61 lines
1,012 B
Markdown
61 lines
1,012 B
Markdown
# Nginx Kit
|
|
|
|
## Start
|
|
|
|
```bash
|
|
git clone https://git.forge.st/ops/nginx-kit.git /opt/nginx-kit
|
|
ln -s /opt/nginx-kit /etc/nginx/kit
|
|
```
|
|
|
|
### Update
|
|
|
|
```bash
|
|
cd /opt/nginx-kit
|
|
git pull
|
|
nginx -t
|
|
systemctl reload nginx
|
|
```
|
|
|
|
## Usage
|
|
|
|
In server block:
|
|
|
|
```nginx
|
|
server {
|
|
# ...
|
|
include snippets/cert/mydomain.com.conf;
|
|
include kit/ssl/security.conf;
|
|
include kit/ssl/hsts.conf;
|
|
include kit/ssl/force.conf;
|
|
# ...
|
|
}
|
|
```
|
|
|
|
### Tamplates
|
|
|
|
#### SSL Certs
|
|
|
|
```bash
|
|
cd /etc/nginx
|
|
mkdir snippets/cert
|
|
cp kit/templates/cert/example.com.conf snippets/cert/mydomain.com.conf
|
|
vi snippets/cert/mydomain.com.conf
|
|
```
|
|
|
|
Replace the path with yours, then include in your server block:
|
|
|
|
```nginx
|
|
server {
|
|
# ...
|
|
include snippets/cert/mydomain.com.conf;
|
|
include kit/ssl/security.conf;
|
|
include kit/ssl/hsts.conf;
|
|
# ...
|
|
}
|
|
```
|
|
|
|
### SSL snippets
|
|
|
|
- `kit/ssl/security.conf`: TLS protocol and session resumption settings.
|
|
- `kit/ssl/hsts.conf`: HSTS header for HTTPS responses.
|
|
- `kit/ssl/force.conf`: Redirect HTTP requests to HTTPS.
|