It’s time to add next and last episode for our Nginx blog series. This time post will not describe specific thing, but few different tips and tricks. You can use them to improve your site performance, add additional monitoring, or just serve some files only for special users. If you have any other ideas, feel free to comment and feedback – I can add your suggestions to this blog post, or create next episode. Fine, go to our configuration files.
We have ready Nginx server, ready PHP deamons with tweaked configuration so… what next? It’s time to secure our websites. With Nginx it’s very simple to run SSL/TLS connections and also HTTP/2 – faster protocol, great for mobile devices and new web browsers. Like in previous chapters, we will make changes not only to enable secure connections, but also tweak default settings – be aware, these recommendations will not work with old browsers like Opera 12, Internet Explorer 7 or old Android (2.x) build-in browsers. I thinks is isn’t any drawback, these browsers are obsolote for a long time. Ok, let’s start with Nginx configuration.
Yes it’s something new on this blog – not only PHP, but also Node.js and Vue.js because I work on new project and use these technologies. Many, many things are completly new for me, but some of them are not. Good example is forms security: we must prevent attackers to make CSRF attacks and use tokens. Simple to say and now, in PHP world, very simple in usage – most of frameworks, most of template systems already have build-in solutions. With Express.js and Vue.js we can use available node modules, but we must still remember about some things. This post is about how use CSRF in that connection.
We’ve already installed Nginx web server, PHP, run wrappers and configure php.ini settings. Next step will be some small improvements on global PHP-FPM configuration and also, additional settings on websites wrappers. Today we will edit /etc/php-fpm/version/fpm/php-fpm.conf file. It’s PHP-FPM main configuration file. Not PHP like php.ini from last chapter, but for FastCGI Process Manager. There is no time for unnecessary descriptions, let’s edit this file.