This project provides a robust, secure, and high-performance NGINX server packaged in a Docker container. It is designed to act as a secure reverse proxy, offering SSL/TLS encryption, optimized performance, and advanced security headers.
- SSL/TLS Encryption: Supports TLSv1.2 and TLSv1.3 with secure cipher suites.
- HTTP to HTTPS Redirection: Ensures all traffic is encrypted.
- Hardened HTTP Headers:
X-Content-Type-Options
: Prevents MIME sniffing.X-Frame-Options
: Protects against clickjacking attacks.X-XSS-Protection
: Enables Cross-Site Scripting (XSS) protection.Strict-Transport-Security (HSTS)
: Enforces HTTPS for all connections.Referrer-Policy
: Configured for secure referrer handling.
- Version Obfuscation: Hides NGINX version and server details.
- Rate Limiting: Protects against DDoS attacks with request and connection limits.
- Dynamic SSL Certificate Support: Easily update certificates as needed.
- Optimized Worker Settings:
- Auto-adjusts to CPU cores.
- Efficient connection handling with
epoll
.
- File Transfer Optimizations:
sendfile
: Enables zero-copy file transfers.tcp_nopush
andtcp_nodelay
: Reduce latency for large and small files.
- Keepalive Support: Configured for longer connections to reduce overhead.
- Compression:
- Gzip compression for faster file transfers.
- Optimized for text and web assets, including JSON, XML, and SVG.
- Custom Error Pages: Provides user-friendly error pages for common HTTP errors (404, 50x).
- Default Server Behavior: Returns
444
for unmatched requests, protecting against unwanted traffic. - Logging:
- Access logs with detailed request information.
- Configurable logging levels for error logs.
- Dynamic Modules: Loads the
ngx_http_image_filter_module
for additional functionality. - DNS Resolver: Enables dynamic name resolution for backend services.
- Dockerized Deployment: Fully containerized for easy deployment and scalability.
secure-nginx/
├── docker-compose.yml # Docker Compose configuration
├── nginx/
├── certs/ # SSL certificates
│ ├── server.crt # Public certificate
│ ├── server.key # Private key
├── conf/ # NGINX configuration files
│ ├── <example>.conf # Per-domain or service-specific configurations
├── html/errors/ # Custom error pages
│ ├── 404.html # 404 Error page
│ ├── 50x.html # 50x Error page
├── logs/ # Logs directory
│ ├── error.log # Error log file
│ ├── nginx.pid # PID file for NGINX
├── nginx.conf # Main NGINX configuration file