{"id":2357,"date":"2025-09-05T04:20:16","date_gmt":"2025-09-05T04:20:16","guid":{"rendered":"https:\/\/serverhub.com\/kb\/?p=2357"},"modified":"2025-09-05T04:20:17","modified_gmt":"2025-09-05T04:20:17","slug":"nginx-high-performance-web-server-and-reverse-proxy-advanced-guide","status":"publish","type":"post","link":"https:\/\/serverhub.com\/kb\/nginx-high-performance-web-server-and-reverse-proxy-advanced-guide\/","title":{"rendered":"NGINX: High-Performance Web Server and Reverse Proxy (Advanced Guide)"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"597\" src=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/blog-article-4-Sept-25-2-Blog-artcle-Blog-1-1024x597.jpg\" alt=\"\" class=\"wp-image-2375\" srcset=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/blog-article-4-Sept-25-2-Blog-artcle-Blog-1-1024x597.jpg 1024w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/blog-article-4-Sept-25-2-Blog-artcle-Blog-1-300x175.jpg 300w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/blog-article-4-Sept-25-2-Blog-artcle-Blog-1-768x448.jpg 768w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/blog-article-4-Sept-25-2-Blog-artcle-Blog-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>In our previous article on NGINX, we explored the basics \u2014what it is, where to find its configuration, how to restart it on macOS, how to troubleshoot common 404 errors, and how to set up a basic reverse proxy. That guide provided a strong foundation for beginners who wanted to get hands-on with NGINX in Kubernetes, Docker, and traditional Linux environments.<\/p>\n\n\n\n<p>This advanced article builds on the foundation of the introductory article and takes things further. We dive into production-grade NGINX setup, advanced reverse proxy techniques, SSL\/TLS security, Dockerized deployments, Kubernetes ingress configurations, and performance tuning. We\u2019ll also integrate many practical questions developers and sysadmins often ask, such as \u201c<em>how to use embedded keys with NGINX<\/em>,\u201d \u201c<em>what NGINX proxy manager is<\/em>,\u201d \u201c<em>how to include subdomains in NGINX<\/em>,\u201d and \u201c<em>how to enable HTTPS NGINX in Docker<\/em>.\u201d<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"624\" height=\"388\" src=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Cache-Manager.png\" alt=\"\" class=\"wp-image-2360\" srcset=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Cache-Manager.png 624w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Cache-Manager-300x187.png 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Recap: What is NGINX?<\/strong><\/h2>\n\n\n\n<p>As highlighted in the <a href=\"https:\/\/serverhub.com\/kb\/nginx-high-performance-web-server-and-reverse-proxy\/\" title=\"\">introductory article<\/a>, NGINX is more than just a web server. It is a reverse proxy, load balancer, caching engine, and security layer. Its event-driven, asynchronous architecture makes it outperform traditional web servers like Apache under heavy currency.<br><\/p>\n\n\n\n<p>What NGINX is used for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Handling millions of HTTP requests per second.<\/li>\n\n\n\n<li>Offloading SSL\/TLS encryption.<\/li>\n\n\n\n<li>Acting as a reverse proxy for Docker, Kubernetes, or VM-based applications.<\/li>\n\n\n\n<li>Terminating and managing WebSocket connections.<\/li>\n\n\n\n<li>Serving static content (HTML, CSS, JS, images).<\/li>\n\n\n\n<li>Integrating with NGINX Proxy Manager, Heimdall dashboards, and third-party services.<\/li>\n\n\n\n<li>Powering microservices networking with Kubernetes ingress NGINX.