# Server Configuration

Configure the Nexus server with comprehensive settings for network, security, authentication, and performance optimization. This section is organized by importance to help you quickly set up and secure your Nexus instance.

## Configuration Topics

### Essential Configuration
1. **[Core Settings](/docs/configuration/server/core)** - Basic server settings, TLS, and health checks
2. **[OAuth2 Authentication](/docs/configuration/server/oauth2)** - Secure your instance with JWT validation and token forwarding
3. **[Rate Limiting](/docs/configuration/server/rate-limiting)** - Protect against abuse with configurable limits

### Advanced Features
4. **[Client Identification](/docs/configuration/server/client-identification)** - Enable user tracking and tiered access control
5. **[CORS Configuration](/docs/configuration/server/cors)** - Support browser-based clients
6. **[CSRF Protection](/docs/configuration/server/csrf)** - Prevent cross-site request forgery attacks

## Quick Start Example

Here's a complete example showing common server configurations:

```toml
# Basic server settings
[server]
listen_address = "0.0.0.0:8000"

[server.health]
enabled = true
path = "/health"

# TLS for production
[server.tls]
certificate = "/etc/nexus/server.crt"
key = "/etc/nexus/server.key"

# OAuth2 authentication
[server.oauth]
url = "https://auth.example.com/.well-known/jwks.json"
expected_issuer = "https://auth.example.com"
expected_audience = "nexus-api"

# Rate limiting
[server.rate_limits]
enabled = true
storage = "memory"

[server.rate_limits.per_ip]
limit = 100
interval = "60s"

# CORS for browser clients
[server.cors]
allow_origins = ["https://app.example.com"]
allow_methods = ["GET", "POST", "OPTIONS"]
allow_headers = ["authorization", "content-type"]
allow_credentials = true
```

## Configuration File Location

Nexus looks for configuration in the following order:
1. Path specified by `--config` flag
2. `nexus.toml` in current directory
3. `~/.nexus/config.toml`
4. `/etc/nexus/config.toml`

## Environment Variables

All configuration values support environment variable substitution:

```toml
[server.oauth]
url = "{{ env.OAUTH_JWKS_URL }}"
expected_issuer = "{{ env.OAUTH_ISSUER }}"
```

## Best Practices

1. **Start with core settings** and add features as needed
2. **Always enable OAuth2** in production environments
3. **Use TLS certificates** for secure connections
4. **Configure rate limiting** before going live
5. **Test CORS settings** with actual browser clients
6. **Monitor logs** for security events and errors

## Troubleshooting

For debugging, run Nexus with increased verbosity:

```bash
nexus --log debug
```

Check specific configuration sections for detailed troubleshooting guides.

Configure Nexus server settings, security, and authentication