Skip to main content

Test & Validate NGINX Configuration

Free online tool to test NGINX config syntax, detect security issues, and share with a unique URL. Works with nginx -t and nginx -T output.

CLI: nginx -T 2>/dev/null | curl -sF 'c=<-' https://www.getpagespeed.com/n
nginx.conf

Problems

0

Click Validate to check your config

How to Test Your NGINX Configuration

Test Syntax Locally

Before reloading NGINX, always test your configuration:

nginx -t

Validates syntax and reports errors with line numbers. Exit code 0 means success.

Dump Full Configuration

To see the complete config with all includes resolved:

nginx -T

Shows effective configuration. Pipe to this tool for security analysis.

Common Test Errors

  • unknown directive — typo or missing module
  • unexpected "}" — mismatched braces
  • host not found — DNS issue (often OK)

Security Analysis

Gixy-powered detection

Shareable URLs

Unique link for each config

CLI Support

Pipe from nginx -T

Location Tester

Debug path matching

NGINX Extras Ebook: become an expert today.
Did you know? NGINX Extras add PageSpeed, Brotli and 80+ modules!

Need Pre-Built NGINX Modules?

Get HTTP/3, Brotli, ModSecurity, PageSpeed, and 50+ modules for RHEL/CentOS/Rocky Linux. Ready to yum install.

Get Repository Access

How to Use the NGINX Config Checker

Paste your NGINX configuration into the editor above and click Validate. The tool analyzes your configuration for syntax errors and security vulnerabilities in seconds.

You can also validate directly from your server’s command line:

nginx -T 2>/dev/null | curl -sF 'c=<-' https://www.getpagespeed.com/n

This command dumps your full NGINX configuration and sends it to our validator, returning results directly in your terminal.

What Security Issues Does It Detect?

This nginx config checker uses Gixy, a powerful static analyzer for NGINX configurations, to detect common security misconfigurations:

  • HTTP Response Splitting – Detects user-controlled values in response headers that could allow header injection attacks
  • SSRF via resolver – Identifies configurations where attackers might exploit DNS resolution to access internal services
  • Path Traversal – Finds alias directives that could allow reading files outside the intended directory
  • Version Disclosure – Warns when server_tokens exposes your NGINX version to attackers
  • Missing Security Headers – Checks for Host header validation to prevent host header attacks
  • Referrer/Origin Leaks – Detects potential information leakage through improperly configured proxy headers

Common NGINX Configuration Mistakes

Even experienced administrators make these mistakes:

  1. Using $uri in redirects – Can lead to CRLF injection. Use $request_uri instead.
  2. Overly permissive alias paths – Always ensure location and alias paths end consistently (both with or without trailing slashes).
  3. Missing internal directive – Error pages and internal locations should use internal to prevent direct access.
  4. Improper regex in location blocks – Test your location patterns with our built-in Location Tester tool.

Why Use a Configuration Validator?

Manual review of NGINX configurations is time-consuming and error-prone. An automated validator helps you:

  • Catch syntax errors before deploying to production
  • Identify security vulnerabilities that manual review might miss
  • Save time by getting instant feedback on configuration changes
  • Learn best practices through detailed explanations of each issue
  • Collaborate effectively by sharing configurations with your team

Location Block Testing

The built-in Location Tester helps you understand how NGINX matches requests to location blocks. Enter a test URI path (like /api/users or /images/logo.png) and see exactly which location block would handle that request.

This is invaluable for debugging complex routing configurations with multiple location blocks, regex patterns, and prefix matching.

Share and Collaborate

After validation, save your configuration to get a unique shareable URL. You can:

  • Share configs with team members for review
  • Fork existing configurations to create variations
  • Set expiration times for temporary configs
  • Choose between public and unlisted visibility
  • NGINX Extras – Pre-built NGINX modules including Brotli, PageSpeed, ModSecurity, and 50+ more
  • GetPageSpeed Blog – NGINX tutorials, performance tips, and security guides
  • Repository Access – Get our RPM repository for enterprise-grade NGINX packages