mirror of
https://github.com/imthenachoman/How-To-Secure-A-Linux-Server.git
synced 2025-12-06 01:02:49 +01:00
Compare commits
2 Commits
437b59c515
...
a72f5f2123
| Author | SHA1 | Date | |
|---|---|---|---|
|
a72f5f2123 | ||
|
6ec31b6344 |
45
nginx.md
Normal file
45
nginx.md
Normal file
@@ -0,0 +1,45 @@
|
||||
# Secure nginx
|
||||
|
||||
Global resource: [webdock.io](https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache)
|
||||
|
||||
* [Disable server tokens](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens)
|
||||
|
||||
```nginx
|
||||
server_tokens off;
|
||||
```
|
||||
|
||||
* [Content Security Policy Reference](https://content-security-policy.com/)
|
||||
|
||||
```nginx
|
||||
add_header Content-Security-Policy "default-src 'self';" always;
|
||||
```
|
||||
|
||||
* [X-frame-options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options#sameorigin)
|
||||
|
||||
```nginx
|
||||
add_header X-Frame-Options SAMEORIGIN always;
|
||||
```
|
||||
|
||||
* [X-Xss-Protection: block](https://docs.nginx.com/nginx-management-suite/acm/how-to/policies/proxy-response-headers/)
|
||||
|
||||
```nginx
|
||||
add_header X-Xss-Protection "1; mode=block" always;
|
||||
```
|
||||
|
||||
* [strict origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin)
|
||||
|
||||
```nginx
|
||||
add_header Referrer-Policy "strict-origin" always;
|
||||
```
|
||||
|
||||
* [Permissions Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy)
|
||||
|
||||
```nginx
|
||||
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
|
||||
```
|
||||
|
||||
* [Content sniffing](https://en.wikipedia.org/wiki/Content_sniffing)
|
||||
|
||||
```nginx
|
||||
add_header X-Content-Type-Options nosniff always;
|
||||
```
|
||||
Reference in New Issue
Block a user