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"624\" height=\"422\" src=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Reserver-Proxy-Server.jpg\" alt=\"\" class=\"wp-image-2361\" srcset=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Reserver-Proxy-Server.jpg 624w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Reserver-Proxy-Server-300x203.jpg 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>NGINX vs Apache: Why Modern Systems Choose NGINX<\/strong><\/h2>\n\n\n\n<p>While Apache remains widely used, NGINX has distinct advantages:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Feature<\/strong><\/td><td><strong>NGINX<\/strong><\/td><td><strong>Apache<\/strong><\/td><\/tr><tr><td>Architecture <\/td><td>Event-driven, asynchronous <\/td><td>Process\/thread-based<\/td><\/tr><tr><td>Performance <\/td><td>Lightweight, handles high concurrency<\/td><td>Higher memory usage<\/td><\/tr><tr><td>Reverse Proxy <\/td><td>Built-in, highly optimized <\/td><td>Add-ons required<\/td><\/tr><tr><td>Docker Integration First-class support Limited<\/td><td> First-class support<\/td><td>Limited<\/td><\/tr><tr><td>WebSocket Support<\/td><td>Native<\/td><td>Requires modules<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>For modern containerized deployments (Docker, Kubernetes), NGINX is almost always the default choice.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Where to See NGINX Config in Kubernetes Pod<\/strong><\/h2>\n\n\n\n<p>In Kubernetes, when using ingress-nginx, you can view the active configuration with the following command:<br><mark class=\"has-inline-color has-accent-color\">kubectl exec -it &#8212; nginx -T<\/mark><\/p>\n\n\n\n<p>This will dump \/etc\/nginx\/nginx.conf along with conf.d\/*.conf files. If you are troubleshooting apps like Superset config nginx or filecloud nginx, this command is invaluable.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"624\" height=\"312\" src=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Kubernetes.jpg\" alt=\"\" class=\"wp-image-2365\" srcset=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Kubernetes.jpg 624w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/Kubernetes-300x150.jpg 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>You can also mount your own nginx.conf inside the pod using a ConfigMap command:<\/p>\n\n\n\n<p><mark class=\"has-inline-color has-accent-color\">apiVersion: v1<br>kind: ConfigMap<br>metadata:<br>&nbsp; name: custom-nginx-config<br>&nbsp; namespace: default<br>data:<br>&nbsp; nginx.conf: |<br>&nbsp;&nbsp;&nbsp; events {}<br>&nbsp;&nbsp;&nbsp; http {<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; include \/etc\/nginx\/conf.d\/*.conf;<br>&nbsp;&nbsp;&nbsp; }<\/mark><\/p>\n\n\n\n<p>Then mount it into the ingress nginx controller deployment.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Handling \u201c404 Not Found\u201d in Advanced Scenarios<\/strong><\/h2>\n\n\n\n<p>From our previous article, we know 404 errors often come from misconfigured root or location blocks. But in advanced setups, other causes include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ingress path misalignment: Use nginx.ingress.kubernetes.io\/rewrite-target annotations.<\/li>\n\n\n\n<li>Missing subdomain mapping: Use server_name *.example.com for nginx include subdomains.<\/li>\n\n\n\n<li>Docker volume mount errors: Ensure nginx.conf and html directories are mounted properly.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to Restart NGINX in Different Environments<\/strong><\/h2>\n\n\n\n<p>Do the following commands in each procedure below:<\/p>\n\n\n\n<p>On macOS (as covered before):<br><mark class=\"has-inline-color has-accent-color\">brew services restart nginx<\/mark><\/p>\n\n\n\n<p>On Ubuntu\/Debian:<br><mark class=\"has-inline-color has-accent-color\">sudo systemctl restart nginx<\/mark><\/p>\n\n\n\n<p>Inside a Docker container:<br><mark class=\"has-inline-color has-accent-color\">docker exec -it nginx-container nginx -s reload<\/mark><\/p>\n\n\n\n<p>Inside a Kubernetes pod:<br><mark class=\"has-inline-color has-accent-color\">kubectl exec -it &#8212; nginx -s reload<\/mark><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Creating Advanced Docker Reverse Proxy with NGINX<\/strong><\/h2>\n\n\n\n<p>In the previous article, we showed a simple Dockerfile with NGINX. Now let\u2019s extend it for multi-service reverse proxy with SSL.<\/p>\n\n\n\n<p>For the docker-compose.yml:, use the following commands:<\/p>\n\n\n\n<p><mark class=\"has-inline-color has-accent-color\">version: &#8216;3&#8217;<br>services:<br>&nbsp; nginx:<br>&nbsp;&nbsp;&nbsp; image: nginx:latest<br>&nbsp;&nbsp;&nbsp; volumes:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; .