nginx.conf snippets
Copy-paste-ready nginx.conf code snippets for blocking IPs, redirecting domains, forcing HTTPS, preventing hotlinking, and removing URL extensions.
- Block a Single IP Address in nginx.conf
- Block a Single IP from a Specific Directory in nginx.conf
- Block Multiple IP Addresses in nginx.conf
- Block an IPv6 Address in nginx.conf
- Block a User-Agent in nginx.conf
- Deny Access to a Directory in nginx.conf
- Deny Access to a Specific File in nginx.conf
- Prevent Image Hotlinking in nginx.conf
- Prevent Image Hotlinking with Exceptions in nginx.conf
- Redirect Non-www to www in nginx.conf
- Redirect www to Non-www in nginx.conf
- Force HTTPS in nginx.conf
- Redirect to a New Domain in nginx.conf
- Redirect All URLs to a Single Page on a New Domain in nginx.conf
- Rewrite .php URLs to .html in nginx.conf
- Remove File Extensions from URLs in nginx.conf
- Remove Trailing Slash from All URLs in nginx.conf
- Remove Trailing Slash from a Specific URL in nginx.conf
Block a Single IP Address in nginx.conf
Nginx denies access to a specific IP address when the
deny directive appears inside a server or location block. Place
deny in the
server { } block to block the IP site-wide.
server {
deny 10.20.30.40;
}Block a Single IP from a Specific Directory in nginx.conf
Nginx restricts a single IP address from a specific directory when the
deny directive appears inside a
location { } block that matches the target path.
location /mydirectory {
deny 10.20.30.40;
}Block Multiple IP Addresses in nginx.conf
Nginx blocks multiple IP addresses when each address has its own
deny directive inside the server block. List each IP on a separate line.
server {
deny 10.20.30.40;
deny 20.30.40.50;
deny 30.40.50.60;
}Block an IPv6 Address in nginx.conf
Nginx blocks IPv6 addresses the same way it blocks IPv4 addresses. Use the
deny directive with the full IPv6 address inside the server block.
server {
deny fd98:47f0:2e63:83d7:XXXX:XXXX:XXXX:XXXX;
}Block a User-Agent in nginx.conf
Nginx returns a 403 Forbidden response for requests matching a specific user-agent string. Use the
$http_user_agent variable with a regex match inside the server block. The
~ operator performs a case-sensitive match;
~* performs a case-insensitive match.
server {
if ($http_user_agent ~* (SemrushBot|AhrefsBot|MJ12bot)) {
return 403;
}
}Deny Access to a Directory in nginx.conf
Nginx blocks all access to a directory when
deny all appears inside a location block that matches the directory path.
server {
location /resources {
deny all;
}
}Deny Access to a Specific File in nginx.conf
Nginx blocks access to a single file and returns a 404 response. Use an exact-match location block for the file path.
server {
location = /secret.pdf {
deny all;
return 404;
}
}Prevent Image Hotlinking in nginx.conf
Nginx prevents other sites from embedding images hosted on the server. The
valid_referers directive defines allowed referrers. Requests from unlisted referrers receive a 403 Forbidden response.
server {
location ~* \.(gif|png|jpe?g)$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}
}Prevent Image Hotlinking with Exceptions in nginx.conf
Nginx allows hotlinking from specific external domains by adding them to the
valid_referers list. This example permits Google in addition to the primary domain.
server {
location ~* \.(gif|png|jpe?g)$ {
valid_referers none blocked example.com *.example.com ~\.google\.;
if ($invalid_referer) {
return 403;
}
}
}Redirect Non-www to www in nginx.conf
Nginx redirects the non-www version of a domain to the www version using a 301 permanent redirect. Define a separate server block for the non-www domain.
server {
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}Redirect www to Non-www in nginx.conf
Nginx redirects the www version of a domain to the non-www version. Define a separate server block that captures www requests.
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}Force HTTPS in nginx.conf
Nginx redirects all HTTP traffic to HTTPS using a 301 permanent redirect. The server block listens on port 80 and redirects every request to the HTTPS URL.
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}Redirect to a New Domain in nginx.conf
Nginx redirects an entire domain to a different domain while preserving the request URI. Use the
rewrite directive with the
permanent flag for a 301 redirect.
server {
server_name olddomain.com;
rewrite ^ http://newdomain.com$request_uri? permanent;
}Redirect All URLs to a Single Page on a New Domain in nginx.conf
Nginx sends all requests for a domain to one specific page on a different domain. Use the
rewrite directive without
$request_uri to discard the original path.
server {
server_name olddomain.com;
rewrite ^ http://newdomain.com/landing permanent;
}Rewrite .php URLs to .html in nginx.conf
Nginx rewrites requests for
.php files to
.html extensions using a permanent redirect. This applies when the
.php file does not exist on disk.
server {
location ~ \.php$ {
if (!-f $request_filename) {
rewrite ^(.*)\.php$ $1.html permanent;
}
}
}Remove File Extensions from URLs in nginx.conf
Nginx serves pages without showing the file extension in the URL. The
try_files directive checks for the URI, then appends
.html and
.php as fallbacks.
server {
location / {
try_files $uri/ $uri.html $uri.php$is_args$query_string;
}
}Remove Trailing Slash from All URLs in nginx.conf
Nginx removes the trailing slash from all URLs using a rewrite rule with a permanent redirect. The server block captures any URL ending in
/ and redirects to the version without it.
server {
listen 80;
server_name example.com;
rewrite ^/(.*)/$ /$1 permanent;
}Remove Trailing Slash from a Specific URL in nginx.conf
Nginx removes the trailing slash from a single URL path. Target only the specific path in the rewrite rule.
server {
listen 80;
server_name example.com;
rewrite ^/about/$ /about permanent;
}