• Home
  • WP tuts
  • Hosting talk
    • Free hosting
    • Cheap Hosting
    • comparison cloud , vps, shared, wordpress
    • managed wordpress hosting
    • managed cloud hosting
  • Speed up wordpress
  • Pc world
  • Services
  • About Me

RAaz Kumar .com

wordpress tutorials seo hosting etc

Top 10 tips to improve nginx server security

 

inorder to implement security rules, first we know the types attacks & vulnerabilities of server, or linux kernel.

most common attacks are

#1 brute force attacks ddos (to take down the server)

#2 SQL injection (to gain access to database to steal valuable info like customer credit card details)

#3XSS cross site injection

sending post requests from their severs, to our database.

#4 application level vulnerabilities, kernel level etc.

 

 

 

rate limiting

we can configure it in nginx.conf
blocking certain ip address , once it reaches the maximum request per second.
this way we can avoid brute force attacks

disable unwanted modules /install with required modules

so we limit operation
less exposure
# ./configure –without-http_autoindex_module
# make
# make install

Disable nginx server_tokens

server_tokens off
in nginx.conf

avoid large buffer size

large_client_header_buffers
client_max_body_size
client_header_buffer_size
client_body_buffer_size

disable unwanted methods

location /
{limit_except GET HEAD POST { deny all; }}
unwanted methods like delete trace blocks by nginx.

install mod security or other waf solutions

setup critical access loge for convienent
error_log logs/error.log crit;

Monitor nginx with status module /New relic / datadog

nginx statut module free but you need recompile the nginx.
or follow the approache how to use nginx dynamic modules
New relic & data dog server & application monitoring services at entrepreneur level.
also try netdata.
my recommendation is newrelic, you can also track on android app.

#add security headers

disable iframes on other websites
add_header X-Frame-Options “SAMEORIGIN”;

Strict-Transport-Security only https

add_header Strict-Transport-Security “max-age=31536000; includeSubdomains; preload”;

CSP and X-XSS-Protection headers

CSP
content security policy, xss crosite scripting attacks,
you must understand the policies must before yding this.
add_header Content-Security-Policy “default-src ‘self’ http: https: data: blob: ‘unsafe-inline'” always;
Xss
getting data from your server database by post requests .
add_header X-XSS-Protection “1; mode=block”;

Confogure latest ssl vesions & ciphersuites

ssl 3 or tls 1 version old its easy to hckable.
tsl 1.2 also some vulnarebilies
tls 1.3 new but almost all browser supports now as on 2020
ssl_protocols TLSv1.2 TLSv1.3
ciphersuites Based on server not from user
ssl_prefer_server_ciphers on;

update nginx upto date

to know what’s they fixed, added new features.
always do
apt-update
upgrable command
thrn check details on their website nginx.org
to check nginx security
Install gixy
pip install gixy
&run
gixy
it checks
/etc/nginx/nginx.conf
iptables /ufw /firewall d also helps to strengthen the security.
https://github.com/yandex/gixy
https://www.digitalocean.com/community/tools/nginx?domains.1.server.domain=example2.com

Related topics:

  1. nginx modules list (enable, disable, upgrade, install dynamic module)
  2. nginx conf explained best config file performance tuning nginx.conf
  3. nginx server tutorials (installation, configuration, performance tuning, security)
  4. 3 Ways (SCP, rsync, Sftp) linux server migration between two remote server apache nginx
  5. apache server tutorial (install,config, performance tuning, security, error handling)




