CSEC_PUBLIC/How-To-Secure-A-Linux-Server
1
0
Fork 0
mirror of https://github.com/imthenachoman/How-To-Secure-A-Linux-Server.git synced 2025-12-06 09:12:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

add misc recommendations about nginx

Browse Source 
There is not any section about web servers.
So you should probably create a section
about web servers.
This commit is contained in:
Your Name
2023-12-21 12:32:57 +01:00
parent 437b59c515
commit 6ec31b6344
1 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
nginx.md Normal file
View File

@@ -0,0 +1,45 @@
# Secure nginx
Global resource: [webdock.io](https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache)
* [Disable server tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens)
```nginx
server_tokens off;
```
* [Content Security Policy Reference](https://content-security-policy.com/)
```nginx
add_header Content-Security-Policy "default-src 'self';" always;
```
* [X-frame-options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#sameorigin)
```nginx
add_header X-Frame-Options SAMEORIGIN always;
```
* [X-Xss-Protection: block](https://docs.nginx.com/nginx-management-suite/acm/how-to/policies/proxy-response-headers/)
```nginx
add_header X-Xss-Protection "1; mode=block" always;
```
* [strict origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin)
```nginx
add_header Referrer-Policy "strict-origin" always;
```
* [Permissions Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy)
```nginx
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
```
* [Content sniffing](https://en.wikipedia.org/wiki/Content_sniffing)
```nginx
add_header X-Content-Type-Options nosniff always;
```