HostUp

How to Secure Your Nginx Server

Switch Your VPS Hosting! Our SSD powered servers are both faster and cheaper than the competition, if not we'll match it!

Get Faster Hosting Today!

In this tutorial I will go through on how to secure your Nginx server, with the benifits of a boost in pagespeed.

A few Simple ways to Speedup & Secure it.

Step 1. Install an SSL certificate

Go to your Nginx website configuration file.

sudo nano /etc/nginx/conf.d/default.conf

Edit your configuration and make your server listen on port 443 with http2 instead.

listen       443 http2;
listen       [::]:443 http2;
server_name  localhost;

Then right under it, add the path to your SSL certificate keys.

ssl        on;
ssl_certificate         /etc/certificate/public/certificate.pem;
ssl_certificate_key     /etc/certificate/private/certificate.key;

Save and exit.

Now put your public key in here:

sudo nano /etc/certificate/public/certificate.pem

And your private key in here:

sudo nano /etc/certificate/private/certificate.key

You have now installed your SSL certificate. Please restart your nginx server for the changes to take effect.

sudo systemctl restart nginx.service

Step 2. Nginx.conf – TLS 1.3 Other Settings

Navigate to your Nginx config file

sudo nano /etc/nginx/nginx.conf

Locate your SSL settings if you have any, if not put this under ‘http {‘

# SSL Settings
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    # Optimize session cache
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;

# Enable session tickets
    ssl_session_tickets on;

It is also recommended to add secure headers.

# security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsaf$
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

To add Gzip compression:

# Gzip Settings
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 32 16k;
gzip_http_version 1.1;
gzip_min_length 250;
gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;

Save and exit.

You can now restart your Nginx server to apply the changes.

sudo nano /etc/nginx/nginx.conf

David Berndtsson

Member at HostUp and loves to write tutorials that actually work.

Need VPS Hosting? Give HostUp a go! Our SSD powered servers will give you a blazing fast experience. From $3.50 / month.

View Plans

Or watch our 2d animation about web hosting

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
0 Comment authors
Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
trackback

[…] How to Secure Your Nginx Server […]

Copy link