NGinx Best Practices

nginx httpd

What best practices do you use while using NGinx?


How to combine HTTP and HTTPS blocks.

server {
    listen 80;
    listen 443 default ssl;

    # other directives
}

This was posted as an answer to a different question. See here.


By far, the best tips I have ever seen are from the author on it's pitfall page: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/


Generally, using "if" is a bad practice (according to author of nginx). if possible, better to use try_file of error_page directives instead "if (-f ...)"

Combining tip with maintenence.html file and tip with try_files we get:

location / {
    try_files /maintenance.html $uri $uri/ @wordpress;
}

When maintenance ends, just mv maintenance.html from $root.


Configure nginx to use stronger SSL ciphers. By default, SSLv2 is enabled (which you should disable if possible).

ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

http://tumblelog.jauderho.com/post/121851623/nginx-and-stronger-ssl

Related

Web based Apache VHost config dump
ec2, ping and security settings
HP ACU shows parity initialization failed on Smart Array controller
umask in RHEL 6
How can I prevent Postfix from accepting mail from domains it owns, that it didn’t send?
Nginx cannot serve with permission error
Testing vhost config
Practical way to implement prevention of IP Spoofing
Apache fails silently after installation of MapServer 6.2.0
Email server configuration still complaining the connection isn't secure
RHEL5 - Bind doesn't return IPv6 records
Is there a method of viewing/exporting the current running config of Apache as a single file?