{"id":111,"date":"2017-05-03T19:28:08","date_gmt":"2017-05-03T18:28:08","guid":{"rendered":"https:\/\/mindau.de\/blog\/?p=111"},"modified":"2019-01-21T22:42:39","modified_gmt":"2019-01-21T21:42:39","slug":"secure-nginx-configuration","status":"publish","type":"post","link":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/","title":{"rendered":"Secure Nginx configuration"},"content":{"rendered":"<p>After some research and digging, I made my nginx and domain configuration files. If I have something missed, you are welcome to write it in comment here or at <a href=\"https:\/\/gist.github.com\/grambas\/2e197181e17200c4f84d9a561815fa2a\">Github<\/a>. Mostly everything are commented so to understand code should be not problem.<\/p>\n<p><!--more--><\/p>\n<style>.gist table { margin-bottom: 0; }<\/style>\n<div style=\"tab-size: 8\" id=\"gist47319078\" class=\"gist\">\n<div class=\"gist-file\" translate=\"no\" data-color-mode=\"light\" data-light-theme=\"light\">\n<div class=\"gist-data\">\n<div class=\"js-gist-file-update-container js-task-list-container\">\n<div id=\"file-nginx-conf\" class=\"file my-2\">\n<div itemprop=\"text\"\n      class=\"Box-body p-0 blob-wrapper data type-nginx  \"\n      style=\"overflow: auto\" tabindex=\"0\" role=\"region\"\n      aria-label=\"nginx.conf content, created by grambas on 07:12PM on May 03, 2017.\"\n    ><\/p>\n<div class=\"js-check-hidden-unicode js-blob-code-container blob-code-content\">\n<p>  <template class=\"js-file-alert-template\"><\/p>\n<div data-view-component=\"true\" class=\"flash flash-warn flash-full d-flex flex-items-center\">\n  <svg aria-hidden=\"true\" height=\"16\" viewBox=\"0 0 16 16\" version=\"1.1\" width=\"16\" data-view-component=\"true\" class=\"octicon octicon-alert\">\n    <path d=\"M6.457 1.047c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0 1 14.082 15H1.918a1.75 1.75 0 0 1-1.543-2.575Zm1.763.707a.25.25 0 0 0-.44 0L1.698 13.132a.25.25 0 0 0 .22.368h12.164a.25.25 0 0 0 .22-.368Zm.53 3.996v2.5a.75.75 0 0 1-1.5 0v-2.5a.75.75 0 0 1 1.5 0ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z\"><\/path>\n<\/svg><br \/>\n    <span><br \/>\n      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.<br \/>\n      <a class=\"Link--inTextBlock\" href=\"https:\/\/github.co\/hiddenchars\" target=\"_blank\">Learn more about bidirectional Unicode characters<\/a><br \/>\n    <\/span><\/p>\n<div data-view-component=\"true\" class=\"flash-action\">        <a href=\"{{ revealButtonHref }}\" data-view-component=\"true\" class=\"btn-sm btn\">    Show hidden characters<br \/>\n<\/a>\n<\/div>\n<\/div>\n<p><\/template><br \/>\n<template class=\"js-line-alert-template\"><br \/>\n  <span aria-label=\"This line has hidden Unicode characters\" data-view-component=\"true\" class=\"line-alert tooltipped tooltipped-e\"><br \/>\n    <svg aria-hidden=\"true\" height=\"16\" viewBox=\"0 0 16 16\" version=\"1.1\" width=\"16\" data-view-component=\"true\" class=\"octicon octicon-alert\">\n    <path d=\"M6.457 1.047c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0 1 14.082 15H1.918a1.75 1.75 0 0 1-1.543-2.575Zm1.763.707a.25.25 0 0 0-.44 0L1.698 13.132a.25.25 0 0 0 .22.368h12.164a.25.25 0 0 0 .22-.368Zm.53 3.996v2.5a.75.75 0 0 1-1.5 0v-2.5a.75.75 0 0 1 1.5 0ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z\"><\/path>\n<\/svg><br \/>\n<\/span><\/template><\/p>\n<table data-hpc class=\"highlight tab-size js-file-line-container\" data-tab-size=\"4\" data-paste-markdown-skip data-tagsearch-path=\"nginx.conf\">\n<tr>\n<td id=\"file-nginx-conf-L1\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"1\"><\/td>\n<td id=\"file-nginx-conf-LC1\" class=\"blob-code blob-code-inner js-file-line\">user www-data;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L2\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"2\"><\/td>\n<td id=\"file-nginx-conf-LC2\" class=\"blob-code blob-code-inner js-file-line\">worker_processes 1;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L3\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"3\"><\/td>\n<td id=\"file-nginx-conf-LC3\" class=\"blob-code blob-code-inner js-file-line\">pid \/run\/nginx.pid;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L4\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"4\"><\/td>\n<td id=\"file-nginx-conf-LC4\" class=\"blob-code blob-code-inner js-file-line\">events {<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L5\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"5\"><\/td>\n<td id=\"file-nginx-conf-LC5\" class=\"blob-code blob-code-inner js-file-line\">    worker_connections 1024;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L6\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"6\"><\/td>\n<td id=\"file-nginx-conf-LC6\" class=\"blob-code blob-code-inner js-file-line\">    multi_accept