Skip to content

Tips

Handy tips always at your fingertips

A collection of 123 tips that come in real handy when you need them. Originally posted as tweets on my Twitter account, and now gathered here so you can browse them easily.

Find Vulnerabilities in Your Nginx Configuration

💡 Server security is hard. Moreso if you're still learning your way around. Luckily there are tools to guide us.

👉🏼 Gixy is one such tool for Nginx. It analyzes your configuration for security vulnerabilities.

https://github.com/yandex/gixy

Read tip

Secure Your VPS: Use Non-Root User

💡 Root user in Linux has unrestricted access to a system. When compromised, an attacker gains complete control of the server.

👉🏼 It's best practice to use a non-root user and disable root login. Set PermitRootLogin to "no" in /etc/ssh/sshd_config.

Set PermitRootLogin to no in /etc/ssh/sshd_config to disable root login. Read tip

Sites-Available vs Sites-Enabled in Nginx

💡 Nginx on Linux makes use of symlinks in a smart way to enable site configurations.

👉🏼 "sites-available" folder holds all your site configurations. In the "sites-enabled" folder you create symlinks to the previous folder for the sites you wish to enable.

Create a symlink with ln -s from sites-enabled to sites-available to enable a site's configuration. Read tip

Secure Your VPS: Disable Password Login

💡 Servers are often a target for SSH brute-forcing attacks. Disable password login to prevent an attacker from gaining access to your server.

👉🏼 Use a keypair for authentication and set PasswordAuthentication to "no" in /etc/ssh/sshd_config.

Set PasswordAuthentication to no in /etc/ssh/sshd_config to disable password login. Read tip

Find Popular JavaScript/Node.js Libraries

💡 Looking for a popular JavaScript or Node.js library in specific domain?

👉🏼 Best of JavaScript by @michaelrambeau is my go to resource to browse the JS ecosystem.

Tip: Order by 🌟 added last year.

https://bestofjs.org/

Read tip

Secure File Transfer From/To Remote Server

💡 Secure Copy Protocol (SCP) is an easy way to securely transfer files to and from a remote server.

You can use scp to copy an entire project folder in order to deploy an app, or a single file like ".env".

Run scp source destination to transfer files from/to remote server in a secure way. Prepend user@host: to the remote path. Read tip

Improve Nginx Performance: Direct File Transfers

💡 A quick tip to boost Nginx performance:

👉🏼 Speed up file transfers by using sendfile() to copy directly between descriptors rather than using read() & write().

Improve Nginx performance by setting sendfile directive in the https block to on. Read tip

Use Sudo Without Password Prompt in Scripts

💡 Using a non-root user and requiring a password for sudo is a security best practice. However, in scripts you often need to use sudo without a password.

👉🏼 Run:

➡️ sudo visudo

And add this line to "/etc/sudoers" to disable password req:

"youruser ALL=(ALL:ALL) NOPASSWD: ALL"

To allow a user named ansible to use all sudo commands without a password, add ansible ALL=(ALL:ALL) NOPASSWD: ALL in /etc/sudoers file. Read tip

Programatically Check If System Requires Restart

💡 How do you programatically find out if a system needs to be restarted?

👉🏼 Check for the existence of "/var/run/reboot-required" file. Also, "/var/run/reboot-required.pkgs" shows the related packages.

Run cat /var/run/reboot-required to check if system requires a reboot. cat /var/run/reboot-required.pkgs shows the packages that involved. Read tip

Don't Accidentally Serve Dotfiles With Nginx

💡 When serving your frontend app directly through Nginx, make sure to not accidentally expose any dotfiles.

👉🏼 Add a location directive to your server configuration to block access to all hidden files.

Add deny all inside a location block matching ~ /\.(?!well-known) paths to not serve dotfiles in your project. Read tip