Skip to content

This project provides a robust, secure, and high-performance NGINX server packaged in a Docker container. It is designed to act as a secure reverse proxy, offering SSL/TLS encryption, optimized performance, and advanced security headers.

Notifications You must be signed in to change notification settings

mk3-v8/secure-nginx

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Secure NGINX Docker Project

This project provides a robust, secure, and high-performance NGINX server packaged in a Docker container. It is designed to act as a secure reverse proxy, offering SSL/TLS encryption, optimized performance, and advanced security headers.


Features

Security

  • SSL/TLS Encryption: Supports TLSv1.2 and TLSv1.3 with secure cipher suites.
  • HTTP to HTTPS Redirection: Ensures all traffic is encrypted.
  • Hardened HTTP Headers:
    • X-Content-Type-Options: Prevents MIME sniffing.
    • X-Frame-Options: Protects against clickjacking attacks.
    • X-XSS-Protection: Enables Cross-Site Scripting (XSS) protection.
    • Strict-Transport-Security (HSTS): Enforces HTTPS for all connections.
    • Referrer-Policy: Configured for secure referrer handling.
  • Version Obfuscation: Hides NGINX version and server details.
  • Rate Limiting: Protects against DDoS attacks with request and connection limits.
  • Dynamic SSL Certificate Support: Easily update certificates as needed.

Performance

  • Optimized Worker Settings:
    • Auto-adjusts to CPU cores.
    • Efficient connection handling with epoll.
  • File Transfer Optimizations:
    • sendfile: Enables zero-copy file transfers.
    • tcp_nopush and tcp_nodelay: Reduce latency for large and small files.
  • Keepalive Support: Configured for longer connections to reduce overhead.
  • Compression:
    • Gzip compression for faster file transfers.
    • Optimized for text and web assets, including JSON, XML, and SVG.

Usability

  • Custom Error Pages: Provides user-friendly error pages for common HTTP errors (404, 50x).
  • Default Server Behavior: Returns 444 for unmatched requests, protecting against unwanted traffic.
  • Logging:
    • Access logs with detailed request information.
    • Configurable logging levels for error logs.

Flexibility

  • Dynamic Modules: Loads the ngx_http_image_filter_module for additional functionality.
  • DNS Resolver: Enables dynamic name resolution for backend services.
  • Dockerized Deployment: Fully containerized for easy deployment and scalability.

Folder Structure

secure-nginx/
├── docker-compose.yml           # Docker Compose configuration
├── nginx/
    ├── certs/                   # SSL certificates
    │   ├── server.crt           # Public certificate
    │   ├── server.key           # Private key
    ├── conf/                    # NGINX configuration files
    │   ├── <example>.conf       # Per-domain or service-specific configurations
    ├── html/errors/             # Custom error pages
    │   ├── 404.html             # 404 Error page
    │   ├── 50x.html             # 50x Error page
    ├── logs/                    # Logs directory
    │   ├── error.log            # Error log file
    │   ├── nginx.pid            # PID file for NGINX
    ├── nginx.conf               # Main NGINX configuration file

About

This project provides a robust, secure, and high-performance NGINX server packaged in a Docker container. It is designed to act as a secure reverse proxy, offering SSL/TLS encryption, optimized performance, and advanced security headers.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages