- Bind to internal interfaces where possible.
- Restrict admin or status endpoints to trusted IPs.
- Use TLS and modern ciphers.
- Disable unnecessary modules.
- Set
server_tokens off.
- Remove default site configs.
- Limit methods (e.g., disable
TRACE).
- Use rate limiting for public endpoints.
- Run as a dedicated user.
- Keep Nginx and modules updated.
Do you need help or support? Feel free to contact us!