Securing NGINX - Fedora/RedHat

Step 2c - Configuring NGINX Modules & Sites

Configuring NGINX Modules and Sites

Part of having a secure website is minimizing the information that we share with everytone. Also, we need to look over what modules are running and interacting with what applications. A lot of work shall be done in this procedure and not just turning modules on and off. We will be tweaking the modules behavior and function along with core functionality that can really harden a system beyond a hackers reach. We will be updating this page to include additional configurations to strengthen the sites security.

How to enable or disable NGINX modules

NGINX modules are automatically included during the installation process of NGINX. Enabling or disabling modules in NGINX will require you to recomplie NGINX unless it is a Dynamic Module

To list all of the NGINX modules running:

nginx -V

Enabling the newly created sites under NGINX

Placing your site files in the conf.d directory is enough to enable your site in Fedora based systems. Just make sure that the option for loading configuration files for the server block is enabled.

Disabling the default sites under NGINX

Do not forget to handle the IP defaulting to a web page if you disable the defaults. Do not use the NGINX default page! Go to the conf.d directory and remove the default site from there.

Change the Timeout & KeepAlive

 nano /etc/nginx/nginx.conf

Add the lines that are in blue to the server block.

send_timeout 30;
keepalive_timeout 5;

Close and exit the file

ctrl + o   (Save)
ctrl + x   (Exit)

Hide Server Version, Port, and Hostname from being advertised

We could put all of Security Header settings in this file, but we highly do not recommend it on a Server that hosts numerous sites! This process will only hide the server version number and not the server signture. In order to hide it you will have to compile NGINX from source to include this.

nano /etc/nginx/conf.d/EXAMPLE_com_ssl.conf

Add the line that is in blue in the server block

server_tokens off;

Close and exit the file

ctrl + o   (Save)
ctrl + x   (Exit)

Restart NGINX

systemctl restart nginx