new file mode 100644
index 0000000..b0a4911
@@ -0,0 +1,11 @@
+---
+visibility: public
+---
+
+# nginx
+
+reverse proxy and web server. sits in front of application servers, handles SSL termination, routing, and static file serving.
+
+**role in the deploy chain:** [[Cloudflare]] → [[AWS Lightsail]] → nginx → [[gunicorn]] → app. nginx terminates SSL and proxies to the app server on localhost. [[systemd]] keeps it running.
+
+**why nginx:** battle-tested, configuration is declarative, handles thousands of concurrent connections efficiently.
\ No newline at end of file