Senior DevOps Engineer with 8.5+ years of experience. Otherwise an avid artist, reader, cinephile & football fan. Looking forward to connecting with everyone :)
Concise post there, Davinderpal. Would like to add a few things to make it even better.
Make a separate file for each of your websites in the /etc/nginx/sites-available directory than making changes to the default file. It'll be helpful in production should that file be lost during an nginx upgrade or be corrupted by any chance
(Ideally: They should be committed to a VCS repo)
Do ensure the file containing the Environmental variables has the right set of permissions since it contains sensitive data that you'd not want to end up in the wrong hands.
Expose the port ::8080 only if you're serving traffic on IPv6
Do consider serving the traffic via TLS that terminates at Nginx for an additional layer of security.
A full stack engineer looking to get more people interested in programming and specifically get more Sikh girls interested in how to program. Writing at http://davi.codes
Thanks Vinay will definitely keep these in mind. Usually, we have multiple websites on the same server all of them following a similar suggestions to what you have made. I am hoping to do a couple of articles about tightening up web server security.
Senior DevOps Engineer with 8.5+ years of experience. Otherwise an avid artist, reader, cinephile & football fan. Looking forward to connecting with everyone :)
Concise post there, Davinderpal. Would like to add a few things to make it even better.
Make a separate file for each of your websites in the
/etc/nginx/sites-availabledirectory than making changes to thedefaultfile. It'll be helpful in production should that file be lost during an nginx upgrade or be corrupted by any chance(Ideally: They should be committed to a VCS repo)
Do ensure the file containing the Environmental variables has the right set of permissions since it contains sensitive data that you'd not want to end up in the wrong hands.
Expose the port ::8080 only if you're serving traffic on IPv6
Do consider serving the traffic via TLS that terminates at Nginx for an additional layer of security.
Thanks Vinay will definitely keep these in mind. Usually, we have multiple websites on the same server all of them following a similar suggestions to what you have made. I am hoping to do a couple of articles about tightening up web server security.
Good to know they helped, Davinderpal. Point no. 1 of my previous comment should be useful towards your requirement of multiple sites in same server.
Looking forward to your web security posts!