Nginx is a lightweight, open-source, robust, high-performance HTTP server and a reverse proxy. It’s the most popular web server, beating Apache and IIS.
While the default configurations are favored by most people, they are not secure enough, and extra tweaks are needed to reinforce the web server.
Here, we will look into some actions you can take to strengthen and improve Nginx server security.
It is advised to disable any modules that are not used as this will decrease the risk of potential attacks by limiting operations.
The SSL certificate is a digital certificate powered by cryptography that encrypts data traffic between your web server and the web browser. SSL certificate also forces your website to use the secure HTTPS protocol over HTTP, which transmits traffic in plain text.
Server Headers disclose the Nginx version and it helps the attacker to plan further.
To counter potential DoS attacks on Nginx it’s possible to set buffer size restrictions for all the clients.
Leaving the server in default configuration is not a secure practice to follow and what we neglect as a low risk might become a possible threat in the future.
A more detailed version with implementation is published at : https://beaglesecurity.com/blog/article/nginx-server-security.html