NGINX ingress controller hardening guide

Click for: original source

This guide describes, what of the different configurations described in those guides is already implemented as default in the nginx implementation of kubernetes ingress. By @kubernetes.github.io.

There are several ways to do hardening and securing of nginx. In this documentation two guides are used, the guides are overlapping in some points:

  • nginx CIS Benchmark
  • cipherlist.eu (one of many forks of the now dead project cipherli.st)

Be aware that this is only a guide. Some of the configurations may lead to have specific clients unable to reach your site or similar consequences. The guide clearly depicts what needs to be configured, what is obsolete due to the fact that the nginx is running as container (the CIS benchmark relates to a non-containerized installation) and what is difficult or not possible. Nice one!

[Read More]

Tags nginx infosec devops cloud distributed apis servers