add misc recommendations about nginx

There is not any section about web servers. So you should probably create a section about web servers.
2025-12-06 01:02:49 +01:00 · 2023-12-21 12:32:57 +01:00
parent 437b59c515
commit 6ec31b6344
1 changed files with 45 additions and 0 deletions
--- a/nginx.md
+++ b/nginx.md
@@ -0,0 +1,45 @@
+# Secure nginx
+
+Global resource: [webdock.io](https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache)
+
+* [Disable server tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens)
+
+  ```nginx
+  server_tokens off;
+  ```
+
+* [Content Security Policy Reference](https://content-security-policy.com/)
+
+  ```nginx
+  add_header Content-Security-Policy "default-src 'self';" always;
+  ```
+
+* [X-frame-options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#sameorigin)
+
+  ```nginx
+  add_header X-Frame-Options SAMEORIGIN always;
+  ```
+
+* [X-Xss-Protection: block](https://docs.nginx.com/nginx-management-suite/acm/how-to/policies/proxy-response-headers/)
+
+  ```nginx
+  add_header X-Xss-Protection "1; mode=block" always;
+  ```
+
+* [strict origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin)
+
+  ```nginx
+  add_header Referrer-Policy "strict-origin" always;
+  ```
+
+* [Permissions Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy)
+
+  ```nginx
+  add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+  ```
+
+* [Content sniffing](https://en.wikipedia.org/wiki/Content_sniffing)
+
+  ```nginx
+  add_header X-Content-Type-Options nosniff always;
+  ```