Sanity check of my config - is it secure?

Nuno Magalhães nunomagalhaes at
Sun May 22 20:48:42 MSD 2011

Have a look at these:

And what version of nginx (latest is 1.0.2)? What OS?

On Sun, May 22, 2011 at 15:56, benseb <nginx-forum at> wrote:

>    gzip  on;
> #  gzip_static on;

If you're serving so much static content you may as well enable
gzip_static, although it's pointless for compressed images like jpg.

>    gzip_types        text/plain text/css image/x-icon

No html? Javascript?

>        server_tokens off;

Won't disable the Server: header. There's a module that can do that.

>         if ($request_uri ~*
> (^\/|\.ico|\.css|\.js|\.swf|\.gif|\.jp?g|\.png)$ ) {

You can probably replace this if-statement with a regex.

>         location ^~ /applets/{
>               root /home/vhosts/;
>               expires max;
>        }
>        location ^~ /css/{
>               root /home/vhosts/;
>               expires max;
>        }

And merge these locations (as well as others) perhaps? Something like
^~ /(applets|css)/

Just a few hints, like i said i'm no expert.

Mars 2 Stay!

More information about the nginx mailing list