aaaaqwq/Nginx
skills/nginx/SKILL.md
Configure Nginx for reverse proxy, load balancing, SSL termination, and high-performance static serving.
$ install --global
skillsauthnpx skillsauth add aaaaqwq/agi-super-team NginxInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 5:12 PM66.6s7 files scanned
SKILL.md
- name:
- Nginx
- slug:
- nginx
- version:
- 1.0.1
- description:
- Configure Nginx for reverse proxy, load balancing, SSL termination, and high-performance static serving.
When to Use
User needs Nginx expertise — from basic server blocks to production configurations. Agent handles reverse proxy, SSL, caching, and performance tuning.
Quick Reference
| Topic | File |
|-------|------|
| Reverse proxy patterns | proxy.md |
| SSL/TLS configuration | ssl.md |
| Performance tuning | performance.md |
| Common configurations | examples.md |
Location Matching
- Exact
=first, then^~prefix, then regex~/~*, then longest prefix location /apimatches/api,/api/,/api/anything— prefix matchlocation = /apionly matches exactly/api— not/api/location ~ \.php$is regex, case-sensitive —~*for case-insensitive^~stops regex search if prefix matches — use for static files
proxy_pass Trailing Slash
proxy_pass http://backendpreserves location path —/api/users→/api/usersproxy_pass http://backend/replaces location path —/api/users→/users- Common mistake: missing slash = double path — or unexpected routing
- Test with
curl -vto see actual backend request
try_files
try_files $uri $uri/ /index.htmlfor SPA — checks file, then dir, then fallback- Last argument is internal redirect — or
=404for error $uri/tries directory with index — setindex index.html- Don't use for proxied locations — use
proxy_passdirectly
Proxy Headers
proxy_set_header Host $host— backend sees original host, not proxy IPproxy_set_header X-Real-IP $remote_addr— client IP, not proxyproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for— append to chainproxy_set_header X-Forwarded-Proto $scheme— for HTTPS detection
Upstream
- Define servers in
upstreamblock —upstream backend { server 127.0.0.1:3000; } proxy_pass http://backenduses upstream — load balancing included- Health checks with
max_failsandfail_timeout— marks server unavailable keepalive 32for connection pooling — reduces connection overhead
SSL/TLS
ssl_certificateis full chain — cert + intermediates, not just certssl_certificate_keyis private key — keep permissions restrictedssl_protocols TLSv1.2 TLSv1.3— disable older protocolsssl_prefer_server_ciphers on— server chooses cipher, not client
Common Mistakes
nginx -tbeforenginx -s reload— test config first- Missing semicolon — syntax error, vague message
rootinsidelocation— prefer inserver, override only when neededaliasvsroot— alias replaces location, root appends location- Variables in
if— many things break inside if, avoid complex logic
Variables
$uriis decoded, normalized path —/foo%20barbecomes/foo bar$request_uriis original with query string — unchanged from client$argsis query string —$arg_namefor specific parameter$hostfrom Host header —$server_namefrom config
Performance
worker_processes auto— matches CPU coresworker_connections 1024— per worker, multiply by workers for maxsendfile on— kernel-level file transfergzip ononly for text —gzip_types text/plain application/json ...gzip_min_length 1000— small files not worth compressing
Logging
access_log offfor static assets — reduces I/O- Custom log format with
log_format— add response time, upstream time error_loglevel:debug,info,warn,error— debug is verbose- Conditional logging with
mapandif— skip health checks
Related Skills
aaaaqwq/code-exemplars-blueprint-generator
development
VerifiedTrustedCommunity
Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming languages (.NET, Java, JavaScript, TypeScript, React, Angular, Python) with configurable analysis depth, categorization methods, and documentation formats to establish coding standards and maintain consistency across development teams.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/chrome-devtools
tools
VerifiedTrustedCommunity
Expert-level browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use for interacting with web pages, capturing screenshots, analyzing network traffic, and profiling performance.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/breakdown-feature-implementation
data-ai
VerifiedTrustedCommunity
Prompt for creating detailed feature implementation plans, following Epoch monorepo structure.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/boost-prompt
tools
VerifiedTrustedCommunity
Interactive prompt refinement workflow: interrogates scope, deliverables, constraints; copies final markdown to clipboard; never writes code. Requires the Joyride extension.
37SKILL.mdUpdated Apr 11, 2026