webserver/nginx-snippets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62613440f6b45d4cfc825c2267d2178dc3214cbd
nginx-snippets/README.md

157 lines
3.4 KiB
Markdown
Raw Normal View History

latest commit
2025-12-19 15:48:34 +01:00
# Nginx Snippets for Ubuntu 24.04 Server
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![WebServer](https://img.shields.io/badge/server-nginx-009639)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
Install modular Nginx snippet library for Ubuntu 24.04.
This is not a demo and not an experiment.
This is reusable security, caching, TLS and performance building blocks — no clutter, no spaghetti config.
## Why this exists
Editing one long config file scales poorly. Snippets make Nginx structured and maintainable.
## What this installer does
✔ Drop-in security modules
✔ Cloudflare Real-IP support
✔ Caching bundles
✔ Hardened baseline templates included
✔ Hostfile examples provided
## What this installer does *NOT* do
It wont stop you from running the script without reading the documentation like theres no tomorrow.
Skip the README, and whatever happens next is your headache, not a bug report.
---
## Install
```
git clone https://git.x-files.dk/webserver/nginx-snippets.git /etc/nginx/nginx-snippets
```
If you used the **nginx-ubuntu installer**, these are already installed.
---
## Directory Structure
```
nginx-snippets/
├─ cache-open-files.conf
├─ cache-js-css.conf
├─ cache-statics.conf
├─ cloudflare-real-ip.conf
├─ security-headers.conf
├─ badbots-block.conf
├─ ssl-defaults.conf
├─ errorpages/
│ ├─ 403.html
│ ├─ 404.html
│ ├─ 500.html
├─ hostfiles/
├─ example.80.conf
├─ wordpress.80.conf
├─ gitea.80.conf
├─ dokuwiki.80.conf
```
---
## How to use a snippet
In any server block:
```
server {
include /etc/nginx/nginx-snippets/security-headers.conf;
include /etc/nginx/nginx-snippets/cloudflare-real-ip.conf;
}
```
Reload after changes:
```
sudo nginx -t && sudo systemctl reload nginx
```
---
## Snippet Index & Purpose
| File | Purpose |
|---|---|
| `cloudflare-real-ip.conf` | Restores original visitor IP when behind Cloudflare |
| `badbots-block.conf` | Blocks known crawlers, scanners & garbage traffic |
| `security-headers.conf` | Modern HTTP security headers enabled |
| `ssl-defaults.conf` | Opinionated TLS configuration for production |
| `cache-open-files.conf` | Caches file descriptors for efficiency |
| `cache-statics.conf` | Caches images/fonts/media for long TTL |
| `cache-js-css.conf` | Caches CSS/JS aggressively |
---
## Recommended Bundles
### Performance stack
```
include cache-open-files.conf;
include cache-js-css.conf;
include cache-statics.conf;
```
### Security hardening
```
include security-headers.conf;
include badbots-block.conf;
```
### Cloudflare deployment
```
include cloudflare-real-ip.conf;
include security-headers.conf;
```
### TLS enabled site
```
include ssl-defaults.conf;
include security-headers.conf;
```
---
## Example Host File
```
server {
listen 80;
server_name example.com;
include /etc/nginx/nginx-snippets/security-headers.conf;
include /etc/nginx/nginx-snippets/cloudflare-real-ip.conf;
root /var/www/example;
index index.php index.html;
}
```
More examples in:
```
hostfiles/
```
---
### More Information
More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
---
### License
Licensed under the [MIT License](./LICENSE).
---
Reference in New Issue Copy Permalink