markdown 03.初始NGINX服务器设置数字海洋
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown 03.初始NGINX服务器设置数字海洋相关的知识,希望对你有一定的参考价值。
# NGINX
## Default File
## Proxy Reverse
Configure the location that nginx will direct for node to run
```
location /api {
proxy_pass http://localhost:3000/api;
}
```
## HTTP2
> If you've used certbot to redirect your routes just add the hhtp2 to it
> `listen 443 ssl http2; # managed by Certbot`
Enable http2
```
listen 443 ssl http2;
listen [::]:443 ssl http2;
```
## OCSP Stapling
Enable OCSP Stapling
```
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
```
## HSTS
Enable HSTS
```
# Enable HSTS (HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
```
OR
```
# Enable HSTS (HTTP Strict Transport Security) with Preload
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
```
if you choose this option add your site adress to `https://hstspreload.org/`
## Headers
### X-Frame-Options
This config to don't allow the browser to render the page inside an frame or iframe
```
# X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
```
### X-Frame-Options
This config to disable content-type sniffing on some browsers.
```
# X-Content-Type-Options
add_header X-Content-Type-Options nosniff;
```
### X-XSS-Protection
This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
```
# X-XSS-Protection
add_header X-XSS-Protection "1; mode=block";
```
### Config NGINX Cache Static Files
Set caching properties
```
# Browser Caching of static assets
location ~* \.(jpg|jpeg|png|gif|ico|svg|ttf|css|js)$ {
expires 7d;
}
```
# Config File
## Workers Connections
The worker_connections command tells our worker processes how many people can simultaneously be served by Nginx.
`worker_connections 1024;`
## SSL Settings
Enable session resumption to improve https performance
```
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
```
## Gzip Settings
Enable files compression
[NGINX Compression](https://www.digitalocean.com/community/tutorials/how-to-add-the-gzip-module-to-nginx-on-ubuntu-16-04)
```
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
```
## Links
https://securityheaders.io/
https://hstspreload.org/
http://www.seoreviewtools.com/redirect-checker-tool/
### Ref
https://www.owasp.org/index.php/List_of_useful_HTTP_headers
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
# TODO
* Insert Content-Security-Policy header
* Insert Referrer-Policy header以上是关于markdown 03.初始NGINX服务器设置数字海洋的主要内容,如果未能解决你的问题,请参考以下文章