DEV Community

Cover image for Nginx Server Security: Nginx Hardening
manindar mohan
manindar mohan

Posted on

Nginx Server Security: Nginx Hardening

Nginx is a lightweight, open-source, robust, high-performance HTTP server and a reverse proxy. It’s the most popular web server, beating Apache and IIS.

While the default configurations are favored by most people, they are not secure enough, and extra tweaks are needed to reinforce the web server.

Here, we will look into some actions you can take to strengthen and improve Nginx server security.

Disable Any Unwanted Modules

It is advised to disable any modules that are not used as this will decrease the risk of potential attacks by limiting operations.

Implement SSL Certificate

The SSL certificate is a digital certificate powered by cryptography that encrypts data traffic between your web server and the web browser. SSL certificate also forces your website to use the secure HTTPS protocol over HTTP, which transmits traffic in plain text.

Exclude Server Headers

Server Headers disclose the Nginx version and it helps the attacker to plan further.

Resource Control

To counter potential DoS attacks on Nginx it’s possible to set buffer size restrictions for all the clients.

Leaving the server in default configuration is not a secure practice to follow and what we neglect as a low risk might become a possible threat in the future.

A more detailed version with implementation is published at : https://beaglesecurity.com/blog/article/nginx-server-security.html

Discussion (0)