on;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L7\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"7\"><\/td>\n<td id=\"file-nginx-conf-LC7\" class=\"blob-code blob-code-inner js-file-line\">}<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L8\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"8\"><\/td>\n<td id=\"file-nginx-conf-LC8\" class=\"blob-code blob-code-inner js-file-line\">http {<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L9\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"9\"><\/td>\n<td id=\"file-nginx-conf-LC9\" class=\"blob-code blob-code-inner js-file-line\">    #don&#39;t send the nginx version number in error pages and Server header<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L10\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"10\"><\/td>\n<td id=\"file-nginx-conf-LC10\" class=\"blob-code blob-code-inner js-file-line\">    server_tokens off;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L11\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"11\"><\/td>\n<td id=\"file-nginx-conf-LC11\" class=\"blob-code blob-code-inner js-file-line\">    proxy_hide_header X-Powered-By;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L12\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"12\"><\/td>\n<td id=\"file-nginx-conf-LC12\" class=\"blob-code blob-code-inner js-file-line\">        more_set_headers &#39;Server: Windows 98&#39;; #trololo<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L13\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"13\"><\/td>\n<td id=\"file-nginx-conf-LC13\" class=\"blob-code blob-code-inner js-file-line\">    # config to don&#39;t allow the browser to render the page inside an frame or iframe<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L14\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"14\"><\/td>\n<td id=\"file-nginx-conf-LC14\" class=\"blob-code blob-code-inner js-file-line\">    # and avoid clickjacking http:\/\/en.wikipedia.org\/wiki\/Clickjacking<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L15\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"15\"><\/td>\n<td id=\"file-nginx-conf-LC15\" class=\"blob-code blob-code-inner js-file-line\">    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L16\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"16\"><\/td>\n<td id=\"file-nginx-conf-LC16\" class=\"blob-code blob-code-inner js-file-line\">    # https:\/\/developer.mozilla.org\/en-US\/docs\/HTTP\/X-Frame-Options<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L17\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"17\"><\/td>\n<td id=\"file-nginx-conf-LC17\" class=\"blob-code blob-code-inner js-file-line\">    add_header X-Frame-Options SAMEORIGIN;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L18\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"18\"><\/td>\n<td id=\"file-nginx-conf-LC18\" class=\"blob-code blob-code-inner js-file-line\">    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L19\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"19\"><\/td>\n<td id=\"file-nginx-conf-LC19\" class=\"blob-code blob-code-inner js-file-line\">    # to disable content-type sniffing on some browsers.<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L20\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"20\"><\/td>\n<td id=\"file-nginx-conf-LC20\" class=\"blob-code blob-code-inner js-file-line\">    # https:\/\/www.owasp.org\/index.php\/List_of_useful_HTTP_headers<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L21\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"21\"><\/td>\n<td id=\"file-nginx-conf-LC21\" class=\"blob-code blob-code-inner js-file-line\">    # currently suppoorted in IE &gt; 8 http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/09\/02\/ie8-security-part-vi-beta-2-update.aspx<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L22\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"22\"><\/td>\n<td id=\"file-nginx-conf-LC22\" class=\"blob-code blob-code-inner js-file-line\">    # http:\/\/msdn.microsoft.com\/en-us\/library\/ie\/gg622941(v=vs.85).aspx<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L23\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"23\"><\/td>\n<td id=\"file-nginx-conf-LC23\" class=\"blob-code blob-code-inner js-file-line\">    # &#39;soon&#39; on Firefox https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=471020<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L24\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"24\"><\/td>\n<td id=\"file-nginx-conf-LC24\" class=\"blob-code blob-code-inner js-file-line\">    add_header X-Content-Type-Options nosniff;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L25\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"25\"><\/td>\n<td id=\"file-nginx-conf-LC25\" class=\"blob-code blob-code-inner js-file-line\">    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L26\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"26\"><\/td>\n<td id=\"file-nginx-conf-LC26\" class=\"blob-code blob-code-inner js-file-line\">    # It&#39;s usually enabled by default anyway, so the role of this header is to re-enable the filter for <\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L27\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"27\"><\/td>\n<td id=\"file-nginx-conf-LC27\" class=\"blob-code blob-code-inner js-file-line\">    # this particular website if it was disabled by the user.