tutorials

  • Android Studio tutorials syllabus Topics Course details #AndroidApplicationDevelopment
  • xampp tutorials 2021 installation errors fix wordpress phpmyadmin mysql apache
  • Devops Syllabus topics PDF
  • CCNA Syllabus pdf (CCNA / CCNP vs devops vs mcsa /MCSE)
  • how to create a website free of cost on google
  • what is vpn vs proxy vs tor, http vs https, http2, tcp vs udp, kali linux sql source code injection
  • nginx server tutorials (installation, configuration, performance tuning, security)
    • nginx modules list (enable, disable, upgrade, install dynamic module)
    • monitor nginx request with nginx status amplify datadog new relic
    • nginx installation on ubuntu 20.04 LTS
    • Redis performance metrics & tuning for nginx apache ubuntu & debian
    • enable brotli compression nginx brotli vs gzip
    • nginx performance tuning
    • Top 10 tips to improve nginx server security
    • letsencrypt install configure on ubuntu / debian nginx
    • what is TTFB & how to Reduce it (server response time) Google pagespeed
    • enable php fpm status page, monitor & understand the report to tweak performance
    • 2021 php fpm pool manager configuration settings based on server spike
    • Letsencrypt SSL Installation on apache/Nginx ubuntu / debian
    • nginx rewrite rules with examples 301 redirection
    • use nginx as reverse proxy and load balancer for apache wordpress
    • nginx conf explained best config file performance tuning nginx.conf
    • nginx errors (504,502, 413, unable to start, syntax errors)
    • Pagespeed module install, configure, monitor, errors ft nginx &apache
    • Apache vs nginx (connection handling, modules, memory usage)
    • install lemp Linux, Nginx 1.15.12, MySQL 8, PHP fpm 7.3 on Ubuntu 18.04
    • nginx fastcgi cache wordpress how to configure
    • Redis / memcached installation on ubuntu 20.04 with wordpress mysql configuration
    • cloudflare timeout error 522 524 fix by increasing limit
  • Vivek Bindra Videos Transcription (business strategy)
  • AUdio Editing Background Noise removal (Audacity, Adobe Premiere Addition, Camtasia Filmora Windows Obs)
  • MySQL Tutorial (create,connect database, update tables, export etc) Documentation & TIPS
  • [INTRO] Ethical hacking / cyber Security / Penetration testing Tutorial -{updates frequently}
  • ubuntu tutorials installation download issues etc
  • Php tutorials
  • HTML & CSS Tutorials
  • Core Java Tutorial Free online
  • Linux sysadmin tutorials linux system administrator
  • apache server tutorial (install,config, performance tuning, security, error handling)

About

 

raaz kumar comI am Raaz Kumar, Most Of the time in a day , I Spend on WordPress, Hosting, Server related issues, So i decided write clean posts from my personal notes, so it will be useful for every one like me. Read More,,

Please Support my work by sharing, it can helps to create free content like this.

Twitter

Facebook

Youtube

 

PUBG Mobile Tips & Tricks

free fire how to play (a-z guide) guns, tips & tricks etc

Windows 10 tips & tricks

Pagespeed optimization

Pc building tips & tricks

nginx server tutorials

apache server tutorials

linux sysadmin tutorials

mysql Commands list pdf

Android studio tutorials

Gaming/ streaming tips

Airtel dth channel list

 

wordpress

 

Top 5  WP Google Analytics Plugins

WP Backup Plugins

Wp Comment Plugins

Top wordpress Security Plugins

WP Seo Plugins

WP Caching Plugins

Best Adsense Plugins for WordPress

Wp social Sharing Plugins

autoshare social media plugins

WP speed Optimization Plugins

Speedup WordPress google Score

More Wp tuts

Server Admin Cloud

 

Installing Nginx LEMP On ubuntu

Installing apache Lamp ubuntu

nginx fastcgi cache enable

php – fpm install  & Configuration

Opcache install & Configure

php -fpm pool manager explained

Mysql Install & Configuration

Redis Object cache install & configure

 

Nginx as Reverse Proxy and Load balancer

Load Balance / auto scaling in google cloud

Linux Commands PDF

Mysql Commands Pdf

Letsencrypt tutorial

mysqldump export & import 

Pagespeed Module install & configure

nginx.conf best file

mysql.conf best file

upgrade ubuntu

© 2021 - All Rights Reserved Disclaimer & Privacy Policy