Sign In Get Started

Back to articles

Nginx Reverse Proxy: Move Your Blog to /blog Safely

Use Nginx to reverse proxy WordPress/Blogger into a subdirectory with clean caching and SEO-safe redirects—plus when to skip configs and use BlogPath.io.

Dec 8, 2025

• BlogPath Team

nginx migration reverse-proxy

Nginx Reverse Proxy: Move Your Blog to /blog Safely

Nginx can serve your existing blog at /blog with a few proxy rules. Here’s the pattern and why many teams still offload this to BlogPath.io.

Table of Contents

When Nginx is a good fit
Core proxy config
Caching recommendations
SEO and redirects
Testing and rollback
Observability and logging
Advanced FAQ
Why choose BlogPath.io
Related posts

When Nginx is a good fit

You already run Nginx at the edge or as an ingress.
You want full control of headers, caching, and logging.
You have ops coverage for config changes and reloads.

Core proxy config

Map /blog/ to origin host, strip the prefix:

location /blog/ {
  proxy_pass https://blog.origin.example.com/;
  proxy_set_header Host blog.origin.example.com;
  proxy_set_header X-Real-IP $remote_addr;
  sub_filter_once off;
}

Exclude admin/login paths from caching; optionally restrict by IP.

Caching recommendations

Use proxy_cache for static assets with long TTLs; short TTL for HTML.
Bypass cache on auth cookies.
Serve Brotli/Gzip; ensure vary headers are correct.

SEO and redirects

301 old subdomain URLs to /blog/*.
Set canonicals in templates to /blog URLs.
Update sitemap and RSS paths; avoid redirect chains.

Testing and rollback

Dry-run config with nginx -t; reload gracefully.
Keep previous config for instant rollback.
Monitor logs for 404/500 spikes; verify Core Web Vitals post-launch.

Observability and logging

Enable access/error logs with cache status ($upstream_cache_status) to tune hit ratio.
Monitor 4xx/5xx spikes and latency; set alerts.
Use stub_status or metrics exporters if running Nginx at scale.
Keep DNS TTL low so you can revert quickly if configs misbehave.

Advanced FAQ

Do I need separate servers?

No—many teams front with existing Nginx. Just ensure SSL and modern ciphers; keep CPU headroom for TLS.

How do I prevent direct origin access?

Allow only proxy IPs, block others; if possible, keep origin on a private network.

How to handle compression?

Enable Brotli/Gzip at Nginx; avoid double-compressing responses from origin.

Should I cache HTML?

Cache anonymous HTML with short TTL; bypass on auth cookies and admin routes.

Why choose BlogPath.io

Global CDN caching and WAF without maintaining Nginx.
No-code: change DNS, keep your CMS untouched.
Observability and uptime SLAs; faster rollback than server reconfigs.

Previous

12/8/2025

Netlify Proxy: Put Your Blog at /blog With Minimal Changes

Next

12/8/2025

Subdirectory Blog Security: Protect Origins While You Grow SEO