http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
Here is some default nginx info that you might find handy:
Default Config Files and Nginx Port
- /usr/local/nginx/conf/ - The nginx server configuration directory and /usr/local/nginx/conf/nginx.conf is main configuration file.
- /usr/local/nginx/html/ - The default document location.
- /usr/local/nginx/logs/ - The default log file location.
- Nginx HTTP default port : TCP 80
- Nginx HTTPS default port : TCP 443
Interestingly there are 21 tips (There are two #12 tips, I suppose you get one of them for free?) but these are comprehensive notes on how to properly secure/configure your web server.
#1: Turn On SELinux
#2: Allow Minimal Privileges Via Mount Options
#3: Linux /etc/sysctl.conf Hardening
#4: Remove All Unwanted Nginx Modules
#5: Use mod_security (only for backend Apache servers)
#6: Install SELinux Policy To Harden The Nginx Webserver
#7: Restrictive Iptables Based Firewall
#8: Controlling Buffer Overflow Attacks
#9: Control Simultaneous Connections
#10: Allow Access To Our Domain Only
#11: Limit Available Methods
#12: How Do I Deny Certain User-Agents?
#12: How Do I Block Referral Spam?
#13: How Do I Stop Image Hotlinking?
#14: Directory Restrictions
#15: Nginx SSL Configuration
#16: Nginx And PHP Security Tips
#17: Run Nginx In A Chroot Jail (Containers) If Possible
#18: Limits Connections Per IP At The Firewall Level
#19: Configure Operating System to Protect Web Server
#20: Restrict Outgoing Nginx Connections
No comments:
Post a Comment