42 lines
1.2 KiB
Bash
42 lines
1.2 KiB
Bash
#!/bin/bash
|
|
|
|
# Run this script with "(sudo) bash <filename> <args>".
|
|
|
|
# Exit on error.
|
|
#set -e
|
|
# Debug
|
|
set -eux
|
|
|
|
# Install Debian nginx-full & ssl-cert package.
|
|
apt install nginx-full ssl-cert
|
|
|
|
# Disable default site configuration.
|
|
rm -vf /etc/nginx/sites-enabled/default
|
|
|
|
# Simple default ssl-only configuration using snippets/snakeoil.conf.
|
|
cat <<NGX > /etc/nginx/sites-available/custom-default
|
|
# Add custom http block options, upstreams etc into a file like snippets/custom-default-10-myupstream.pre.
|
|
include snippets/custom-default-*.pre;
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_prefer_server_ciphers off;
|
|
|
|
include snippets/snakeoil.conf;
|
|
|
|
# Add custom server block options, api locations etc into a file like snippets/custom-default-api.inc.
|
|
include snippets/custom-default-*.inc;
|
|
}
|
|
NGX
|
|
|
|
# Enable our custom default config.
|
|
ln -sfv /etc/nginx/sites-available/custom-default /etc/nginx/sites-enabled/custom-default
|
|
|
|
nginx -t
|
|
|
|
systemctl force-reload nginx
|