The Nginx Config Linter and Tester skill provides comprehensive validation and security analysis for Nginx web server configurations. It combines multiple analysis tools for thorough configuration auditing.

The skill uses the gixy static analyzer to detect common Nginx security misconfigurations including SSRF via proxy_pass, HTTP splitting vulnerabilities, and improper alias path traversal. It parses configuration files using the crossplane Python library for structural validation.

Configuration testing includes dry-run validation via nginx -t subprocess execution, verifying syntax correctness and file reference integrity. The skill checks for missing security headers (HSTS, CSP, X-Frame-Options), improper SSL/TLS configurations, and weak cipher suite selections.

Advanced features include upstream health check configuration validation, rate limiting rule analysis, and gzip compression settings optimization. The skill generates remediation suggestions with corrected configuration snippets and links to Nginx documentation for each finding.