CloudStick is a server control panel for developers and agencies that lets you manage cloud servers on AWS, DigitalOcean, Vultr, Linode, and Hetzner without using the command line. Plans start at $9/month — the Basic plan covers 1 server with unlimited websites; Pro at $19/month and Business at $49/month cover unlimited servers.

Will features I pay for ever get moved to a higher plan?

No. CloudStick is committed to keeping all features you currently pay for within your existing plan. New features may be added to higher tiers, but existing plan features will never be removed or require a forced upgrade.

What happens to my servers if I cancel CloudStick?

Your servers remain fully operational after cancellation. CloudStick does not host your servers — it manages them. If you cancel, you lose access to the CloudStick dashboard, but your servers continue running on your cloud provider.

Is there a free trial for CloudStick?

Yes. CloudStick offers a 7-day free trial on all paid plans with no credit card required. You can explore every feature and upgrade, downgrade, or cancel at any time during or after the trial.

WEB SERVER

June 23, 2026

Common Nginx Configuration Mistakes (and How to Avoid Them)

10 min read

CloudStick Team

DevOps Engineer

Share this article

Nginx Config Mistakes

Mistake 1: Putting root Inside a location Block

Placing the root directive inside individual location blocks is one of the most common Nginx misconfigurations. It works for that specific location, but any other location block inherits no document root, causing unexpected 404s on other paths.

WRONG

server {
    location / {
        root /var/www/html;    # Wrong: root inside location
    }
}

CORRECT

server {
    root /var/www/html;    # Correct: root at server level
    index index.php index.html;
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
}

Mistake 2: Relying on server_name _ as a Wildcard

Many tutorials use server_name _; as a catch-all. The underscore is not a wildcard — it is simply an invalid hostname that matches no legitimate request. The real mechanism is the default_server flag on the listen directive. Without it, Nginx picks the first server block alphabetically when no name matches — potentially exposing an unintended site.

# Drop requests with no matching host
server {
    listen 80 default_server;    # The real default mechanism
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

Mistake 3: Forgetting try_files for PHP Applications

Without try_files, Nginx passes every request directly to PHP-FPM — including static assets and non-existent URLs. This overloads PHP unnecessarily and prevents proper 404 responses. Also add try_files $uri =404; inside your PHP location to block path-info RCE exploits.

location / {
    try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
    try_files $uri =404;    # Blocks path-info RCE exploits
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php8.3-fpm.sock;
}

WARNING

Without try_files $uri =404;, a request to /uploads/image.jpg/shell.php may be executed by PHP-FPM when path info is enabled — a known remote code execution vector.

Mistake 4: Enabling Gzip Inside a location Block

gzip on; only takes effect in the http or server context. Inside a location block, Nginx silently ignores it — responses go out uncompressed with no error logged. Verify with curl -I -H "Accept-Encoding: gzip" and look for Content-Encoding: gzip.

# nginx.conf — gzip must be at the http level
http {
    gzip on;
    gzip_vary on;
    gzip_types text/plain text/css application/json application/javascript;
    gzip_min_length 1024;
    server {
        location / {
            # gzip inherited here — do NOT add it inside location
        }
    }
}

Mistake 5: Not Setting client_max_body_size

Nginx defaults to a 1MB request body limit. File uploads larger than 1MB return a 413 error. This catches developers off guard on fresh WordPress installs where images frequently exceed 1MB. The fix requires updating both Nginx and PHP — setting only one produces a different error depending on which limit is hit first.

# Nginx — in server {} block
client_max_body_size 64M;
# PHP — /etc/php/8.3/fpm/php.ini
upload_max_filesize = 64M
post_max_size = 64M

CloudStick lets you update PHP limits from the server dashboard without editing config files manually — changes apply immediately without a manual PHP-FPM reload.

Debugging Nginx Configuration Errors

When Nginx behaves unexpectedly, these commands show exactly what is running. Always test syntax before every reload, and use nginx -T to dump the full merged config and trace which file a directive comes from.

# Test syntax before every reload
sudo nginx -t
# Dump full merged config Nginx is running with
sudo nginx -T
# Watch error log in real time
sudo tail -f /var/log/nginx/error.log
# Trace which file sets a directive
sudo nginx -T | grep -n "client_max_body_size"
# Reload without dropping live connections
sudo systemctl reload nginx

CloudStick validates Nginx config automatically before applying any dashboard changes. If the syntax test fails, the change is rolled back instantly and your site stays live with no manual intervention required.