m openmage

OpenMage LTS Developer Documentation

nginx configuration

Install nginx

We support nginx version 1.7.x. Installing the nginx software is beyond the scope of this guide. You can refer to a resource like the following:

nginx security setting

Byte.nl recently reported that some misconfigured Magento sites using the nginx web server software are vulnerable to attacks. The misconfiguration allows outside access to Magento cache files. The cache files have predictable names and can contain sensitive information, including Magento database passwords. This information can be used to obtain access to an installation and customer information.

To avoid this issue, you can use this nginx configuration provided by Willem de Groot.

We also recommend you review the Magento Security Best Practices.

Additionally, you can also check your site for other security vulnerabilities at http://magereport.com. This is a Magento community project that is not affiliated with Magento.