Install nginx
We support nginx version 1.7.x. Installing the nginx software is beyond the scope of this guide. You can refer to a resource like the following:
- nginx wiki
- How To Install Nginx on Ubuntu 14.04 LTS (digitalocean)
- How To Install Nginx on CentOS 6 (digitalocean)
nginx security setting
Byte.nl recently reported that some misconfigured Magento sites using the nginx web server software are vulnerable to attacks. The misconfiguration allows outside access to Magento cache files. The cache files have predictable names and can contain sensitive information, including Magento database passwords. This information can be used to obtain access to an installation and customer information.
To avoid this issue, you can use this nginx configuration provided by Willem de Groot.
We also recommend you review the Magento Security Best Practices.
Additionally, you can also check your site for other security vulnerabilities at http://magereport.com. This is a Magento community project that is not affiliated with Magento.