In this tutorial I will go through on how to secure your Nginx server, with the benifits of a boost in pagespeed.
A few Simple ways to Speedup & Secure it.
Step 1. Install an SSL certificate
Go to your Nginx website configuration file.
sudo nano /etc/nginx/conf.d/default.conf
Edit your configuration and make your server listen on port 443 with http2 instead.
listen 443 http2;
listen [::]:443 http2;
server_name localhost;
Then right under it, add the path to your SSL certificate keys.
ssl on;
ssl_certificate /etc/certificate/public/certificate.pem;
ssl_certificate_key /etc/certificate/private/certificate.key;
Save and exit.
Now put your public key in here:
sudo nano /etc/certificate/public/certificate.pem
And your private key in here:
sudo nano /etc/certificate/private/certificate.key
You have now installed your SSL certificate. Please restart your nginx server for the changes to take effect.
sudo systemctl restart nginx.service
Step 2. Nginx.conf – TLS 1.3 Other Settings
Navigate to your Nginx config file
sudo nano /etc/nginx/nginx.conf
Locate your SSL settings if you have any, if not put this under ‘http {‘
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# Optimize session cache
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
# Enable session tickets
ssl_session_tickets on;
It is also recommended to add secure headers.
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsaf$
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
To add Gzip compression:
# Gzip Settings
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 32 16k;
gzip_http_version 1.1;
gzip_min_length 250;
gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
Save and exit.
You can now restart your Nginx server to apply the changes.
sudo nano /etc/nginx/nginx.conf