<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L28\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"28\"><\/td>\n<td id=\"file-nginx-conf-LC28\" class=\"blob-code blob-code-inner js-file-line\">    # https:\/\/www.owasp.org\/index.php\/List_of_useful_HTTP_headers<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L29\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"29\"><\/td>\n<td id=\"file-nginx-conf-LC29\" class=\"blob-code blob-code-inner js-file-line\">    add_header X-XSS-Protection &quot;1; mode=block&quot;;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L30\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"30\"><\/td>\n<td id=\"file-nginx-conf-LC30\" class=\"blob-code blob-code-inner js-file-line\">    # config to enable HSTS(HTTP Strict Transport Security) https:\/\/developer.mozilla.org\/en-US\/docs\/Security\/HTTP_Strict_Transport_Security<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L31\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"31\"><\/td>\n<td id=\"file-nginx-conf-LC31\" class=\"blob-code blob-code-inner js-file-line\">    # to avoid ssl stripping https:\/\/en.wikipedia.org\/wiki\/SSL_stripping#SSL_stripping<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L32\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"32\"><\/td>\n<td id=\"file-nginx-conf-LC32\" class=\"blob-code blob-code-inner js-file-line\">    add_header Strict-Transport-Security &quot;max-age=31536000; includeSubdomains;&quot;;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L33\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"33\"><\/td>\n<td id=\"file-nginx-conf-LC33\" class=\"blob-code blob-code-inner js-file-line\">    ### Directive describes the zone, in which the session states are stored i.e. store in slimits. ###<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L34\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"34\"><\/td>\n<td id=\"file-nginx-conf-LC34\" class=\"blob-code blob-code-inner js-file-line\">    ### 1m can handle 32000 sessions with 32 bytes\/session, set to 5m x 32000 session ###<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L35\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"35\"><\/td>\n<td id=\"file-nginx-conf-LC35\" class=\"blob-code blob-code-inner js-file-line\">       limit_zone slimits $binary_remote_addr 5m; #maybe be depreciated (google it)<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L36\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"36\"><\/td>\n<td id=\"file-nginx-conf-LC36\" class=\"blob-code blob-code-inner js-file-line\"> <\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L37\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"37\"><\/td>\n<td id=\"file-nginx-conf-LC37\" class=\"blob-code blob-code-inner js-file-line\">    ### Control maximum number of simultaneous connections for one session i.e. ###<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L38\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"38\"><\/td>\n<td id=\"file-nginx-conf-LC38\" class=\"blob-code blob-code-inner js-file-line\">    ### restricts the amount of connections from a single ip address ###<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L39\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"39\"><\/td>\n<td id=\"file-nginx-conf-LC39\" class=\"blob-code blob-code-inner js-file-line\">        limit_conn slimits 5; #maybe be depreciated (google it)<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L40\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"40\"><\/td>\n<td id=\"file-nginx-conf-LC40\" class=\"blob-code blob-code-inner js-file-line\">    ##Controlling Buffer Overflow Attacks<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L41\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"41\"><\/td>\n<td id=\"file-nginx-conf-LC41\" class=\"blob-code blob-code-inner js-file-line\">    client_max_body_size 20M;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L42\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"42\"><\/td>\n<td id=\"file-nginx-conf-LC42\" class=\"blob-code blob-code-inner js-file-line\">    client_body_buffer_size 15K;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L43\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"43\"><\/td>\n<td id=\"file-nginx-conf-LC43\" class=\"blob-code