How to secure debian nginx webserver

Question

I installed Jekyll on my Debian with nginx. Normally i know how to secure my web server when using php. You can do this with php-fpm and creating pool.

my current nginx configuration:

server {
    listen 80 ;
    listen [::]:80;

    return 301 https://$server_name$request_uri;

    access_log /var/log/nginx/www.example.com-access.log timed;
    error_log /var/log/nginx/www.example.com-error.log;
    root /var/www/examplecom/html/_site;
    server_name example.com www.example.com;

        location / {
        index index.html index.php;
        try_files $uri $uri/;
        }

    location ~ /.well-known {
                allow all;
        }

}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    access_log /var/log/nginx/www.example.com-access.log timed;
    error_log /var/log/nginx/www.example.com-error.log;
    root /var/www/examplecom/html/_site;
    server_name example.com www.example.com;

    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

    location / {
        index index.html index.php;
        try_files $uri $uri/;
    }

    location ~ /.well-known {
                allow all;
        }

}

Does anyone know how to secure my Jekyll. Since i had to install ruby for this i want to secure my web server like php-fpm pool.

If you need additional information about my setup please let me know!

Answer 1

Because Jekyll generates static websites, security vulnerabilities are less relevant than with dynamic websites like PHP and Python. NGINX actually has a guide on their website about what the configuration should be when hosting a static website.

The importance of security is in your case more important for clients, which is why you should try to make sure your SSL/TLS settings are optimal. A decent guide for this can be found here.

Don't forget to check the actual strength of your configuration on SSL Labs.