Skip to content
/ nginx-assets Public

Secure Resource and Assets Storage directory with NGINX

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rizkytegar/nginx-assets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

nginx/sites-available

nginx/sites-available

 
 

storage

storage

 
 

README.md

README.md

 
 

Repository files navigation

nginx-assets

Secure Resource and Assets Storage directory with NGINX. Here is a list of all the security features present in the configuration:

  • HTTP to HTTPS Redirect:
    • Ensures all traffic is encrypted by redirecting HTTP requests to HTTPS.
  • SSL Configuration:
    • Uses secure SSL protocols (TLSv1.2, TLSv1.3) and strong ciphers (HIGH:!aNULL:!MD5).
  • Security Headers:
    • X-Content-Type-Options nosniff: Prevents browsers from interpreting files as a different MIME type.
    • X-Frame-Options DENY: Prevents clickjacking by not allowing the site to be framed.
    • X-XSS-Protection "1; mode=block": Enables Cross-Site Scripting (XSS) filtering.
    • Referrer-Policy no-referrer-when-downgrade: Controls the amount of referrer information sent with requests.
    • Content-Security-Policy "default-src 'self'": Restricts resources (scripts, styles, etc.) to be loaded only from the same origin.
  • Disable Directory Listing:
    • autoindex off;: Prevents listing of directory contents.
  • Limit Client Request Body Size:
    • client_max_body_size 30M;: Limits the size of client requests to 30 megabytes globally.
    • client_max_body_size 10M;: Limits the size of client requests to 10 megabytes within the /storage location.
  • Deny Access to Sensitive Files:
    • location ~ /\.ht { deny all; }: Denies access to hidden files starting with .ht.
  • Host Validation:
    • if ($host != $server_name) { return 444; }: Returns a 444 status code if the requested host does not match the server name.
  • Custom Error Pages:
    • error_page 404 /storage/404.xml;: Custom 404 error page for /storage.
    • error_page 403 /storage/403.xml;: Custom 403 error page for /storage.
  • File Extension Handling:
    • try_files $uri =404;: Returns a 404 status code if specific file types are not found.
    • if ($request_filename ~* ^.*?\.(exe|php|py|pl|cgi|bin|sh|bat|dll|asp|aspx|jsp|html|htm|shtml|phtml|php3|php4|php5|php6|php7)$) { return 403; }: Returns a 403 status code for certain executable and script file extensions.
  • Deny PHP File Access:
    • location ~ \.php$ { deny all; }: Denies access to PHP files within the /storage location.
  • CORS Configuration:
    • Allows cross-origin requests only from the server's own domain:
      • add_header 'Access-Control-Allow-Origin' "$http_origin" always;
      • add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT' always;
      • add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
      • Returns a 204 status code for preflight OPTIONS requests.
  • Logging:
    • access_log /var/log/nginx/access.log;: Logs access requests.
    • error_log /var/log/nginx/error.log warn;: Logs error messages at the warning level.

These security measures help protect the server from various types of attacks and ensure secure handling of requests and data.

About

Secure Resource and Assets Storage directory with NGINX

Topics

nginx nginx-configuration

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository