Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx nginx.conf tweaks

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by dorobo, Jun 21, 2014.

Tags:
  1. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +161
    Local Time:
    5:29 AM
    latest
    latest
    Can we discuss how we can improve nginx.conf so that we could squeeze some more performance and better security.

    I saw this link
    Code:
    https://gist.github.com/plentz/6737338
    and it has the following additional lines:

    Code:
    add_header X-Frame-Options SAMEORIGIN;
     
    add_header X-Content-Type-Options nosniff;
     
    add_header X-XSS-Protection "1; mode=block";
    
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
    the description of each is explained in the link. What do you think?
     
    Last edited: Jun 21, 2014
  2. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    7:29 AM
    Nginx 1.13.x
    MariaDB 5.5
    I believe those are specific to SSL / https usage ? And would be dependent on what web sites you are serving so can't really be something you implement by default on all Centmin Mod servers. You'd have to decide for yourself which to enable for your specific SSL https Nginx based web sites.
     
  3. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    5:29 AM
    1.11
    10.2
    Base on my experience specific for XenForo under https:
    add_header X-Frame-Options SAMEORIGIN;
    - already duplicate as already declared by xenforo.

    add_header X-XSS-Protection "1; mode=block";
    - do not use or else some XenForo feature may not work correctly.
     
    • Like Like x 2
  4. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,137
    Local Time:
    7:29 AM
    Nginx 1.13.x
    MariaDB 5.5
    indeed it does checking forum http headers here

    Code:
    x-page-speed    1.8.31.3-4009
    date    Sat, 21 Jun 2014 10:18:14 GMT
    content-encoding    gzip
    server    nginx
    x-frame-options    SAMEORIGIN
    strict-transport-security    max-age=31536000; includeSubdomains
    content-type    text/html; charset=UTF-8
    status    200
    cache-control    max-age=0, no-cache
    alternate-protocol    443:npn-spdy/3
    version    HTTP/1.1