We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
Nginx security best practices.
There is a reason for that Nginx isblazing fast.
So lets get it started.
Note: In default installation on Linux, you will have this file under/etc/nginx/conf.d.
Note: dont forget to change the certificate and key file path.
To start with, I would recommend running anSSL scanagainst the website to find the score and essential vulnerability.
So the current SSL Labs rating isCand a target is to make it A. you gotta obtain a chain certificate from authority.
Mostly you will find on their website or just Google it.
Secure Diffie-Hellman for TLS
Diffie-Hellman is less secure than it was believed.
One of the best practices lately added in a list is to secure Diffie-hellman.
Generating unique DH GROUP and adding ssl_dhparam in ssl.conf file does this.
That should be sufficient for SSL/TLS optimization and lets test the URL again to see the rating.
So now it’s possible for you to see itsArating by SSLLabs.
You have to use server_tokens off to block the information leakage.
Save the file and restart the Nginx.
Clickjacking Attack
you’re able to inject X-FRAME-OPTIONS in HTTP Header to prevent a clickjacking attack.
X-XSS Protection
Inject HTTP Header with X-XSS protection to mitigate Cross-Site scripting attack.
You may also be interested in implementing OWASP recommended secure headers which are explainedhere.
Alternatively, if you may consider using cloud-based security likeSUCURIin front of the Nginx server.
I hope this helps you to keep your Nginx secure.
Next, you may be interested in learning tobuild Nginx for high-performance from scratch.
