Security Best Practices

Best practices for enhanced performance.

# SSL/TLS

For any public traffic it's important to use SSL/TLS encryption. You may notice reading the docs that there is no SSL/TLS configuration options for naboris. That is because naboris communicates exclusively over unsecured http. Encryption is still possible, and highly recommended, by using a reverse proxy.

Here is an example configuration for an nginx server using SSL/TLS and forwarding traffic to a local naboris server listening on port 8000. You can find more information here.

1server {
2  listen 443 ssl;
3  listen [::]:443 ssl;
4
5  server_name ssltest.shawnmcginty.com www.ssltest.shawnmcginty.com;
6
7  location / {
8    proxy_pass http://localhost:8000;
9  }
10
11  ssl_certificate /fake/path/to/fullchain.pem;
12  ssl_certificate_key /fake/path/to/privkey.pem;
13}

# Session Configuration

If your server makes use of sessions it is important to change the default session id key. This makes many automated attacks much more difficult. ServerConfig.setSessionConfig takes optional parameter ~sidKey making it very easy to change the default session id key. More importantly the optional parameter ~secret sets the secret used when signing session id cookies.

# Follow HTTP Best Practices

There are many guidelines and best practices to follow when securing an HTTP server.

Support us on GitHub

Star, follow, fork

Star Fork

Found a typo? a bug? or something that just doesn't make any sense? Help improve these docs by opening a github issue.

naboris source code is licensed MIT.
It can be used, copied, and modified free of charge. However, the software is provided "as is" without any warranties. Click the link above for more information.