Sanity check of my config - is it secure?

Nuno Magalhães nunomagalhaes at eu.ipp.pt
Sun May 22 20:48:42 MSD 2011


Have a look at these:

http://wiki.nginx.org/Configuration
http://wiki.nginx.org/Modules
http://wiki.nginx.org/3rdPartyModules
https://calomel.org/nginx.html

And what version of nginx (latest is 1.0.2)? What OS?

On Sun, May 22, 2011 at 15:56, benseb <nginx-forum at nginx.us> wrote:

>    gzip  on;
> #  gzip_static on;

If you're serving so much static content you may as well enable
gzip_static, although it's pointless for compressed images like jpg.

>    gzip_types        text/plain text/css image/x-icon

No html? Javascript?

>        server_tokens off;

Won't disable the Server: header. There's a module that can do that.

>         if ($request_uri ~*
> (^\/|\.ico|\.css|\.js|\.swf|\.gif|\.jp?g|\.png)$ ) {

You can probably replace this if-statement with a regex.

>         location ^~ /applets/{
>               root /home/vhosts/x.com/httpdocs;
>               expires max;
>        }
>        location ^~ /css/{
>               root /home/vhosts/x.com/httpdocs;
>               expires max;
>        }

And merge these locations (as well as others) perhaps? Something like
^~ /(applets|css)/

Just a few hints, like i said i'm no expert.

-- 
Mars 2 Stay!
http://xkcd.com/801/
/etc



More information about the nginx mailing list