NGINX

01. NGINX Reverse Proxy

  • Basic Setup

## ------------------| Setup
sudo apt-get update
sudo apt-get install nginx
sudo systemctl enable nginx
sudo systemctl restart nginx

## ------------------| Config Headers
## sudo vi /etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

## ------------------| Configuration
## sudo vi /etc/nginx/sites-available/h4rithd.com
server {
    listen 80;
    server_name h4rithd.com www.h4rithd.com dev.h4rithd.com;
    
    location / {
            proxy_pass http://127.0.0.1:8080;
            include proxy_params;
    }
}

## ------------------| Enable the site
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
  • SSL Setup

## ------------------| Create SSL Certificate
domain=h4rithd.com
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/$domain.key -out /etc/ssl/certs/$domain.crt

## ------------------| Configure to use SSL
## sudo vi /etc/nginx/snippets/self-signed.conf
ssl_certificate /etc/ssl/certs/h4rithd.com.crt;
ssl_certificate_key /etc/ssl/private/h4rithd.com.key;
## sudo vi /etc/nginx/snippets/ssl-params.conf
ssl_protocols TLSv1.3; # Allow only TLS v1.3 for secure connections
ssl_prefer_server_ciphers on; # Prioritize server ciphers over client ciphers
ssl_dhparam /etc/nginx/dhparam.pem; # Path to Diffie-Hellman parameter file
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:EECDH+AESGCM:EDH+AESGCM; # Specify allowed cipher suites
ssl_ecdh_curve secp384r1; # Define elliptic curve for ECDH key exchange
ssl_session_timeout 5m; # Set session timeout duration
ssl_session_cache shared:SSL:10m; # Enable session caching
ssl_session_tickets off; # Disable session tickets for improved security
ssl_stapling on; # Enable OCSP stapling for certificate validation
ssl_stapling_verify on; # Verify OCSP response for added security
#resolver 8.8.8.8 8.8.4.4 valid=300s; # Define DNS resolvers with a validity period of 300 seconds
#resolver_timeout 5s; # Set resolver timeout for DNS lookups
add_header X-Frame-Options DENY; # Prevent framing to mitigate clickjacking
add_header X-Content-Type-Options nosniff; # Prevent MIME type sniffing
add_header X-XSS-Protection "1; mode=block"; # Enable XSS protection
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; # Enable HTTP Strict Transport Security (HSTS)


## ------------------| Configuration
## sudo vi /etc/nginx/sites-available/h4rithd.com
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name h4rithd.com www.h4rithd.com dev.h4rithd.com;
    
    include snippets/self-signed.conf;
    include snippets/ssl-params.conf;

    location / {
            ## try_files $uri $uri/ =404;
            proxy_pass http://127.0.0.1:8080;
            include proxy_params;
    }
}
server {
    listen 80;
    server_name h4rithd.com www.h4rithd.com dev.h4rithd.com;
    
    # Redirect HTTP to HTTPS
    location / {
        return 302 https://$server_name$request_uri;
    }
}

## ------------------| Enable the site
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

02. Exploits

## ------------------| If code look like this
location /admin { 
    <--code-->
}

## ------------------| It has LFI; try this
admin../config.php

Last updated