the best security conf for nginx
# @author: @ricardo090489
# works in nginx/1.13.4 - OpenSSL 1.0.1t
# don't send the nginx version number in error pages and Server header
server_tokens off;
sitemapxml
🏠
sitemapxml
/ nginx-sample.conf
Created
October 24, 2021 15:27
Nginx Virtual Host configuration for example.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Virtual Host configuration for example.com | |
| # | |
| # You can move that to a different file under sites-available/ and symlink that | |
| # to sites-enabled/ to enable it. | |
| # | |
| #server { | |
| # listen 80; | |
| # listen [::]:80; | |
| # | |
| # server_name example.com; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| root /var/www/html; | |
| # Add index.php to the list if you are using PHP | |
| index index.html index.htm index.php; | |
| server_name _; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Hello World Service | |
| After=systend-user-sessions.service | |
| [Service] | |
| Type=simple | |
| ExecStart=/usr/bin/hello-world.sh |
sitemapxml
/ nginx-default.conf
Created
October 30, 2021 19:43
Default nginx template in sites-available
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # You should look at the following URL's in order to grasp a solid understanding | |
| # of Nginx configuration files in order to fully unleash the power of Nginx. | |
| # https://www.nginx.com/resources/wiki/start/ | |
| # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ | |
| # https://wiki.debian.org/Nginx/DirectoryStructure | |
| # | |
| # In most cases, administrators will remove this file from sites-enabled/ and | |
| # leave it as reference inside of sites-available where it will continue to be | |
| # updated by the nginx packaging team. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## devtools.onboarding.telemetry.logged = false | |
| toolkit.telemetry.updatePing.enabled = false | |
| browser.newtabpage.activity-stream.feeds.telemetry = false | |
| browser.newtabpage.activity-stream.telemetry = false | |
| browser.ping-centre.telemetry = false | |
| toolkit.telemetry.bhrPing.enabled = false | |
| toolkit.telemetry.enabled = false | |
| toolkit.telemetry.firstShutdownPing.enabled = false | |
| ## toolkit.telemetry.hybridContent.enabled = false | |
| toolkit.telemetry.newProfilePing.enabled = false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Function that picks the best available pager | |
| pager() { | |
| # if stdout is not to a TTY, copy directly w/o paging | |
| [ -t 1 ] || { cat; return; } | |
| if [ -n "$PAGER" ]; then ## honor the user's choice, if they have a pager configured | |
| "$PAGER" | |
| elif command -v less >/dev/null 2>&1; then |
sitemapxml
/ build_nginx.sh
Created
March 6, 2022 18:01
— forked from MattWilcox/build_nginx.sh
Fetch, build, and install the latest nginx with the latest OpenSSL for RaspberryPi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # names of latest versions of each package | |
| export VERSION_PCRE=pcre-8.38 | |
| export VERSION_OPENSSL=openssl-1.0.2d | |
| export VERSION_NGINX=nginx-1.9.7 | |
| # URLs to the source directories | |
| export SOURCE_OPENSSL=https://www.openssl.org/source/ | |
| export SOURCE_PCRE=ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ |
sitemapxml
/ full-disk-encryption-arch-uefi.md
Created
May 20, 2022 22:10
— forked from huntrar/full-disk-encryption-arch-uefi.md
Arch Linux Full-Disk Encryption Installation Guide [Encrypted Boot, UEFI, NVMe, Evil Maid]
This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.
Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.
You will find most of this information pulled from the Arch Wiki and other resources linked thereof.
Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.
sitemapxml
/ GitConfigHttpProxy.md
Created
May 30, 2022 21:55
— forked from evantoli/GitConfigHttpProxy.md
Configure Git to use a proxy