blob-code-inner js-file-line\">    client_body_timeout 12;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L44\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"44\"><\/td>\n<td id=\"file-nginx-conf-LC44\" class=\"blob-code blob-code-inner js-file-line\">    client_header_timeout 12;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L45\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"45\"><\/td>\n<td id=\"file-nginx-conf-LC45\" class=\"blob-code blob-code-inner js-file-line\">    keepalive_timeout 15;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L46\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"46\"><\/td>\n<td id=\"file-nginx-conf-LC46\" class=\"blob-code blob-code-inner js-file-line\">    send_timeout 10;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L47\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"47\"><\/td>\n<td id=\"file-nginx-conf-LC47\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L48\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"48\"><\/td>\n<td id=\"file-nginx-conf-LC48\" class=\"blob-code blob-code-inner js-file-line\">    # Basic Settings<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L49\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"49\"><\/td>\n<td id=\"file-nginx-conf-LC49\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L50\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"50\"><\/td>\n<td id=\"file-nginx-conf-LC50\" class=\"blob-code blob-code-inner js-file-line\">    sendfile on;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L51\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"51\"><\/td>\n<td id=\"file-nginx-conf-LC51\" class=\"blob-code blob-code-inner js-file-line\">    tcp_nopush on;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L52\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"52\"><\/td>\n<td id=\"file-nginx-conf-LC52\" class=\"blob-code blob-code-inner js-file-line\">    tcp_nodelay on;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L53\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"53\"><\/td>\n<td id=\"file-nginx-conf-LC53\" class=\"blob-code blob-code-inner js-file-line\">    types_hash_max_size 2048;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L54\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"54\"><\/td>\n<td id=\"file-nginx-conf-LC54\" class=\"blob-code blob-code-inner js-file-line\">    include \/etc\/nginx\/mime.types;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L55\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"55\"><\/td>\n<td id=\"file-nginx-conf-LC55\" class=\"blob-code blob-code-inner js-file-line\">    default_type application\/octet-stream;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L56\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"56\"><\/td>\n<td id=\"file-nginx-conf-LC56\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L57\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"57\"><\/td>\n<td id=\"file-nginx-conf-LC57\" class=\"blob-code blob-code-inner js-file-line\">    # Logging Settings<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L58\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"58\"><\/td>\n<td id=\"file-nginx-conf-LC58\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L59\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"59\"><\/td>\n<td id=\"file-nginx-conf-LC59\" class=\"blob-code blob-code-inner js-file-line\">    access_log \/srv\/LOGS\/nginx-access.log;    #@CHANGE TO LOG YOUR LOGFILE<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L60\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"60\"><\/td>\n<td id=\"file-nginx-conf-LC60\" class=\"blob-code blob-code-inner js-file-line\">    error_log  \/src\/LOGS\/nginx-error.log;    #@CHANGE TO LOG YOUR LOGFILE<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L61\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"61\"><\/td>\n<td id=\"file-nginx-conf-LC61\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L62\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"62\"><\/td>\n<td id=\"file-nginx-conf-LC62\" class=\"blob-code blob-code-inner js-file-line\">    # Gzip Settings<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L63\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"63\"><\/td>\n<td id=\"file-nginx-conf-LC63\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L64\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"64\"><\/td>\n<td id=\"file-nginx-conf-LC64\" class=\"blob-code blob-code-inner js-file-line\">    gzip_disable &quot;msie6&quot;;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L65\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"65\"><\/td>\n<td id=\"file-nginx-conf-LC65\" class=\"blob-code blob-code-inner js-file-line\">    gzip on;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L66\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"66\"><\/td>\n<td