\/nginx.conf:\/etc\/nginx\/nginx.conf<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; .\/certs:\/etc\/nginx\/certs<br>&nbsp;&nbsp;&nbsp; ports:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; &#8220;80:80&#8221;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; &#8220;443:443&#8221;<\/mark><br><br><mark class=\"has-inline-color has-accent-color\">&nbsp; app1:<br>&nbsp;&nbsp;&nbsp; image: php:8-fpm<br>&nbsp;&nbsp;&nbsp; volumes:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; .\/app1:\/var\/www\/html<br><br>&nbsp; app2:<br>&nbsp;&nbsp;&nbsp; image: node:18<br>&nbsp;&nbsp;&nbsp; working_dir: \/usr\/src\/app<br>&nbsp;&nbsp;&nbsp; volumes:<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; .\/app2:\/usr\/src\/app<\/mark><br>&nbsp;<\/p>\n\n\n\n<p><mark class=\"has-inline-color has-accent-color\">nginx.conf: events {}<br>http {<br>\u00a0 server {<br>\u00a0\u00a0\u00a0 listen 443 ssl;<br>\u00a0\u00a0\u00a0 server_name app1.local;<br><br>\u00a0\u00a0\u00a0 ssl_certificate \/etc\/nginx\/certs\/fullchain.pem;<br>\u00a0\u00a0\u00a0 ssl_certificate_key \/etc\/nginx\/certs\/privkey.pem;<br><br><\/mark><mark class=\"has-inline-color has-accent-color\">\u00a0\u00a0\u00a0 location \/ {<br>\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_pass <a href=\"http:\/\/app1:9000\">http:\/\/app1:9000<\/a>;<br>\u00a0\u00a0\u00a0 }<br>\u00a0 }<\/mark><mark class=\"has-inline-color has-accent-color\"><br><br>\u00a0 server {<br>\u00a0\u00a0\u00a0 listen 443 ssl;<br>\u00a0\u00a0\u00a0 server_name app2.local;<br><br>\u00a0\u00a0\u00a0 ssl_certificate \/etc\/nginx\/certs\/fullchain.pem;<br>\u00a0\u00a0\u00a0 ssl_certificate_key \/etc\/nginx\/certs\/privkey.pem;<br><br>\u00a0\u00a0\u00a0 location \/ {<br>\u00a0\u00a0\u00a0\u00a0\u00a0 proxy_pass <a href=\"http:\/\/app2:3000\">http:\/\/app2:3000<\/a>;<br>\u00a0\u00a0\u00a0 }<br>\u00a0 }<br>}<br><\/mark>This allows NGINX proxy docker setups with multiple domains secured via .pem and .key files.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Using Embedded Keys and Password Protection in NGINX<\/strong><\/h2>\n\n\n\n<p>Some organizations prefer embedded keys inside their NGINX configuration. Instead of referencing external files, you can include the certificate and private key inline.<\/p>\n\n\n\n<p>Additionally, use Basic Auth for restricting access with the following command:<\/p>\n\n\n\n<p><mark class=\"has-inline-color has-accent-color\">location \/admin {<br>&nbsp;&nbsp;&nbsp; auth_basic &#8220;Restricted&#8221;;<br>&nbsp;&nbsp;&nbsp; auth_basic_user_file \/etc\/nginx\/.htpasswd;<br>}<\/mark><\/p>\n\n\n\n<p>Combine this with SSL to create a secure login-protected area.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>NGINX Proxy Manager &amp; Heimdall<\/strong><\/h2>\n\n\n\n<p>For those who prefer GUIs, NGINX Proxy Manager provides an easy way to configure reverse proxies, SSL certificates, and redirects. Similarly, Heimdall can be fronted by NGINX to create a beautiful dashboard.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>NGINX with APISIX, FileCloud, and Superset<\/strong><\/h2>\n\n\n\n<p>NGINX integrates tightly with modern ecosystems:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>APISIX NGINX worker: APISIX uses NGINX under the hood for API gateway functionality.<\/li>\n\n\n\n<li>FileCloud NGINX: Reverse proxy setup for enterprise file sharing.<\/li>\n\n\n\n<li>Superset config NGINX: Secure BI dashboards behind HTTPS.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Logging, Monitoring, and Performance Tuning<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Logs: Located in \/var\/log\/nginx\/ (access.log, error.log).<\/li>\n\n\n\n<li>Metrics: Use the stub_status module for real-time request stats.<\/li>\n\n\n\n<li>Tuning: Increase worker processes with the following command:\n<ul class=\"wp-block-list\">\n<li><mark class=\"has-inline-color has-accent-color\">worker_processes auto;<\/mark><\/li>\n\n\n\n<li><mark class=\"has-inline-color has-accent-color\">worker_connections 10240;<\/mark><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Caching: Enable fast content delivery with proxy_cache_path.