Making NGINX PCI DSS compliant
The Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 security standards designed to ensure the secure transmission and storage of payment-related information. These standards set out a stringent set of rules covering everything from server security to policy and business standards.
We'll focus only on one part of Requirement 4, which is entitled Encrypt transmission of cardholder data across open, public networks.
How to do it...
For the secure transmission of PCI DSS data with NGINX, there are a few tweaks required to achieve a standard configuration. As of version 3.2 of the standards, the use of the SSL protocol or TLS 1.0 requires additional checks and assessment. Unless it's absolutely necessary for the backwards compatibility of old equipment, we highly recommend that you disable them. Here's our working configuration:
server {
listen 443 http2 default_server;
server_name pcidss.nginxcookbook.com;
ssl_certificate...
