While powerful and stable, the default configurations are not secure and extra tweaks are required to fortify the web server and give it the much-needed security to prevent attacks and breaches. In this article, we touch base on some of the steps you can take to harden and secure your Ngi...
Keeping your WordPress installation up-to-date is the most important thing you can do to keep your WordPress site secure, as we discussed in the previous article. You can use a product like Wordfence to receive email alerts when a theme, plugin or WordPress core needs an upgrade. Alternativel...
Certbot can automatically configure SSL for Nginx, but it needs to be able to find the correctserverblock in your config. It does this by looking for aserver_namedirective that matches the domain you’re requesting a certificate for. If you’re starting out with a fresh Nginx install, you ...
Let’s Encrypt is a freecertificate authoritythat allows you to set up such protection. It is the simplest way to secure your Nginx server. In this article, you will find the simplest way to secure your Nginx server by obtaining Let’s Encrypt certificates using the Certbot software. Prerequi...
1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this ...
Security mainly refers to minimise the risk. Change one thing may open a whole new set of problems. Read about how things work and what values are considered secure enough (and for what purposes). The only correct approach is to understand your exposure, measure and tune. + Security is imp...
In this tutorial, we will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with Nginx on CentOS 7. We will also show you how to …
It works by inspecting requests sent to the web server in real time against a predefined rule set, preventing typical web application attacks like XSS and SQL Injection. While originally an Apache module, ModSecurity can also be installed on Nginx as detailed in this guide. Prerequisites & ...
Hide Nginx version number Hide Nginx server signature Hide upstream proxy headers Use only the latest supported OpenSSL version Force all connections over TLS Use min. 2048-bit private keys Keep only TLS 1.3 and TLS 1.2 Use only strong ciphers Use more secure ECDH Curve Use strong Key Exchange...
When creating a TLS secret, import the certificate and private key file to the corresponding location. Verification Using a browser to access the ingress is successful. However, the certificate and secret are not issued by CA and the address bar shows the connection to nginx is not secure. ...