Securing Headers


#1

Hi,

I’d like some guidance on how to best harden the headers sent by EasyEngine configured servers. This is mentioned in Github issue #526, however, no replies were made so I thought I’d open up a discussion here.

Questions

  • If I add these configurations to the main nginx.conf will they be overwritten during the next NGINX/EasyEngine upgrade?
  • What about adding these directives to a new file and including them in the main nginx.conf file?

Reference/Resources


#2

check headers and ssl same here,It would be great if the engine can set them up automatically, no clue how to, wish someone could fix those headers


#3

#4

Nice article @pakwai, I’m aware of what edits to headers I should make to better harden them. I’m asking about WHERE I should go about making these edits in order for them to survive EE version upgrades.


#5

/etc/nginx/nginx.conf

Add headers in http{} block


#6

@brianjking Yes, you can add those headers in nginx.conf file and they will not be overwritten after EasyEngine upgrade. We do not overwrite nginx.conf in EasyEngine’s upgradation, and same is for apt-get upgrade. As, apt-get asks for confirmation before overwriting any available configuration file with new version’s.

As for the second suggestion. That would be a better and safer way to achieve the same. You can make a new configuration file in /var/www/site-name/conf/nginx/ or /etc/nginx/conf.d/ folder and it will be included in nginx by default.

Hope that helped, Thank you.


#7