DEV Community

Discussion on: Moving from Apache2 to Nginx Webserver

Collapse
vinayhegde1990 profile image
Vinay Hegde

Concise post there, Davinderpal. Would like to add a few things to make it even better.

  1. Make a separate file for each of your websites in the /etc/nginx/sites-available directory than making changes to the default file. It'll be helpful in production should that file be lost during an nginx upgrade or be corrupted by any chance
    (Ideally: They should be committed to a VCS repo)

  2. Do ensure the file containing the Environmental variables has the right set of permissions since it contains sensitive data that you'd not want to end up in the wrong hands.

  3. Expose the port ::8080 only if you're serving traffic on IPv6

  4. Do consider serving the traffic via TLS that terminates at Nginx for an additional layer of security.

Collapse
davinderpalrehal profile image
Davinderpal Singh Rehal Author

Thanks Vinay will definitely keep these in mind. Usually, we have multiple websites on the same server all of them following a similar suggestions to what you have made. I am hoping to do a couple of articles about tightening up web server security.

Collapse
vinayhegde1990 profile image
Vinay Hegde

Good to know they helped, Davinderpal. Point no. 1 of my previous comment should be useful towards your requirement of multiple sites in same server.

Looking forward to your web security posts!