以下是Nginx安全設置的關鍵措施:
server_tokens off;limit_except GET POST { deny all; }listen 443 ssl; return 301 https://$host$request_uri;ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";allow 192.168.1.0/24; deny all;limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;limit_conn_zone $binary_remote_addr zone=addr:10m;add_header X-XSS-Protection "1; mode=block";add_header X-Frame-Options "SAMEORIGIN";add_header X-Content-Type-Options "nosniff";location ~* \.(conf|log|bak|git|env)$ { deny all; }client_max_body_size 10M;gixy /etc/nginx/nginx.confuser nginx;參考來源:
