How do I harden Nginx or Apache for production security?
Asked on Oct 01, 2025
Answer
To harden Nginx or Apache for production security, you should focus on configuring HTTPS, setting up strong encryption, and using security headers to protect your web server.
<!-- BEGIN COPY / PASTE -->
# Example for Nginx
server {
listen 443 ssl;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
}
# Example for Apache
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "DENY"
Header always set X-XSS-Protection "1; mode=block"
</VirtualHost>
<!-- END COPY / PASTE -->Additional Comment:
- Ensure that only strong TLS protocols (TLSv1.2 and TLSv1.3) are enabled to prevent downgrade attacks.
- Use modern cipher suites that provide forward secrecy and avoid deprecated ones.
- Security headers like
X-Content-Type-Options,X-Frame-Options, andX-XSS-Protectionhelp mitigate common web vulnerabilities. - Regularly update your server software to patch known vulnerabilities.
✅ Answered with Security best practices.
Recommended Links: