We should configure all public nginx servers to serve encrypted content only. For doing so, we should introduce a trusted certificate which has to be installed on the client machine. Also, we should make sure that the TLS configuration nginx is hardened.
See the documentation of the Ansible nginx role fo further information on how to configure the deployment.
See Mozilla's SSL Configuration Generator for hints on how to configure TLS securely.
keyctl
commented
5 years ago
We should configure all public nginx servers to serve encrypted content only. For doing so, we should introduce a trusted certificate which has to be installed on the client machine. Also, we should make sure that the TLS configuration nginx is hardened.
See the documentation of the Ansible nginx role fo further information on how to configure the deployment. See Mozilla's SSL Configuration Generator for hints on how to configure TLS securely.