
}
}Deny access to a specific file
To deny access to a specific file, i.e.
/secret.pdf, use
deny inside a
location {} block directive specifying the directory:
server {
location /secret.pdf {
deny all;
return 404;
}
}Prevent
Prevent hotlinking
To prevent hotlinking to static files such as images (
.png,
.jpg etc.), update your nginx.conf to return HTTP error code 403 if the referrer is not your own website:
server {
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked mydomain.com *.mydomain.com;
if ($invalid_referer) {
return 403;
}
}
}Replace
mydomain.com with your own domain.
Prevent hotlinking with exceptions
To prevent hotlinking to any static files such as images (
.png,
.jpg etc.) from any domains except yours and Google (for example), use the same approach as above:
server {
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked mydomain.com *.mydomain.com ~\.google\.;
if ($invalid_referer) {
return 403;
}
}
}Replace
mydomain.com with your own domain.
Force
Force www (redirect non-www to www)
To force a redirect from
non-www to
www, use the
return 301 parameter:
server {
server_name mydomain.com;
return 301 $scheme://www.mydomain.com$request_uri;
}Replace
mydomain and
.com accordingly.
Force non-www (redirect www to non-www)
To force a redirect from
www to
non-www, use the
return 301 parameter:
server {
server_name www.mydomain.com;
return 301 $scheme://mydomain.com$request_uri;
}Replace
mydomain and
.com accordingly.
Force HTTPS
To force HTTPS (i.e.
https://), use the
return 301 parameter:
server {
listen 80;
server_name mydomain.com;
return 301 $scheme://mydomain.com$request_uri;
}Replace
mydomain and
.com accordingly.
Note that
listen 80; is mandatory as you redirect
http:// over to
https://.
Redirect
Redirect to a new domain
To redirect a domain to a different domain while keeping the URLs intact, use the
rewrite parameter inside the
server {} block directive:
server {
server_name mydomain.com;
rewrite ^ http://myotherdomain.com$request_uri? permanent;
}Replace
mydomain,
myotherdomain and
.com accordingly.
Redirect to a single page of a new domain
To redirect a domain and all its URLs to a single page of a new domain, use the
rewrite parameter inside the
server {} block directive:
server {
server_name mydomain.com;
rewrite ^ http://myotherdomain.com/mypage permanent;
}Replace
mydomain,
myotherdomain,
mypage
.com accordingly.
Rename
Rename .php to .html
To redirect all website URLs that end with
.php to
.html, use the
rewrite parameter inside the
server {} block directive:
server {
location ~ \.php$ {
if (!-f $request_filename) {
rewrite ^(.*)\.php$ $1.html permanent;
}
}
}Remove
Remove extensions (.html, .htm, .php) from URLs
To remove a file extension extension (.html, .htm) from URLs, use the
rewrite parameter inside the
server {} block directive:
server {
location / {
try_files $uri/ $uri.html $uri.php$is_args$query_string;
}
}Remove trailing slash
To force website domain URLs to not end with a trailing slash, i.e.
mydomain.com/about/, use the
rewrite parameter to redirect the URL from a URL with ending slash (
mydomain.com/about/) to a URL without an ending slash (
mydomain.com/about).
server {
listen 80;
server_name mydomain.com;
rewrite ^/(.*)/$ /$1 permanent;
}Replace
mydomain and
.com accordingly.
Remove trailing slash for specific URL
To remove the trailing slash only for a specific URL, you can use the same
rewrite parameter:
server {
listen 80;
server_name mydomain.com;
rewrite ^/mypage/$ /mypage permanent;
}Replace
mydomain,
mypage and
.com accordingly.