{"id":43,"date":"2019-02-16T08:28:00","date_gmt":"2019-02-16T08:28:00","guid":{"rendered":"https:\/\/hostup.org\/blog\/?p=43"},"modified":"2021-01-24T20:46:13","modified_gmt":"2021-01-24T20:46:13","slug":"how-to-secure-your-nginx-server","status":"publish","type":"post","link":"https:\/\/hostup.se\/en\/blog\/how-to-secure-your-nginx-server\/","title":{"rendered":"How to Secure Your Nginx Server"},"content":{"rendered":"\n

In this tutorial I will go through on how to secure your Nginx server, with the benifits of a boost in pagespeed.<\/p>\n\n\n\n

A few Simple ways to Speedup & Secure it.<\/h2>\n\n\n\n

Step 1. Install an SSL certificate<\/h3>\n\n\n\n

Go to your Nginx website configuration file.<\/p>\n\n\n\n

sudo nano \/etc\/nginx\/conf.d\/default.conf<\/pre>\n\n\n\n
Edit your configuration and make your server listen on port 443 with http2 instead.<\/p>\n\n\n\n
listen       443 http2;\nlisten       [::]:443 http2;\nserver_name  localhost;<\/code><\/pre>\n\n\n\n
Then right under it, add the path to your SSL certificate keys.<\/p>\n\n\n\n
ssl        on;\nssl_certificate         \/etc\/certificate\/public\/certificate.pem;\nssl_certificate_key     \/etc\/certificate\/private\/certificate.key;<\/code><\/pre>\n\n\n\n
Save and exit. <\/p>\n\n\n\n
Now put your public key in here:<\/p>\n\n\n\n
sudo nano \/etc\/certificate\/public\/certificate.pem<\/pre>\n\n\n\n
And your private key in here:<\/p>\n\n\n\n
sudo nano \/etc\/certificate\/private\/certificate.key<\/pre>\n\n\n\n
You have now installed your SSL certificate. Please restart your nginx server for the changes to take effect.<\/p>\n\n\n\n
sudo systemctl restart nginx.service<\/pre>\n\n\n\n
Step 2. Nginx.conf – TLS 1.3 Other Settings<\/h3>\n\n\n\n
Navigate to your Nginx config file<\/p>\n\n\n\n
sudo nano \/etc\/nginx\/nginx.conf<\/pre>\n\n\n\n
Locate your SSL settings if you have any, if not put this under ‘http {‘<\/p>\n\n\n\n
# SSL Settings\n    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n    # Optimize session cache\n    ssl_session_cache shared:SSL:50m;\n    ssl_session_timeout 1d;\n\n# Enable session tickets\n    ssl_session_tickets on;<\/code><\/pre>\n\n\n\n
It is also recommended to add secure headers.<\/p>\n\n\n\n
# security headers\n    add_header X-Frame-Options \"SAMEORIGIN\" always;\n    add_header X-XSS-Protection \"1; mode=block\" always;\n    add_header X-Content-Type-Options \"nosniff\" always;\n    add_header Referrer-Policy \"no-referrer-when-downgrade\" always;\n    add_header Content-Security-Policy \"default-src * data: 'unsafe-eval' 'unsaf$\n add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;<\/code><\/pre>\n\n\n\n
To add Gzip compression:<\/p>\n\n\n\n
# Gzip Settings\ngzip on;\ngzip_disable \"msie6\";\ngzip_vary on;\ngzip_proxied any;\ngzip_comp_level 6;\ngzip_buffers 32 16k;\ngzip_http_version 1.1;\ngzip_min_length 250;\ngzip_types image\/jpeg image\/bmp image\/svg+xml text\/plain text\/css application\/json application\/javascript application\/x-javascript text\/xml application\/xml application\/xml+rss text\/javascript image\/x-icon;<\/code><\/pre>\n\n\n\n
Save and exit.<\/p>\n\n\n\n
You can now restart your Nginx server to apply the changes.<\/p>\n\n\n\n
sudo nano \/etc\/nginx\/nginx.conf<\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
In this tutorial I will go through on how to secure your Nginx server, with the benifits of a boost in pagespeed. A few Simple ways to Speedup & Secure it. Step 1. Install an SSL certificate Go to your Nginx website configuration file. sudo nano \/etc\/nginx\/conf.d\/default.conf Edit your configuration and make your server listen […]<\/p>\n","protected":false},"author":1,"featured_media":157,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-43","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"blocksy_meta":[],"_links":{"self":[{"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/posts\/43","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/comments?post=43"}],"version-history":[{"count":1,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/posts\/43\/revisions"}],"predecessor-version":[{"id":44,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/posts\/43\/revisions\/44"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/media\/157"}],"wp:attachment":[{"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/media?parent=43"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/categories?post=43"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostup.se\/en\/blog\/wp-json\/wp\/v2\/tags?post=43"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}