nathan
/
aney.co.uk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
master
web-bloat
release/0.3.0
v0.6.0
v0.5.0
v0.4.0
v0.3.0
0.1
v0.1.1
v0.2.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e065ae08bf'
${ noResults }
aney.co.uk/guides/nginx-web-optimisation.html

120 lines
4.4 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Learn how to Secure, and optimise your NGINX server with an easy guide">
<meta name="keywords" content="Blog, articles, news">
<meta name="author" content="Nathan (Aney) Steel">
<meta name="theme-color" content="white">
<meta name="theme-color" content="black">
<link rel="stylesheet" type="text/css" href="/main.css">
<link rel="icon" type="image/png" href="/images/favicon.svg">
<title>NGINX web optimisation</title>
</head>
<body>
<header>
<a href="#main" class="vh">Jump directly to main content</a>
<h1>NGINX web optimisation</h1>
<input id="burger-toggle" type="checkbox"/>
<label class="burger-container" for="burger-toggle"><div class="burger"></div><span class="sr">Burger menu</span></label>
<hr/>
<nav>
<a href="/">home</a>
<a href="/about.html">about</a>
<a href="/projects.html">projects</a>
<a href="/blog/">blog</a>
<a href="/sitemap.html">misc</a>
<a href="/support.html">support</a>
</nav>
<hr/>
</header>
<main id="main">
<section>
<p>Optimisations for the nginx configs will increase both the security, and performance of your website
<h2>TODO: Headers</h2>
<p>These headers tell nginx what, and how things can be served. They need to be added to each site-available that intends to use them</p>
<pre><code>sudo vim /etc/nginx/sites-available/<DOMAIN></code></pre>
<p>Within the server block. If certbot/SSL is setup, add into the block listening to port 443 (HTTPS)</p>
<pre><code>add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
add_header Content-Security-Policy "default-src 'self';" always;
add_header X-Frame-Options SAMEORIGIN always;
add_header "X-XSS-Protection" "1";
add_header X-Content-Type-Options nosniff ;</code></pre>
<h2>Gzip Compression</h2>
<p>Compressing data that is sent to the client is a simple way to save some bandwidth, and gain a bit of speed</p>
<pre><code>sudo vim /etc/nginx/nginx.conf</code></pre>
<p>This goes within the http block, there is likely already a gzip section, so find it and replace with the below. Otherwise just add to the http block.</p>
<pre><code>##
# Gzip Settings
##
gzip on ;
gzip_disable "msie6" ;
gzip_min_length 256 ;
gzip_vary on ;
gzip_proxied any ;
gzip_comp_level 6 ;
gzip_buffers 16 8k ;
gzip_http_version 1.1 ;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml
;</code></pre>
<h3>TODO: Brotli Compression</h3>
<p>Brotli is a new less used contender in the web compression space, but I've heard good things. I'll add this section once I've tested performance vs gzip myself</p>
<h2>TODO: SSL Tweaks</h2>
<h2>HTTP/2</h2>
<p>The newer standard of HTTP. It allows for parallel downloading, and other niceities. I believe Certbot does this for you when setting up SSL for a site, but if that changes, or you've used a different SSL cert, you can set this manually.</p>
<pre><code>sudo vim /etc/nginx/sites-available/<WEBSITE_CONFIG></code></pre>
<p>Alter the existing listen lines to append http2</p>
<pre><code>listen 443 ;</pre></code>
<p>to</p>
<pre><code>listen 443 http2 ;</pre></code>
<p>After an nginx reload, this can be checked, by looking for HTTP/2 being returned by the below curl command</p>
<pre><code>curl -I -L https://<WEBSITE></code></pre>
<h2>TODO: Cache Files, and Images</h2>
<p></p>
<h2>TODO: Limit requests</h2>
<p>To prevent potential DOS attacks, and web scrapers the amount of requests/connections per IP can be reduced</p>
<h2>TODO: Redirect www/non-www to each other</h2>
<p>People still type www. before a domain, even if it's not required. Cringe</p>
</section>
</main>
<footer>
<hr/>
<p>Written by <a href="https://aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink