A generic nginx install & config using nginx-full & ssl-cert packages
This commit is contained in:
parent
8ce9a2ad04
commit
c482447842
|
@ -0,0 +1,41 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Run this script with "(sudo) bash <filename> <args>".
|
||||
|
||||
# Exit on error.
|
||||
#set -e
|
||||
# Debug
|
||||
set -eux
|
||||
|
||||
# Install Debian nginx-full & ssl-cert package.
|
||||
apt install nginx-full ssl-cert
|
||||
|
||||
# Disable default site configuration.
|
||||
rm -vf /etc/nginx/sites-enabled/default
|
||||
|
||||
# Simple default ssl-only configuration using snippets/snakeoil.conf.
|
||||
cat <<NGX > /etc/nginx/sites-available/custom-default
|
||||
# Add custom http block options, upstreams etc into a file like snippets/custom-default-10-myupstream.pre.
|
||||
include snippets/custom-default-*.pre;
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
include snippets/snakeoil.conf;
|
||||
|
||||
# Add custom server block options, api locations etc into a file like snippets/custom-default-api.inc.
|
||||
include snippets/custom-default-*.inc;
|
||||
}
|
||||
NGX
|
||||
|
||||
# Enable our custom default config.
|
||||
ln -sfv /etc/nginx/sites-available/custom-default /etc/nginx/sites-enabled/custom-default
|
||||
|
||||
nginx -t
|
||||
|
||||
systemctl force-reload nginx
|
Loading…
Reference in New Issue