id=\"file-nginx-conf-LC66\" class=\"blob-code blob-code-inner js-file-line\">    gzip_comp_level 2;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L67\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"67\"><\/td>\n<td id=\"file-nginx-conf-LC67\" class=\"blob-code blob-code-inner js-file-line\">    gzip_min_length 1000;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L68\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"68\"><\/td>\n<td id=\"file-nginx-conf-LC68\" class=\"blob-code blob-code-inner js-file-line\">    gzip_buffers  4 32k;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L69\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"69\"><\/td>\n<td id=\"file-nginx-conf-LC69\" class=\"blob-code blob-code-inner js-file-line\">    gzip_types    text\/plain application\/x-javascript text\/xml text\/css  application\/xml;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L70\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"70\"><\/td>\n<td id=\"file-nginx-conf-LC70\" class=\"blob-code blob-code-inner js-file-line\">    gzip_vary on;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L71\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"71\"><\/td>\n<td id=\"file-nginx-conf-LC71\" class=\"blob-code blob-code-inner js-file-line\">    # end gzip configuration<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L72\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"72\"><\/td>\n<td id=\"file-nginx-conf-LC72\" class=\"blob-code blob-code-inner js-file-line\">    <\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L73\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"73\"><\/td>\n<td id=\"file-nginx-conf-LC73\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L74\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"74\"><\/td>\n<td id=\"file-nginx-conf-LC74\" class=\"blob-code blob-code-inner js-file-line\">    # Virtual Host Configs<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L75\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"75\"><\/td>\n<td id=\"file-nginx-conf-LC75\" class=\"blob-code blob-code-inner js-file-line\">    ##<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L76\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"76\"><\/td>\n<td id=\"file-nginx-conf-LC76\" class=\"blob-code blob-code-inner js-file-line\">    include \/etc\/nginx\/conf.d\/*.conf;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L77\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"77\"><\/td>\n<td id=\"file-nginx-conf-LC77\" class=\"blob-code blob-code-inner js-file-line\">    include \/etc\/nginx\/sites-enabled\/*;<\/td>\n<\/tr>\n<tr>\n<td id=\"file-nginx-conf-L78\" class=\"blob-num js-line-number js-blob-rnum\" data-line-number=\"78\"><\/td>\n<td id=\"file-nginx-conf-LC78\" class=\"blob-code blob-code-inner js-file-line\">}<\/td>\n<\/tr>\n<\/table>\n<\/div><\/div>\n<\/p><\/div>\n<\/div><\/div>\n<div class=\"gist-meta\">\n        <a href=\"https:\/\/gist.github.com\/grambas\/a978ae5cdea456a5f8a55796a6cd6e7f\/raw\/b25bea8d5fb30105ae701c191f0c9946f70f6c45\/nginx.conf\" style=\"float:right\" class=\"Link--inTextBlock\">view raw<\/a><br \/>\n        <a href=\"https:\/\/gist.github.com\/grambas\/a978ae5cdea456a5f8a55796a6cd6e7f#file-nginx-conf\" class=\"Link--inTextBlock\"><br \/>\n          nginx.conf<br \/>\n        <\/a><br \/>\n        hosted with &#10084; by <a class=\"Link--inTextBlock\" href=\"https:\/\/github.com\">GitHub<\/a>\n      <\/div>\n<\/p><\/div>\n<\/div>\n<h1>UPDATE:<\/h1>\n<p>If you want more advanced solution, you can try an\u00a0\u00a0comprehensive config:<a href=\"https:\/\/github.com\/mitchellkrogza\/nginx-ultimate-bad-bot-blocker\">\u00a0<strong>Nginx Bad Bot and User-Agent Blocker, Spam Referrer Blocker, Anti DDOS, Bad IP Blocker and WordPress Theme Detector Blocker<\/strong><\/a><strong>\u00a0<\/strong>. With it server config file looks clearer, because #1-#11 and #47-#51 lines \u00a0(<em>map $http_user_agent $limit_bots&#8230;<\/em>) now is <strong>not\u00a0necessary.\u00a0<\/strong><\/p>\n<p>After nginx reload you can test it at:\u00a0<a href=\"https:\/\/asafaweb.com\/\">https:\/\/asafaweb.com\/<\/a>\u00a0. My results for example:<\/p>\n<figure id=\"attachment_120\" aria-describedby=\"caption-attachment-120\" style=\"width: 972px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09.png\"><img data-attachment-id=\"120\" data-permalink=\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/attachment\/chrome_2017-05-11_14-48-09\/\" data-orig-file=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09.png\" data-orig-size=\"972,345\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"server secire check\" data-image-description=\"&lt;p&gt;server secire check&lt;\/p&gt;\n\" data-image-caption=\"&lt;p&gt;server secire