{"id":"91009526-39b8-4c3c-8803-e309006c6777","shortId":"s42rmk","kind":"skill","title":"webserver-configuration","tagline":"Complete web server configuration workflows for Nginx, Apache, Traefik, and Caddy. Use when setting up, configuring, or optimizing web servers, SSL/TLS, load balancers, or reverse proxies.","description":"# Web Server Configuration Skill\n\nThis skill provides comprehensive configuration guides, best practices, and templates for web servers including Nginx, Apache, Traefik, and Caddy.\n\n## When to Use This Skill\n\nUse this skill when:\n- Installing and configuring web servers\n- Setting up SSL/TLS certificates\n- Configuring reverse proxy\n- Implementing load balancing\n- Optimizing performance\n- Adding security headers\n- Setting up virtual hosts\n- Configuring caching\n\n## Web Server Selection Guide\n\n```\n┌─────────────────────────────────────────────────────────────┐\n│ Choose Web Server Based On: │\n├─────────────────────────────────────────────────────────────┤\n│ │\n│ Nginx: │\n│ ✓ High performance & scalability │\n│ ✓ Reverse proxy & load balancing │\n│ ✓ Static file serving │\n│ ✓ Low memory footprint │\n│ │\n│ Apache: │\n│ ✓ .htaccess support │\n│ ✓ Module ecosystem │\n│ ✓ Legacy application support │\n│ ✓ Dynamic content │\n│ │\n│ Traefik: │\n│ ✓ Kubernetes ingress │\n│ ✓ Docker integration │\n│ ✓ Automatic SSL (Let's Encrypt) │\n│ ✓ Dynamic configuration │\n│ │\n│ Caddy: │\n│ ✓ Automatic HTTPS │\n│ ✓ Simple configuration │\n│ ✓ HTTP/2 push │\n│ ✓ Modern defaults │\n│ │\n└─────────────────────────────────────────────────────────────┘\n```\n\n## Quick Start Configurations\n\n### Nginx Production Setup\n\n```nginx\n# Complete production-ready Nginx configuration\n# See resources/nginx-configs.md for full implementation\n\nserver {\n listen 443 ssl http2;\n server_name example.com;\n \n # SSL Configuration\n ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;\n \n # Security Headers\n add_header Strict-Transport-Security \"max-age=63072000\" always;\n add_header X-Frame-Options \"SAMEORIGIN\" always;\n add_header X-Content-Type-Options \"nosniff\" always;\n \n # Reverse Proxy\n location / {\n proxy_pass http://localhost:8080;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n }\n}\n```\n\n### Apache Production Setup\n\n```apache\n# Complete production-ready Apache configuration\n# See resources/apache-configs.md for full implementation\n\n\n ServerName example.com\n DocumentRoot /var/www/html\n \n SSLEngine on\n SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem\n SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem\n \n # Security Headers\n Header always set Strict-Transport-Security \"max-age=63072000\"\n Header always set X-Frame-Options \"SAMEORIGIN\"\n Header always set X-Content-Type-Options \"nosniff\"\n \n # Reverse Proxy\n ProxyPass / http://localhost:8080/\n ProxyPassReverse / http://localhost:8080/\n\n```\n\n### Traefik Docker Setup\n\n```yaml\n# docker-compose.yml\nversion: '3.8'\n\nservices:\n traefik:\n image: traefik:v2.10\n command:\n - \"--providers.docker=true\"\n - \"--entrypoints.web.address=:80\"\n - \"--entrypoints.websecure.address=:443\"\n - \"--certificatesresolvers.letsencrypt.acme.tlschallenge=true\"\n - \"--certificatesresolvers.letsencrypt.acme.email=admin@example.com\"\n - \"--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json\"\n ports:\n - \"80:80\"\n - \"443:443\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock:ro\n - ./letsencrypt:/letsencrypt\n\n webapp:\n image: myapp:latest\n labels:\n - \"traefik.enable=true\"\n - \"traefik.http.routers.webapp.rule=Host(`example.com`)\"\n - \"traefik.http.routers.webapp.tls=true\"\n - \"traefik.http.routers.webapp.tls.certresolver=letsencrypt\"\n```\n\n### Caddy Simple Setup\n\n```caddy\n# Caddyfile\nexample.com {\n reverse_proxy localhost:8080\n \n # Security headers\n header {\n Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\"\n X-Frame-Options \"SAMEORIGIN\"\n X-Content-Type-Options \"nosniff\"\n }\n \n # Compression\n encode zstd gzip\n \n # Logging\n log {\n output file /var/log/caddy/access.log\n format json\n }\n}\n```\n\n## SSL/TLS Configuration\n\n### Let's Encrypt Setup\n\n```bash\n#!