Nginx
Hardening nginx with systemd security features
Secure your nginx service by using security features provided by systemd.
Summary
Introduction Nginx is still a popular web server and powering a part of the web. Wouldn’t it be great if we could secure it a little bit more? In this article we use the security features to secure systemd units and services and apply it to nginx. If you are not familiar yet with the unit settings of systemd, then this document would be a good introduction into the subject.
Adding the Expires header to improve caching static content in nginx
Want to improve caching on your nginx web server? Learn how to set the Expires header and enhance your nginx configuration.
Summary
Learn how to define the Expires header in nginx to improve the caching of static assets.
Nginx security hardening guide
Learn how to secure your nginx configuration with this hardening guide. It includes examples and tips to implement security measures step by step.
How to see all virtual hosts in nginx
Want to see all configured virtual hosts on a server running nginx? Here is a method to achieve this quickly by using a default configuration option.
Summary
How to display the configured hosts by filtering out the server_name entries
How to log only some requests to a log file in nginx
Nginx is flexible when it comes to what should be logged in the access.log. With the combination of a map and if-statement, this can be achieved very easily!
Summary
Nginx is flexible when it comes to what should be logged in the access.log. With the combination of a map and if-statement, this can be achieved very easily!" Log only some events by HTTP status Creating a map using $status The $status variable contains the HTTP status code that is normally returned to each request. We can leverage this status code to set a so-called boolean (true/false, or 1/0). Let’s define first the map and use the HTTP status.
How to block POST requests in nginx
Want to block all HTTP POST requests in nginx? There are multiple ways to achieve this and within this article we look at the best fit.
Summary
Why block POST requests in the first place? Some websites or resources don’t need POST requests, such as a statically generated website. It looks like POST requests also take some CPU time within nginx to process them compared with static files. This becomes visible when using the $request_time variable to customize the access log. 2024-04-02T10:14:39+00:00 404 a.b.c.d “POST /xmlrpc.php HTTP/1.1” 562 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.
Hiding the nginx version number
Security professionals usually don't advise to use security through obscurity. Still, it's wise to hide the nginx version number.
Summary
If you care about security, making your system “lean” is one very good start. Remove all clutter, like unused packages. It is part of system hardening and considered a good practice. This also applies to leaking of version numbers, which can only be harmful. Yes.. it is security through obscurity. But why would you reveal specific details about your environment to attackers? In this article we have a look at the very popular Nginx web server daemon.