1. 安装 SSL 证书
server {
listen 443 ssl;
server_name bestflare.com;
ssl on;
ssl_certificate /opt/cert/bestflare.pem;
ssl_certificate_key /opt/cert/bestflare.key;
}
2. 限额申请率
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req zone=one burst=5;
3. 隐藏 Nginx 服务器令牌
server_tokens off;
4. 保护敏感资源
location /admin {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
allow 192.168.1.0/24; # Replace with your IP address or subnet
deny all;
}
5. 添加安全标头
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
6. 监控和管理 Nginx 日志文件
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
}
运维系列Nginx:安全配置
最新推荐文章于 2024-05-28 17:17:08 发布