/bin/bash\n# Automated SSL with Certbot\n\nDOMAIN=$1\nEMAIL=$2\n\n# Install Certbot\napt-get install -y certbot python3-certbot-nginx\n\n# Obtain certificate\ncertbot certonly --nginx \\\n --agree-tos \\\n --redirect \\\n --hsts \\\n --staple-ocsp \\\n --email $EMAIL \\\n -d $DOMAIN \\\n -d www.$DOMAIN\n\n# Auto-renewal\necho \"0 3 * * * certbot renew --quiet --deploy-hook 'systemctl reload nginx'\" | crontab -\n```\n\n## Security Headers\n\n### Essential Headers\n\n```\n# Security Headers (all web servers)\nStrict-Transport-Security: max-age=63072000; includeSubDomains; preload\nX-Frame-Options: DENY\nX-Content-Type-Options: nosniff\nX-XSS-Protection: 1; mode=block\nReferrer-Policy: strict-origin-when-cross-origin\nContent-Security-Policy: default-src 'self'\nPermissions-Policy: geolocation=(), microphone=(), camera=()\nCache-Control: no-store, no-cache, must-revalidate\n```\n\n## Performance Optimization\n\n### Compression\n\n```nginx\n# Nginx Gzip\ngzip on;\ngzip_vary on;\ngzip_comp_level 6;\ngzip_types text/plain text/css application/json application/javascript;\n\n# Nginx Brotli (better)\nbrotli on;\nbrotli_comp_level 6;\nbrotli_types text/plain text/css application/json application/javascript;\n```\n\n### Caching\n\n```nginx\n# Static files\nlocation /static/ {\n expires 30d;\n add_header Cache-Control \"public, immutable\";\n}\n\n# API responses\nlocation /api/ {\n add_header Cache-Control \"no-store, no-cache, must-revalidate\";\n}\n```\n\n## Load Balancing\n\n### Nginx Load Balancer\n\n```nginx\nupstream backend {\n least_conn;\n server 10.0.1.10:8080;\n server 10.0.1.11:8080;\n server 10.0.1.12:8080 backup;\n \n keepalive 32;\n}\n\nserver {\n location / {\n proxy_pass http://backend;\n proxy_http_version 1.1;\n proxy_set_header Connection \"\";\n }\n}\n```\n\n## Implementation Resources\n\nRefer to the following resources in this skill for detailed implementations:\n\n- **`resources/nginx-configs.md`**: Complete Nginx configurations for various use cases\n- **`resources/apache-configs.md`**: Complete Apache configurations and virtual hosts\n- **`resources/ssl-setup.md`**: SSL/TLS certificate setup and configuration\n- **`resources/performance-tuning.md`**: Performance optimization techniques\n\n## Anti-Patterns\n\n**Avoid these web server mistakes:**\n\n❌ **Default configurations in production**\n❌ **Missing security headers**\n❌ **No SSL/TLS**\n❌ **Server version exposure**\n❌ **Missing rate limiting**\n❌ **No compression**\n❌ **Improper caching**\n❌ **No access logs**\n❌ **Running as root**\n❌ **No health checks**\n\n## Monitoring\n\n### Essential Metrics\n\n```yaml\n# Monitor these metrics:\n- Response time (p95, p99)\n- Requests per second\n- Error rate (4xx, 5xx)\n- Active connections\n- SSL certificate expiry\n- Upstream health\n- Cache hit rate\n- Bandwidth usage\n```\n\n## Troubleshooting\n\n### Common Issues\n\n**502 Bad Gateway:**\n- Check upstream service status\n- Verify network connectivity\n- Check firewall rules\n\n**504 Gateway Timeout:**\n- Increase proxy timeouts\n- Check upstream performance\n- Monitor resource usage\n\n**SSL Errors:**\n- Verify certificate paths\n- Check certificate expiry\n- Verify domain configuration","tags":["webserver","configuration","dolu","agents","skills","dolutech","agent-skills","opencode"],"capabilities":["skill","source-dolutech","skill-webserver-configuration","topic-agent-skills","topic-opencode","topic-skills"],"categories":["dolu-agents-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/dolutech/dolu-agents-skills/webserver-configuration","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add dolutech/dolu-agents-skills","source_repo":"https://github.com/dolutech/dolu-agents-skills","install_from":"skills.sh"}},"qualityScore":"0.453","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 6 github stars · SKILL.md body (8,384 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:14:41.072Z","embedding":null,"createdAt":"2026-05-18T13:22:10.990Z","updatedAt":"2026-05-18T19:14:41.072Z","lastSeenAt":"2026-05-18T19:14:41.072Z","tsv":"'/api':578 '/bin/bash':395 '/etc/letsencrypt/live/example.com/fullchain.pem':172,252 '/etc/letsencrypt/live/example.com/privkey.pem':176,254 '/letsencrypt':327,328 '/letsencrypt/acme.json':317 '/static':565 '/var/log/caddy/access.log':385 '/var/run/docker.sock':324,325 '/var/www/html':248 '0':440 '1':401,486 '1.1':623 '10.0.1.10':604 '10.0.1.11':607 '10.0.1.12':610 '2':403 '3':441 '3.8':299 '30d':567 '32':614 '443':162,244,311,321,322 '4xx':718 '502':735 '504':748 '5xx':719 '6':538,553 '63072000':188,267,363,468 '80':309,319,320 '8080':213,289,292,352,605,608,611 'access':694 'activ':720 'ad':79 'add':179,190,198,568,579 'addr':227 'admin@example.com':315 'age':187,266,362,467 'agre':422 'agree-to':421 'alway':189,197,206,258,269,277 'anti':667 'anti-pattern':666 'apach':11,49,111,228,231,236,651 'api':575 'applic':117 'application/javascript':544,559 'application/json':543,558 'apt':407 'apt-get':406 'auto':437 'auto-renew':436 'autom':396 'automat':126,134 'avoid':669 'backend':600,619 'backup':612 'bad':736 'balanc':26,76,104,594,597 'bandwidth':730 'base':95 'bash':394 'best':40 'better':547 'block':488 'brot':546,548,550,554 'cach':87,513,520,560,571,582,589,692,727 'cache-control':512,570,581 'caddi':14,52,133,343,346 'caddyfil':347 'camera':511 'case':648 'certbot':399,405,411,414,418,442 'certif':70,171,174,417,658,723,763,766 'certificatesresolvers.letsencrypt.acme.email':314 'certificatesresolvers.letsencrypt.acme.storage':316 'certificatesresolvers.letsencrypt.acme.tlschallenge':312 'certon':419 'check':701,738,745,754,765 'choos':92 'command':305 'common':733 'comp':536,551 'complet':4,149,232,642,650 'comprehens':37 'compress':377,526,690 'configur':3,7,19,32,38,64,71,86,132,137,144,154,169,237,389,644,652,661,675,770 'conn':602 'connect':627,721,744 'content':120,202,281,373,478,499 'content-security-polici':498 'control':514,572,583 'crontab':451 'cross':496 'd':431,433 'default':141,503,674 'default-src':502 'deni':475 'deploy':446 'deploy-hook':445 'detail':639 'docker':124,294 'docker-compose.yml':297 'documentroot':247 'domain':400,432,435,769 'dynam':119,131 'echo':439 'ecosystem':115 'email':402,429,430 'encod':378 'encrypt':130,392 'entrypoints.web.address':308 'entrypoints.websecure.address':310 'error':716,761 'essenti':454,703 'example.com':167,246,338,348 'expir':566 'expiri':724,767 'exposur':685 'file':106,384,563 'firewal':746 'follow':633 'footprint':110 'format':386 'frame':194,273,368,473 'full':158,241 'gateway':737,749 'geoloc':509 'get':408 'guid':39,91 'gzip':380,529,530,532,535,539 'header':81,178,180,191,199,216,221,256,257,268,276,354,355,453,455,457,569,580,626,680 'health':700,726 'high':98 'hit':728 'hook':447 'host':85,217,218,337,655 'hsts':425 'htaccess':112 'http':621 'http/2':138 'http2':164 'https':135 'imag':302,330 'immut':574 'implement':74,159,242,628,640 'improp':691 'includ':47 'includesubdomain':364,469 'increas':751 'ingress':123 'instal':62,404,409 'integr':125 'ip':225 'issu':734 'json':387 'keepal':613 'key':175 'kubernet':122 'label':333 'latest':332 'least':601 'legaci':116 'let':128,390 'letsencrypt':342 'level':537,552 'limit':688 'listen':161 'load':25,75,103,593,596 'localhost':212,288,291,351 'locat':209,564,577,616 'log':381,382,695 'low':108 'max':186,265,361,466 'max-ag':185,264,360,465 'memori':109 'metric':704,708 'microphon':510 'miss':678,686 'mistak':673 'mode':487 'modern':140 'modul':114 'monitor':702,706,757 'must':522,591 'must-revalid':521,590 'myapp':331 'name':166 'network':743 'nginx':10,48,97,145,148,153,415,420,450,527,528,545,561,595,598,643 'no-cach':518,587 'no-stor':515,584 'nosniff':205,284,376,481 'obtain':416 'ocsp':428 'optim':21,77,525,664 'option':195,204,274,283,369,375,474,480 'origin':494,497 'output':383 'p95':711 'p99':712 'pass':211,618 'path':764 'pattern':668 'per':714 'perform':78,99,524,663,756 'permiss':507 'permissions-polici':506 'polici':491,501,508 'port':318 'practic':41 'preload':365,470 'product':146,151,229,234,677 'production-readi':150,233 'protect':485 'provid':36 'providers.docker':306 'proxi':29,73,102,208,210,214,219,286,350,617,620,624,752 'proxypass':287 'proxypassrevers':290 'public':573 'push':139 'python3':413 'python3-certbot-nginx':412 'quick':142 'quiet':444 'rate':687,717,729 'readi':152,235 'real':224 'redirect':424 'refer':630 'referr':490 'referrer-polici':489 'reload':449 'remot':226 'renew':438,443 'request':713 'resourc':629,634,758 'resources/apache-configs.md':239,649 'resources/nginx-configs.md':156,641 'resources/performance-tuning.md':662 'resources/ssl-setup.md':656 'respons':576,709 'revalid':523,592 'revers':28,72,101,207,285,349 'ro':326 'root':698 'rule':747 'run':696 'sameorigin':196,275,370 'scalabl':100 'second':715 'secur':80,177,184,255,263,353,359,452,456,464,500,679 'see':155,238 'select':90 'self':505 'serv':107 'server':6,23,31,46,66,89,94,160,165,460,603,606,609,615,672,683 'servernam':245 'servic':300,740 'set':17,67,82,215,220,259,270,278,625 'setup':147,230,295,345,393,659 'simpl':136,344 'skill':33,35,57,60,637 'skill-webserver-configuration' 'source-dolutech' 'src':504 'ssl':127,163,168,170,173,397,722,760 'ssl/tls':24,69,388,657,682 'sslcertificatefil':251 'sslcertificatekeyfil':253 'sslengin':249 'stapl':427 'staple-ocsp':426 'start':143 'static':105,562 'status':741 'store':517,586 'strict':182,261,357,462,493 'strict-origin-when-cross-origin':492 'strict-transport-secur':181,260,356,461 'support':113,118 'systemctl':448 'techniqu':665 'templat':43 'text/css':542,557 'text/plain':541,556 'time':710 'timeout':750,753 'topic-agent-skills' 'topic-opencode' 'topic-skills' 'tos':423 'traefik':12,50,121,293,301,303 'traefik.enable':334 'traefik.http.routers.webapp.rule':336 'traefik.http.routers.webapp.tls':339 'traefik.http.routers.webapp.tls.certresolver':341 'transport':183,262,358,463 'troubleshoot':732 'true':307,313,335,340 'type':203,282,374,479,540,555 'upstream':599,725,739,755 'usag':731,759 'use':15,55,58,647 'v2.10':304 'vari':533 'various':646 'verifi':742,762,768 'version':298,622,684 'virtual':84,654 'virtualhost':243 'volum':323 'web':5,22,30,45,65,88,93,459,671 'webapp':329 'webserv':2 'webserver-configur':1 'workflow':8 'www':434 'x':193,201,223,272,280,367,372,472,477,483 'x-content-type-opt':200,279,371,476 'x-frame-opt':192,271,366,471 'x-real-ip':222 'x-xss-protect':482 'xss':484 'y':410 'yaml':296,705 'zstd':379","prices":[{"id":"23a2bced-9976-4fa8-8a5f-a80ac9a5abdf","listingId":"91009526-39b8-4c3c-8803-e309006c6777","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"dolutech","category":"dolu-agents-skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:22:10.990Z"}],"sources":[{"listingId":"91009526-39b8-4c3c-8803-e309006c6777","source":"github","sourceId":"dolutech/dolu-agents-skills/webserver-configuration","sourceUrl":"https://github.com/dolutech/dolu-agents-skills/tree/main/skills/webserver-configuration","isPrimary":false,"firstSeenAt":"2026-05-18T13:22:10.990Z","lastSeenAt":"2026-05-18T19:14:41.072Z"}],"details":{"listingId":"91009526-39b8-4c3c-8803-e309006c6777","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"dolutech","slug":"webserver-configuration","github":{"repo":"dolutech/dolu-agents-skills","stars":6,"topics":["agent-skills","opencode","skills"],"license":"mit","html_url":"https://github.com/dolutech/dolu-agents-skills","pushed_at":"2026-03-21T12:00:55Z","description":"Dolu Agents Skills - Open-source collection of modular and extensible skills for AI agents.","skill_md_sha":"c04e663adc358a9f17b80192c134ece715ac74c8","skill_md_path":"skills/webserver-configuration/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/dolutech/dolu-agents-skills/tree/main/skills/webserver-configuration"},"layout":"multi","source":"github","category":"dolu-agents-skills","frontmatter":{"name":"webserver-configuration","description":"Complete web server configuration workflows for Nginx, Apache, Traefik, and Caddy. Use when setting up, configuring, or optimizing web servers, SSL/TLS, load balancers, or reverse proxies."},"skills_sh_url":"https://skills.sh/dolutech/dolu-agents-skills/webserver-configuration"},"updatedAt":"2026-05-18T19:14:41.072Z"}}