check&lt;\/p&gt;\n\" data-medium-file=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09-300x106.png\" data-large-file=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09.png\" loading=\"lazy\" class=\"wp-image-120 size-full\" src=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09.png\" alt=\"server secire check\" width=\"972\" height=\"345\" srcset=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09.png 972w, https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09-300x106.png 300w, https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/chrome_2017-05-11_14-48-09-768x273.png 768w\" sizes=\"(max-width: 972px) 100vw, 972px\" \/><\/a><figcaption id=\"caption-attachment-120\" class=\"wp-caption-text\">server secire check<\/figcaption><\/figure>\n<p>and from<a href=\"https:\/\/wssa.beyondsecurity.com\">\u00a0https:\/\/beyondsecurity.com<\/a><\/p>\n<figure id=\"attachment_122\" aria-describedby=\"caption-attachment-122\" style=\"width: 738px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa.png\"><img data-attachment-id=\"122\" data-permalink=\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/attachment\/wssa\/\" data-orig-file=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa.png\" data-orig-size=\"738,471\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wssa security check\" data-image-description=\"&lt;p&gt;wssa security check&lt;\/p&gt;\n\" data-image-caption=\"&lt;p&gt;wssa security check&lt;\/p&gt;\n\" data-medium-file=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa-300x191.png\" data-large-file=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa.png\" loading=\"lazy\" class=\"size-full wp-image-122\" src=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa.png\" alt=\"wssa security check\" width=\"738\" height=\"471\" srcset=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa.png 738w, https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/wssa-300x191.png 300w\" sizes=\"(max-width: 738px) 100vw, 738px\" \/><\/a><figcaption id=\"caption-attachment-122\" class=\"wp-caption-text\">wssa security check<\/figcaption><\/figure>\n<p>Results a re really impresive, but do not forget. Its only basic prevention from bots and low level hackers. Anyway if you are not building website for governmentit should be okey \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After some research and digging, I made my nginx and domain configuration files. If I have something missed, you are welcome to write it in comment here or at Github. Mostly everything are commented so to understand code should be not problem.<\/p>\n","protected":false},"author":1,"featured_media":116,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"Secure Nginx webserver configuration","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[11,18,14,16],"tags":[17],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Secure Nginx configuration - Mindau | Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Nginx configuration - Mindau | Blog\" \/>\n<meta property=\"og:description\" content=\"After some research and digging, I made my nginx and domain configuration files. If I have something missed, you are welcome to write it in comment here or at Github. Mostly everything are commented so to understand code should be not problem.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\" \/>\n<meta property=\"og:site_name\" content=\"Mindau | Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-05-03T18:28:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-21T21:42:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/nginx-secure-configuration.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"650\" \/>\n\t<meta property=\"og:image:height\" content=\"650\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mindau\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MindaugasMilius\" \/>\n<meta name=\"twitter:site\" content=\"@MindaugasMilius\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mindau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\"},\"author\":{\"name\":\"Mindau\",\"@id\":\"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998\"},\"headline\":\"Secure Nginx configuration\",\"datePublished\":\"2017-05-03T18:28:08+00:00\",\"dateModified\":\"2019-01-21T21:42:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\"},\"wordCount\":186,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998\"},\"keywords\":[\"nginx\"],\"articleSection\":[\"Linux\",\"Security\",\"Tutorials\",\"Webserver\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\",\"url\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\",\"name\":\"Secure Nginx configuration - Mindau | Blog\",\"isPartOf\":{\"@id\":\"https:\/\/mindau.de\/blog\/#website\"},\"datePublished\":\"2017-05-03T18:28:08+00:00\",\"dateModified\":\"2019-01-21T21:42:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/mindau.de\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure Nginx configuration\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mindau.de\/blog\/#website\",\"url\":\"https:\/\/mindau.de\/blog\/\",\"name\":\"Mindau | Blog\",\"description\":\"Mindaugas Milius\",\"publisher\":{\"@id\":\"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mindau.de\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998\",\"name\":\"Mindau\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mindau.de\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2022\/02\/1639431846236.jpeg\",\"contentUrl\":\"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2022\/02\/1639431846236.jpeg\",\"width\":250,\"height\":250,\"caption\":\"Mindau\"},\"logo\":{\"@id\":\"https:\/\/mindau.de\/blog\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/mindau.de\",\"https:\/\/www.linkedin.com\/in\/mindaugasmilius\/\",\"https:\/\/twitter.com\/MindaugasMilius\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Secure Nginx configuration - Mindau | Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/","og_locale":"en_US","og_type":"article","og_title":"Secure Nginx configuration - Mindau | Blog","og_description":"After some research and digging, I made my nginx and domain configuration files. If I have something missed, you are welcome to write it in comment here or at Github. Mostly everything are commented so to understand code should be not problem.","og_url":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/","og_site_name":"Mindau | Blog","article_published_time":"2017-05-03T18:28:08+00:00","article_modified_time":"2019-01-21T21:42:39+00:00","og_image":[{"width":650,"height":650,"url":"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/nginx-secure-configuration.jpg","type":"image\/jpeg"}],"author":"Mindau","twitter_card":"summary_large_image","twitter_creator":"@MindaugasMilius","twitter_site":"@MindaugasMilius","twitter_misc":{"Written by":"Mindau","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#article","isPartOf":{"@id":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/"},"author":{"name":"Mindau","@id":"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998"},"headline":"Secure Nginx configuration","datePublished":"2017-05-03T18:28:08+00:00","dateModified":"2019-01-21T21:42:39+00:00","mainEntityOfPage":{"@id":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/"},"wordCount":186,"commentCount":0,"publisher":{"@id":"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998"},"keywords":["nginx"],"articleSection":["Linux","Security","Tutorials","Webserver"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/","url":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/","name":"Secure Nginx configuration - Mindau | Blog","isPartOf":{"@id":"https:\/\/mindau.de\/blog\/#website"},"datePublished":"2017-05-03T18:28:08+00:00","dateModified":"2019-01-21T21:42:39+00:00","breadcrumb":{"@id":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/mindau.de\/blog\/en\/how-to-tutorials\/secure-nginx-configuration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mindau.de\/blog\/"},{"@type":"ListItem","position":2,"name":"Secure Nginx configuration"}]},{"@type":"WebSite","@id":"https:\/\/mindau.de\/blog\/#website","url":"https:\/\/mindau.de\/blog\/","name":"Mindau | Blog","description":"Mindaugas Milius","publisher":{"@id":"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mindau.de\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/mindau.de\/blog\/#\/schema\/person\/b59ad18a46b5a55b9319b41779682998","name":"Mindau","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mindau.de\/blog\/#\/schema\/person\/image\/","url":"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2022\/02\/1639431846236.jpeg","contentUrl":"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2022\/02\/1639431846236.jpeg","width":250,"height":250,"caption":"Mindau"},"logo":{"@id":"https:\/\/mindau.de\/blog\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/mindau.de","https:\/\/www.linkedin.com\/in\/mindaugasmilius\/","https:\/\/twitter.com\/MindaugasMilius"]}]}},"jetpack_featured_media_url":"https:\/\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/nginx-secure-configuration.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pcptsa-1N","jetpack-related-posts":[{"id":93,"url":"https:\/\/mindau.de\/blog\/en\/send-notifications-linux-fail2ban-ssh-auth-actions-slack\/","url_meta":{"origin":111,"position":0},"title":"How to send notifications from Linux fail2ban, ssh auth and other actions to Slack","date":"April 27, 2017","format":false,"excerpt":"For this approach i will use my slackpost.sh script to send messages to Slack. More info about it you can find -\u00a0https:\/\/mindau.de\/blog\/en\/en-post-messages-slack-linux\/ fail2ban How to install and configure fail2ban you can find for example here -\u00a0https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04 Now edit fail2ban jail.local file sudo nano \/etc\/fail2ban\/jail.local add \"slack\" hook where you want\u2026","rel":"","context":"In &quot;English&quot;","img":{"alt_text":"slack notification example","src":"https:\/\/i0.wp.com\/mindau.de\/blog\/wp-content\/uploads\/2017\/04\/slack_2017-04-27_19-02-45.