Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteDernière révisionLes deux révisions suivantes |
informatique:nginx [03/10/2019 08:35] – [Tips & Tricks] cyrille | informatique:nginx [07/05/2023 09:21] – [Autre] cyrille |
---|
* [[http://interfacelab.com/nginx-php-fpm-apc-awesome|NGINX + PHP-FPM + APC = Awesome]] | * [[http://interfacelab.com/nginx-php-fpm-apc-awesome|NGINX + PHP-FPM + APC = Awesome]] |
* [[http://download.pureftpd.org/docs/configuration_nginx_php.pdf|La mise en place de Nginx avec PHP-fpm]] | * [[http://download.pureftpd.org/docs/configuration_nginx_php.pdf|La mise en place de Nginx avec PHP-fpm]] |
| |
| ===== Securité ===== |
| |
| ==== WAF (Web Application Firewall) ==== |
| |
| * ModSecurity |
| * [[https://blog.wpsec.com/wordpress-modsecurity-waf/|Protecting WordPress with Open Source Web Application Firewall ModSecurity]] |
| * [[https://medium.com/building-goalwise/how-to-implement-modsecurity-waf-with-nginx-15fdd42fa3|How to implement ModSecurity WAF with NGINX]] 2019 (Installing ModSecurity v3) |
| * [[https://geekflare.com/install-modsecurity-on-nginx/|How to Install & Configure ModSecurity on Nginx]] 2018 |
| * NAXSI (Nginx Anti Xss & Sql Injection) |
| * https://github.com/nbs-system/naxsi |
| * https://github.com/nbs-system/naxsi-rules |
| * [[https://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-152/NAXSI-un-WAF-open-source-pour-Nginx|NAXSI, un WAF open source pour Nginx]] 2012 |
| |
| ==== Autre ==== |
| |
| [[/informatique/securite/crowdsec|Crowdsec]] |
| |
| * Bunkerized Nginx |
| * https://github.com/bunkerity/bunkerized-nginx |
| * [[https://korben.info/bunkerized-nginx-docker-nginx-securise.html||Bunkerized Nginx – L’image Docker Nginx sécurisée]] 2020 |
| |
| |
===== Tips & Tricks ===== | ===== Tips & Tricks ===== |
| |
| ==== Letsencrypt certbot reload ==== |
| |
| ''Certbot'' sur les debian récentes utilisent un ''systemd timer''. Pour reloader ''nginx'' après un renouvellement de certificat il faut créer un script du genre : |
| |
| ''/etc/letsencrypt/renewal-hooks/deploy/01-reload-nginx'' : |
| <code bash> |
| #!/bin/sh |
| # set -e |
| systemctl reload nginx |
| </code> |
| |
| ==== Optimize Nginx ==== |
| |
[[https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration|How To Optimize Nginx Configuration]] | [[https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration|How To Optimize Nginx Configuration]] |
| |
| ==== Logging ==== |
| |
| * [[https://gock.net/blog/2020/nginx-conditional-logging-responses/|NGINX conditional logging and responses]] (2020-11) |
| |
| ==== more than one worker process ==== |
| |
http://articles.slicehost.com/2008/5/15/ubuntu-hardy-nginx-configuration/ | http://articles.slicehost.com/2008/5/15/ubuntu-hardy-nginx-configuration/ |