The Nginx Config Validator and Optimizer skill performs comprehensive analysis of Nginx web server configurations to identify misconfigurations, security vulnerabilities, and performance optimization opportunities. It uses the crossplane Python library to parse nginx.conf and all included configuration files into a structured AST for deep analysis.

The validator runs nginx -t for syntax verification and extends it with semantic checks for common mistakes: duplicate server_name entries across server blocks, conflicting location block precedence, incorrect proxy_pass upstream references, and missing error_page directives. It resolves include directives recursively to build a complete configuration picture.

SSL/TLS configuration is evaluated against Mozilla SSL Configuration Generator recommendations, checking cipher suites, protocol versions, HSTS header configuration, OCSP stapling setup, and certificate chain completeness. The skill flags deprecated TLS 1.0/1.1 configurations and weak cipher suites.

Performance optimization suggestions include worker_processes and worker_connections tuning based on CPU cores, gzip compression configuration, proxy buffer sizing, keepalive timeout optimization, and static file caching header recommendations. The skill also validates rate limiting configurations, access control rules, and security headers like X-Frame-Options and Content-Security-Policy.