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":82,"url":"https:\/\/mindau.de\/blog\/en\/simple-way-monitor-websites-linux\/","url_meta":{"origin":111,"position":1},"title":"[EN] Simple way to monitor websites in Linux with Slack","date":"April 27, 2017","format":false,"excerpt":"Mostly is very usefull to know if one or another website is down. Here is simple example to monitor your websites: https:\/\/gist.github.com\/6950da61b5ad31185931ddb2c0f9ecab#file-monitor-websites-sh sites.txt example website1.com website2.com Now you can add it to crontab. Type crontab -e and insert: # ping websites every minute * * * * * \/path\/to\/monitor-websites.sh >\u2026","rel":"","context":"In &quot;English&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":288,"url":"https:\/\/mindau.de\/blog\/en\/auto-webserver-and-database-backup-with-gpg-encryption-to-amazon-s3\/","url_meta":{"origin":111,"position":2},"title":"Auto webserver and database backup with GPG encryption to Amazon S3","date":"December 15, 2017","format":false,"excerpt":"In this tutorial I will show you step-by-step\u00a0 instructions how to make cheap and secure encrypted backups of you webserver (or any other dir)\u00a0 files on you linux\u00a0 server using Amazon Storage Service Create Bucket and User at Amazon AWS Some links that we will need Amazon Console link -\u2026","rel":"","context":"In &quot;English&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":72,"url":"https:\/\/mindau.de\/blog\/en\/en-post-messages-slack-linux\/","url_meta":{"origin":111,"position":3},"title":"[EN] Post messages to slack from linux","date":"April 27, 2017","format":false,"excerpt":"Firstly you need to create webhook url in slack. How to do it you can find at\u00a0https:\/\/www.programmableweb.com\/news\/how-to-integrate-webhooks-slack-api\/how-to\/2015\/10\/20 Secondly you need for example a bash script. My version you can find\u00a0in gist: https:\/\/gist.github.com\/67ef18335aa4fb8576bd9a89092b0a18#file-slackpost-sh For comfort usage I\u00a0have copied it to bin folder cp \/current\/path\/to\/slackpost.sh \/usr\/local\/bin\/slackpost.sh chmod +x \/usr\/local\/bin\/slackpost.sh Now you cant\u2026","rel":"","context":"In &quot;English&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":145,"url":"https:\/\/mindau.de\/blog\/lt\/saugumo-gidas-kuri-turetu-zinoti-visi-interneto-naudotojai\/","url_meta":{"origin":111,"position":4},"title":"Saugumo gidas kur\u012f tur\u0117t\u0173 \u017einoti visi interneto naudotojai","date":"May 19, 2017","format":false,"excerpt":"Profesionaliame pasaulyje verda daug diskusij\u0173 apie programin\u0117s \u012frangos saugum\u0105 ir jos spragas. Visi skub\u0105 kaltinti vien\u0105 ar kit\u0105 operacin\u0119 sistem\u0105 ir r\u0117kauti kaip viskas nesaugu, ta\u010diau da\u017eniausiai hakeri\u0173 aukomis tampama per \u017emogi\u0161k\u0105j\u012f faktori\u0173. \u0160iuo straipsniu bandysiu apr\u0117pti elementariausius b\u016bdus ir elgsen\u0105 su kompiuteriu, kuriuos tur\u0117t\u0173 \u017einoti kiekvienas besinaudojantis internetu. Susira\u0161in\u0117jimo\u2026","rel":"","context":"In &quot;Lietuvi\u0173 k.&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/hacker-1952027_640.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":104,"url":"https:\/\/mindau.de\/blog\/en\/raspberry-pi-garden-assistant-project\/","url_meta":{"origin":111,"position":5},"title":"Raspberry Pi Garden Assistant Project","date":"May 31, 2017","format":false,"excerpt":"Project Plan and Goals The idea is to make smart garden house. Main tasks is to provide internet from mobile sim card to WiFi access point, automatizes mart watering and log some interesting data. This is my TO DO list. I will\u00a0continually update it by adding links to details. Internet\u2026","rel":"","context":"In &quot;English&quot;","img":{"alt_text":"Garden Project Scheme","src":"https:\/\/i0.wp.com\/mindau.de\/blog\/wp-content\/uploads\/2017\/05\/download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/posts\/111"}],"collection":[{"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":8,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"predecessor-version":[{"id":317,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/posts\/111\/revisions\/317"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/media\/116"}],"wp:attachment":[{"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mindau.de\/blog\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}