Secure Nginx Server

Published:
Last modified:

Overview

Quick tips to improve the security of an nginx web server.

Avoid giving nginx info

Disables specifying nginx’s version on error pages and in the Server response header field disabling server_tokens.

In /etc/nginx/nginx.conf:

http {
	server_tokens off;
	# ...
	}

Audit with third-party app

Install wapiti

sudo apt-get install wapiti

and test your site:

wapiti http://example.org -n 10 -b folder
Uruguay
Marcelo Canina
I'm Marcelo Canina, a developer from Uruguay. I build websites and web-based applications from the ground up and share what I learn here.
comments powered by Disqus

Except as otherwise noted, the content of this page is licensed under CC BY-NC-ND 4.0 . Terms and Policy.

Powered by SimpleIT Hugo Theme

·