DEV Community

Cover image for How to securely configure nginx for production step by step
Ankan Saha
Ankan Saha

Posted on

How to securely configure nginx for production step by step

#nginx #javascript #webdev #beginners

1) Use a strong cipher suite:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES:DHE-RSA-AES:RSA-AES256-GCM-SHA512:RSA-AES256-SHA256:RSA-AES128-GCM-SHA256:RSA-AES128-SHA256;

2) Use a strong SSL/TLS protocol:

ssl_protocols TLSv1.2 TLSv1.3;

3) Use a strong key exchange algorithm:

ssl_dhparam dhparam.pem;

4) Use a strong message authentication code (MAC):

ssl_prefer_server_ciphers on;

5) Set a reasonable security level:

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m;

6) Use a strong Diffie-Hellman group:

ssl_ecdh_curve prime256v1:secp384r1;

7) Use only safe renegotiation:

ssl_stapling on;

ssl_stapling_verify on;

8) Use only secure protocols and ciphers:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

9) Use only secure protocols:

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES:DHE-RSA-AES:RSA-AES256-GCM-SHA512:RSA-AES256-SHA256:RSA-AES128-GCM-SHA256:RSA-AES128-SHA256;

ssl_protocols TLSv1.2 TLSv1.3;

ssl_prefer_server_ciphers on;

10) Use only secure ciphers:

ssl_ecdh_curve prime256v1:secp384r1;

11) Use only secure renegotiation:

ssl_stapling on;

ssl_stapling_verify on;

12) Use only secure protocols and ciphers:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

profile
_SurveyJS
 Promoted

SurveyJS custom survey software

Build Your Own Forms without Manual Coding

SurveyJS UI libraries let you build a JSON-based form management system that integrates with any backend, giving you full control over your data with no user limits. Includes support for custom question types, skip logic, an integrated CSS editor, PDF export, real-time analytics, and more.

Learn more

Top comments (0)

profile
Heroku
 Promoted

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Read next

dpc profile image

Daily JavaScript Challenge #JS-73: Validate Palindrome Permutation

DPC -

chris_devto profile image

Scandinavian Airlines were fined $100,000 for accessibility bugs

Chris -

aryprogrammer profile image

Comprehensive Guide: Creating and Running the "Sample Video Generator" with Daytona

Arya Pratap Singh -

mailfloss profile image

Step-by-Step Email Verification JavaScript Tutorial: Best Practices & Code Examples

Team mailfloss -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay