Part of having a secure website is minimizing the information that we share with everytone. Also, we need to look over what modules are running and interacting with what applications. A lot of work shall be done in this procedure and not just turning modules on and off. We will be tweaking the modules behavior and function along with core functionality that can really harden a system beyond a hackers reach. We will be updating this page to include additional configurations to strengthen the sites security.
NGINX modules are automatically included during the installation process of NGINX. Enabling or disabling modules in NGINX will require you to recomplie NGINX unless it is a Dynamic Module
To list all of the NGINX modules running:
nginx -V
ln -s /etc/nginx/sites-available/EXAMPLE_com_ssl.conf /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/EXAMPLE_com.conf /etc/nginx/sites-enabled/
Do not forget to handle the IP defaulting to a web page if you disable the defaults. Do not use the NGINX default page! Go to the sites-enabled directory and remove the default site from there.
nano /etc/nginx/nginx.conf
send_timeout 30;
keepalive_timeout 5;
We could put all of Security Header settings in this file, but we highly do not recommend it on a Server that hosts numerous sites! This process will only hide the server version number and not the server signture. In order to hide it you will have to compile NGINX from source to include this.
nano /etc/nginx/sites-available/EXAMPLE_com_ssl.conf
server_tokens off;
systemctl restart nginx