Nginx 調整經驗

Nginx調教經驗

• Add Headers

  ## HTTP Strict Transport Security(HSTS) 
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  
  ## 為了防止IFrame式Clickjacking攻擊
  add_header X-Frame-Options "SAMEORIGIN" always;
  
  ## 阻止瀏覽器探知檔案的 mime type ( disable Content sniffing )
  add_header X-Content-Type-Options nosniff always;
  

• ELB
  • Needed authorization
    • acm:ListCertificates 看證書的權限
    • elasticloadbalancing:ModifyListener 調整listener的權限
  • https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies
• SSL Configuration Generator
  • https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=modern&openssl=1.1.1k&guideline=5.6
• 開啓Gzip壓縮功能
  • https://www.twblogs.net/a/5cb9a2f5bd9eee0f00a2482b
• 生產環境瀏覽器Strict MIME TYPE Checking問題解決
  • https://blog.csdn.net/zhuyiquan/article/details/52173735
• SSL Test for Qualys Product
  • https://www.ssllabs.com/ssltest/
• Medium
  • https://medium.com/程式愛好者/關於安全性的header-b3b7adcb0fca