Travis Tran

Travis Tran

BREAKTHROUGH the limits

Nginx Templates

GitHub Repo: Pitagon GitHub
Please consider following this project’s author and consider starring the project to show your ❤️ and support.

Nginx Templates

Secure and fastify your nginx setup process with useful features using these templates.

General security features:

  • Turn off `access log`, `error log` and `log not found` in default.
  • Disable sensitive information.
  • Disable sending the nginx version number in error pages and Server header.
  • Disallow the browser to render the page inside a frame or iframe and avoid click-jacking in default.
  • Disable content-type sniffing on some browsers.
  • Enable the Cross-site scripting (XSS) filter built into most recent web browsers.
  • Enable `Content Security Policy` (CSP) to tell the browser that it can only download content from the domains you explicitly allow.
  • Enable Gzip.
  • Caching for static files.
  • Disable directory listing.
  • Ignore common 404s.
  • Disable direct access to Dotfiles.
  • Prevent access to any files starting with a $ (usually temp files).
  • Block executable file type.
  • Allow ACME Challenge requests.
  • Enable SSL common configurations.
  • Built-in templates that help to create new website using virtual host easily:
    • `app` – App template: Redirect to an HTTP app using `proxy_pass`.
    • `static` – Static template: Serve static app like `HTML` app, `SPA` using `root`.
    • `wp` – WordPress template: Redirect to an HTTP website (that could be served by another web server, eg: Apache, OpenLiteSpeed, Docker Container, etc.).
    • `wp_php` – PHP WordPress template: Serve WordPress website using PHP FastCGI with `fastcgi_pass`.

WordPress’ security features:

  • Enable rate limit.
  • Hide PHP version.
  • PHP FastCGI default configuration.
  • Common deny or internal locations, to help prevent access to areas of the site that should not be public.
  • Block WordPress installation pages to avoid brute force attacks and for obscurity.
  • Deny accesses to .php files in some directories (including sub-folders).
  • Block common exploit requests.
  • Block accesses to wp-config.php and any files similarly named.
  • Limit XML-RPC Access.
  • Limit Request Types.
  • Block user enumeration to protect usernames.
  • Reduce spam.

Configuration

Edit the `env.sh` file to update the default Nginx directory.

Installation

Clone this repository or copy the files from this repository into a new folder:

git clone https://github.com/ThePitagon/nginx-templates.git

Open a terminal, `cd` to the folder in which `nginx-templates` is saved.

Data Structure

Cloned project


├── conf.d
├── html
├── includes
├── templates
├── apply.sh
├── env.sh
├── install.sh
├── LICENSE
├── make.env.sh
├── make.sh
├── nginx.conf
└── README.md
  • `conf.d` contains default configurations for common uses.
  • `html` contains nginx public files.
  • `includes` contains configuration files for specific purposes.
  • `templates` contains template files for ease of use.

Usage

Fresh install

Start fresh installation by run the following script:

./install.sh

Apply to existed nginx

./apply.sh

Creating new website from template

You can easily create a new website configuration by edit the `make.env.sh` file then execute the following command:

bash ./make.sh TEMPLATE_TYPE OUTPUT_PATH
  • `TEMPLATE_TYPE` should be one of these values: [`app`, `static`, `wp`, `wp_php`]
  • `OUTPUT_PATH` is path of the output file.

Then, check out the configuration file with the name `DOMAIN.conf` created in the `OUTPUT_PATH`.

Examples:

./make.sh app apps
systemctl restart nginx
X
Glad to have you at travistran.me
Welcome to TravisBot
wpChatIcon