Out of the box, Nginx is fast and stable but tells the world more than it should and accepts more abuse than it needs to. It advertises its exact version in every response header, negotiates TLS protocols that should have been retired years ago, and lets a single misbehaving client hammer an expensive endpoint as hard …

There is no longer any reason to serve a website over plain HTTP. A trusted TLS certificate costs nothing, browsers flag sites without one as "Not Secure," and search engines treat HTTPS as a ranking signal. The piece that used to be painful — issuing, installing, and renewing certificates every ninety days — is now …