# Nginx Kit

## Start

```bash
git clone https://git.forge.st/ops/nginx-kit.git /opt/nginx-kit
ln -s /opt/nginx-kit /etc/nginx/kit
```

### Update

```bash
cd /opt/nginx-kit
git pull
nginx -t
systemctl reload nginx
```

## Usage

In server block:

```nginx
server {
	# ...
	include snippets/cert/mydomain.com.conf;
	include	kit/ssl/security.conf;
	include	kit/ssl/hsts.conf;
	include	kit/ssl/force.conf;
	# ...
}
```

### Tamplates

#### SSL Certs

```bash
cd /etc/nginx
mkdir snippets/cert
cp kit/templates/cert/example.com.conf snippets/cert/mydomain.com.conf
vi snippets/cert/mydomain.com.conf
```

Replace the path with yours, then include in your server block:

```nginx
server {
	# ...
	include snippets/cert/mydomain.com.conf;
	include kit/ssl/security.conf;
	include kit/ssl/hsts.conf;
	# ...
}
```

### SSL snippets

- `kit/ssl/security.conf`: TLS protocol and session resumption settings.
- `kit/ssl/hsts.conf`: HSTS header for HTTPS responses.
- `kit/ssl/force.conf`: Redirect HTTP requests to HTTPS.