2017-09-05 23:29:48 +00:00
# awesome-nginx-security
2020-09-18 23:55:59 +00:00
A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
2017-09-05 23:43:08 +00:00
2017-09-06 00:05:30 +00:00
## Articles
2017-09-05 23:43:08 +00:00
2017-10-03 01:21:45 +00:00
- [Building a Security Shield for Your Applications with NGINX ](https://www.nginx.com/blog/build-application-security-shield-with-nginx-wallarm )
- [Pitfalls and Common Security Mistakes in NGINX configuration ](https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ )
2017-09-05 23:54:58 +00:00
- [Let's Encrypt & Nginx ](https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/ )
- [Installing the Nginx Plus with mod_security WAF ](https://www.nginx.com/resources/admin-guide/nginx-plus-modsecurity-waf-installation-logging/ )
2017-09-15 02:19:05 +00:00
- [CloudFlare's new WAF: compiling to Lua (based on Nginx) ](https://blog.cloudflare.com/cloudflares-new-waf-compiling-to-lua/ )
2017-09-15 02:33:39 +00:00
- [Tips to harden your nginx configuration ](https://www.acunetix.com/blog/articles/nginx-server-security-hardening-configuration-1/#comment-16863 )
2017-10-03 01:24:34 +00:00
- [How To Protect an Nginx Server with Fail2Ban on Ubuntu 14.04 ](https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04 )
2017-09-15 02:34:03 +00:00
- [Important steps to take to make an Nginx server more secure ](https://help.dreamhost.com/hc/en-us/articles/222784068-The-most-important-steps-to-take-to-make-an-Nginx-server-more-secure )
2019-02-22 17:39:14 +00:00
- [Building Security into Cloud Native Apps with NGINX ](https://www.helpnetsecurity.com/2019/02/19/building-security-into-cloud-native-apps-with-nginx/ )
2020-09-21 17:55:16 +00:00
- [Sandboxing nginx with systemd ](https://medium.com/@nickodell/sandboxing-nginx-with-systemd-80441923c555 )
2017-09-15 02:07:16 +00:00
2019-02-22 17:42:41 +00:00
## Talks
2020-09-18 23:53:57 +00:00
- [AppSecCali 2019 Lightning Talk - Building Cloud-Native Security for Apps and APIs with NGINX/Kubernetes ](https://www.youtube.com/watch?v=xcjFgZ_FN4w ) - super practical
2019-02-22 17:42:41 +00:00
- [Let's Encrypt TLS for Every (video) ](https://www.youtube.com/watch?v=ac4tE4_4nU0 )
- [Behavior Based Security with Repsheet: Aaron Bedra @nginxconf 2014 (video) ](https://www.youtube.com/watch?v=9AyaVxzqYoA )
- [Scripting NGINX for Overload Protection (video) ](https://www.youtube.com/watch?v=uFm-tp4t2mE )
- [Naxsi, a WAF for NGINX (video) ](https://www.youtube.com/watch?v=JiJHCodn_PQ )
2017-09-15 02:07:16 +00:00
## Configuration
- [gixy ](https://github.com/yandex/gixy/ ) - a tool to analyze Nginx configuration to prevent security misconfiguration
2018-02-19 12:23:29 +00:00
- [nginxconfig.io ](https://nginxconfig.io ) - [GitHub ](https://github.com/valentinxxx/nginxconfig.io ) - Online nginx configuration generator for general purposes.
2017-09-05 23:43:08 +00:00
2020-09-18 23:48:28 +00:00
## WAF for NGINX. Protect APIs, applications and microservices
2017-09-06 00:10:44 +00:00
2017-09-06 00:12:12 +00:00
- [mod_security ](https://github.com/SpiderLabs/ModSecurity-nginx ) - mod_security for NGINX
2017-09-06 00:10:44 +00:00
- [naxsi ](https://github.com/nbs-system/naxsi ) - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX.
2017-10-03 01:21:45 +00:00
- [NGINX 3rd Party Modules ](https://www.nginx.com/resources/wiki/modules/ ) - a list of third-party modules (including security-related) for NGINX and NGINX Plus, created and maintained by members of the NGINX community
2020-09-18 23:48:28 +00:00
- [Wallarm ](https://wallarm.com ) - Advanced Cloud-Native WAF
2017-10-03 01:21:45 +00:00
2019-02-22 17:39:14 +00:00
## WAF for Kubernetes. Protect Cloud Native Apps
2020-09-25 23:14:06 +00:00
- [WAF for Kubernetes ](https://wallarm.com/solutions/waf-for-kubernetes/ ) - Deploy WAF in Kubernetes on Ingeress Controller or as a sidecar proxy
2017-09-06 00:10:44 +00:00
2017-09-15 02:18:26 +00:00
## Bot mitigation / Anti-scrapping / Account take-over prevention
2017-09-15 02:07:16 +00:00
2017-09-06 00:05:14 +00:00
- [testcookie-nginx-module ](https://github.com/kyprizel/testcookie-nginx-module ) - Simple robot mitigation module using cookie based challenge/response technique
2017-09-15 02:07:16 +00:00
## NGINX forks
- [SEnginx ](https://github.com/NeusoftSecurity/SEnginx ) - Security-Enhanced nginx
- [lua-resty-waf ](https://github.com/p0pr0ck5/lua-resty-waf ) - High-performance WAF built on the OpenResty stack
2020-09-21 17:55:16 +00:00
- [bunkerized-nginx ](https://github.com/bunkerity/bunkerized-nginx ) - nginx based Docker image secure by default.
2017-09-15 02:33:39 +00:00
## Other
- [Secure nginx config. GIST ](https://gist.github.com/plentz/6737338 ) - nginx configuration for improved security and performance