Production-Ready Nginx

Fixing Nginx's default configuration.

Nginx's default configuration is fine, but could use some help!

The quickest way to improve Nginx's default configuration is to use H5BP's Nginx configuration.

The Problems with Defaults

There's a few "problems" (things we can improve) with the default configuration.

  1. No caching for easily-cached static assets
  2. No HTTP security headers/configuration in place
  3. TLS encryption defaults could use improvement

Let's fix that!

Using H5BP

I basically just blow away the default Nginx configuration and use H5BP's:

sudo mv /etc/nginx /etc/nginx.old
git clone /etc/nginx

Files in /etc/nginx/conf.d are loaded - your site configurations go here. There are templates in there for you to use!

The main thing to check out is h5bp/basic.conf, which then loads other configuration files. This is the default set of configuration loaded - but there is more there to check out and optionally use!

The defaults sets a great set of un-obstrusive security settings, file caching, letting LetsEncrypt (certbot) work, and more.

Check out the video for a ton more details!