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"624\" height=\"312\" src=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/NGINX-Best-Practices.jpg\" alt=\"\" class=\"wp-image-2369\" srcset=\"https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/NGINX-Best-Practices.jpg 624w, https:\/\/serverhub.com\/kb\/wp-content\/uploads\/2025\/09\/NGINX-Best-Practices-300x150.jpg 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>NGINX and SSL\/TLS: Best Practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always redirect HTTP to HTTPS.<\/li>\n\n\n\n<li>Use Let\u2019s Encrypt (certbot) for free SSL certificates.<\/li>\n\n\n\n<li>For production, configure HSTS headers.<\/li>\n\n\n\n<li>Use strong ciphers with the following command:\n<ul class=\"wp-block-list\">\n<li><mark class=\"has-inline-color has-accent-color\">ssl_protocols TLSv1.2 TLSv1.3;<\/mark><\/li>\n\n\n\n<li><mark class=\"has-inline-color has-accent-color\">ssl_ciphers HIGH:!aNULL:!MD5;<\/mark><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Final Thoughts<\/strong><\/h2>\n\n\n\n<p>In the previous article, we laid the groundwork for understanding NGINX basics. This advanced guide expanded on those foundations by covering Dockerized setups, Kubernetes ingress, embedded keys, Proxy Manager, SSL best practices, APISIX integration, and performance tuning.<\/p>\n\n\n\n<p>Whether you are building a docker php sqlite nginx stack, deploying websocket nginx manager, or setting up a production-grade reverse proxy, NGINX remains the industry standards.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>References:<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/nginx.org\/en\/\" title=\"\">NGINX Official Docs<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/docs.nginx.com\/nginx\/admin-guide\/\" title=\"\">NGINX Admin Guide<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kubernetes.github.io\/ingress-nginx\/\" title=\"\">Kubernetes Ingress NGINX<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/nginxproxymanager.com\/\" title=\"\">NGINX Proxy Manager<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/hub.docker.com\/_\/nginx\" title=\"\">Docker Hub NGINX Images<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/aosabook.org\/en\/v2\/nginx.html\" title=\"\">The Architecture of Open Source Applications (Volume 2) nginx<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/balagetech.com\/visualizing-nginx-access-logs-kibana\/\" title=\"\">Analyze and visualize NGINX access logs in Kibana Dashboard<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In our previous article on NGINX, we explored the basics \u2014what it is, where to find its configuration, how to restart it on macOS, how to troubleshoot common 404 errors, and how to set up a basic reverse proxy. That guide provided a strong foundation for beginners who wanted to get hands-on with NGINX in &#8230; <a title=\"NGINX: High-Performance Web Server and Reverse Proxy (Advanced Guide)\" class=\"read-more\" href=\"https:\/\/serverhub.com\/kb\/nginx-high-performance-web-server-and-reverse-proxy-advanced-guide\/\" aria-label=\"More on NGINX: High-Performance Web Server and Reverse Proxy (Advanced Guide)\">Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[101,60,1],"tags":[176],"class_list":["post-2357","post","type-post","status-publish","format-standard","hentry","category-cloud-computing","category-how-to","category-uncategorized","tag-nginx-webserver-reverseproxy"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/posts\/2357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/comments?post=2357"}],"version-history":[{"count":13,"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/posts\/2357\/revisions"}],"predecessor-version":[{"id":2376,"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/posts\/2357\/revisions\/2376"}],"wp:attachment":[{"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/media?parent=2357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/categories?post=2357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serverhub.com\/kb\/wp-json\/wp\/v2\/tags?post=2357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}