nginx secure configuration

Secure Nginx configuration

After some research and digging, I made my nginx and domain configuration files. If I have something missed, you are welcome to write it in comment here or at Github. Mostly everything are commented so to understand code should be not problem.


If you want more advanced solution, you can try an  comprehensive config: Nginx Bad Bot and User-Agent Blocker, Spam Referrer Blocker, Anti DDOS, Bad IP Blocker and WordPress Theme Detector Blocker . With it server config file looks clearer, because #1-#11 and #47-#51 lines  (map $http_user_agent $limit_bots…) now is not necessary. 

After nginx reload you can test it at: . My results for example:

server secire check
server secire check

and from

wssa security check
wssa security check

Results a re really impresive, but do not forget. Its only basic prevention from bots and low level hackers. Anyway if you are not building website for governmentit should be okey 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *