frontpage.

Show HN: Nginx-lint – A linter for Nginx configs with plugin support and autofix

https://github.com/walf443/nginx-lint

2•walf4431•1h ago

  Hi HN,

  I built nginx-lint, a new linter for nginx configuration files written in Rust using Claude Code.

  Why I built this: nginx configs are deceptively simple but full of subtle pitfalls – add_header inheritance silently dropping
  security headers in child blocks, alias path traversal from a missing trailing slash, if inside location causing unpredictable
  behavior, server_tokens leaking your nginx version by default. These issues are hard to catch in code review and often only surface
  in production.

  What it does:
  - 30+ built-in rules covering security, best practices, syntax, and style
  - Autofix with --fix to automatically correct issues
  - Lint partial configs – files in conf.d/ or sites-available/ can be linted standalone with --context http,server or a #
  nginx-lint:context comment, so you don't need the full nginx.conf to get accurate results
  - Configurable – .nginx-lint.toml lets you enable/disable individual rules, adjust severity, and tune rule-specific options (e.g.,
  allowed TLS protocols, indent size). Generate a default config with nginx-lint config init
  - WASM plugin system – write custom rules in Rust, compile to WebAssembly
  - Web UI that runs entirely client-side via WASM (https://walf443.github.io/nginx-lint/)
  - JSON output for CI integration
  - Docker image available: docker run --rm -v /path/to/nginx.conf:/tmp/nginx.conf ghcr.io/walf443/nginx-lint /tmp/nginx.conf
  Example .nginx-lint.toml:
  [rules.server-tokens-enabled]
  enabled = true

  [rules.indent]
  indent_size = 4

  [rules.deprecated-ssl-protocol]
  allowed_protocols = ["TLSv1.2", "TLSv1.3"]

  The partial config support is especially useful in CI – many teams split nginx configs across multiple files and only change one at
  a time. Context-aware rules like server_tokens detection work correctly even on a snippet that starts with location /api { ... }.

  The WASM plugin architecture lets you add organization-specific rules without modifying the core. Each plugin is a self-contained
  Rust crate compiled to .wasm. Native execution is ~300x faster than WASM, but the plugin system makes distribution and sandboxing
  easy.

  GitHub: https://github.com/walf443/nginx-lint
  Demo: https://walf443.github.io/nginx-lint/

  I'd love feedback on what rules you'd find most useful, or nginx pitfalls you've been bitten by.

Give GitHub Copilot in VS Code a local memory

Decoding Base64 attachments in Epstein files

Google played a key role in recovering the video from Nancy Guthrie's cameras

Perception

How Is Data Stored?

Video Shows Potential Nancy Guthrie Suspect Outside Home

NetBSD 11.0 RC1

xAI Co-Founders Ba, Wu Join Exodus

AI chatbots are no better at medical advice than a search engine

Show HN: Prompt Fatigue CC status line – Know when to stop prompting

British Army splashes $86M on AI gear to speed up the battlefield kill chain

Dijkstra's algorithm won't be replaced in production routers any time soon

Thank You, AI

Show HN: A mashup of Snake and Pong where the ball has a 5 seconds cooldown

Bildschirmspiel 01 – The Hunt for the Lost Communist Console [video]

Show HN: Sheety – An open-source CRM that with Google Sheets as DB

How 'Pong' helped create the multibillion-dollar video game industry

Sabotage Risk Report: Claude Opus 4.6 [pdf]

Modular Acquires BentoML

The First Day of the Cenozoic

Toddlers expect ingroup loyalty to override personal prefs when outgroup present

Early signals that EU AI Act compliance is becoming a sales blocker for AI SaaS

I'm Always in the Club

Solving Automata Cam Profiling with Grasshopper

Hyundai to supply 50k vehicles to Waymo as physical AI move accelerates

Community Living as a Solution to Late Stage Capitalism

Flicker: Upload Videos for Free

Ball Lightning Phenomenon

Chrome Announced WebMCP Integration

FDA refuses to review Moderna's mRNA flu vaccine

Show HN: Nginx-lint – A linter for Nginx configs with plugin support and autofix

Give GitHub Copilot in VS Code a local memory

Decoding Base64 attachments in Epstein files

Google played a key role in recovering the video from Nancy Guthrie's cameras

Perception

How Is Data Stored?

Video Shows Potential Nancy Guthrie Suspect Outside Home

NetBSD 11.0 RC1

xAI Co-Founders Ba, Wu Join Exodus

AI chatbots are no better at medical advice than a search engine

Show HN: Prompt Fatigue CC status line – Know when to stop prompting

British Army splashes $86M on AI gear to speed up the battlefield kill chain

Dijkstra's algorithm won't be replaced in production routers any time soon

Thank You, AI

Show HN: A mashup of Snake and Pong where the ball has a 5 seconds cooldown

Bildschirmspiel 01 – The Hunt for the Lost Communist Console [video]

Show HN: Sheety – An open-source CRM that with Google Sheets as DB

How 'Pong' helped create the multibillion-dollar video game industry

Sabotage Risk Report: Claude Opus 4.6 [pdf]

Modular Acquires BentoML

The First Day of the Cenozoic

Toddlers expect ingroup loyalty to override personal prefs when outgroup present

Early signals that EU AI Act compliance is becoming a sales blocker for AI SaaS

I'm Always in the Club

Solving Automata Cam Profiling with Grasshopper

Hyundai to supply 50k vehicles to Waymo as physical AI move accelerates

Community Living as a Solution to Late Stage Capitalism

Flicker: Upload Videos for Free

Ball Lightning Phenomenon

Chrome Announced WebMCP Integration

FDA refuses to review Moderna's mRNA flu vaccine