Nginx — The Complete Guide
reverse proxy, SSL termination, and load balancing — everything that sits in front of your application
Nginx (pronounced 'engine-x') is an open-source web server and reverse proxy that as of 2026 runs roughly a third of all websites in the world, and that is no accident. It is exceptionally fast (handles 10,000 concurrent connections on a small server), uses very little RAM (typically 50 MB), and is rock-solid stable — for me (Elad), the same nginx process runs for months on end without ever needing a restart. Its classic role is 'reverse proxy': a server that sits at the edge of your VPS, receives every request from the internet, and decides which internal service to route each one to. On my Hetzner VPS, nginx receives every request hitting `fullstack-eladjak.co.il`, `hub.eladjak.com`, and a dozen subdomains — and routes each one to the right Docker container among 13 agents running on internal ports 3700-3900. It also handles SSL/HTTPS (the certificates themselves are free from Let's Encrypt), compresses responses, and serves static files faster than any application server. Popular alternatives (Caddy, Traefik) are easier to configure, but nginx remains the standard because it is everywhere and the documentation is enormous. If you build a serious server — get to know it.
What this guide covers
What is Nginx? The role of the 'edge server'
The first server every request meets
Nginx is a piece of software you install on a server with a single purpose: sit on the public ports (80 for HTTP, 443 for HTTPS), receive every request from the internet, and do something smart with them — serve a static file, route to an internal application, or reject them. That's different from a regular application server (Node, Python, Go) which is busy with business logic; nginx is built specifically to handle huge numbers of concurrent open connections without spawning a process per connection (event-driven). That is what lets it serve more traffic on the same hardware.
Reverse Proxy: the heart of modern usage
How to route traffic to dozens of internal services
Reverse proxy is the technical name for nginx's classic role in 2026: stand in front of the internet, receive all requests, and route them to the right internal backend. 'Reverse' because unlike a regular proxy that 'hides' the client (like a VPN), a reverse proxy hides the servers — the client thinks it's talking to one server, but there are actually dozens behind it. On my setup, nginx receives requests for dozens of subdomains and routes each one to a different Docker container running on an internal port.
SSL/HTTPS with Let's Encrypt
Free certificates, auto-renewing, on every domain
Let's Encrypt is a free Certificate Authority that issues SSL certs for any domain you own. The standard tool for issuing and renewing them is certbot. The flow: certbot requests a cert → Let's Encrypt asks you to prove ownership (creates a temporary file at a specific path on your server) → after verification, you receive a 90-day cert that auto-renews every 60 days. All of this runs in the background and you don't have to think about it.
Advanced: rate limiting, caching, load balancing
The features that turn nginx into a defense and optimization tool
After we've solved reverse proxy and SSL, nginx offers another layer of capabilities that can save real money and protect the application: rate limiting (capping requests per IP — prevents DDoS and bot abuse), caching (storing responses in memory — cuts DB calls), and load balancing (spreading traffic across multiple backends — both for throughput and failover).
Caddy, Traefik, and when to pick which
nginx is the standard, but not always the right choice
In 2026 there are three main reverse-proxy choices for a personal server: nginx (the veteran, the standard), Caddy (the new one, ridiculously simple), and Traefik (built for Docker). Each will work well — the question is how much complexity you're willing to pay for how much power. My early servers were all on nginx, and then I switched to Caddy and never looked back. But nginx remains the industry standard, and you'll meet it at clients.
Debugging: logs, config check, and tools
When something doesn't work — where to start
Most nginx problems are misconfiguration (forgotten slash, header that wasn't passed, wrong port), or DNS/firewall/SSL. nginx gives you excellent logs if you know where to look, plus a few simple tools that solve 90% of cases in minutes.
