Travis Tran

Travis Tran


Nginx Templates

GitHub Repo: Pitagon GitHub
Please consider following this project’s author and consider starring the project to show your ❤️ and support.

Nginx Templates

Secure and fastify your nginx setup process with useful features using these templates.

General security features:

  • Turn off `access log`, `error log` and `log not found` in default.
  • Disable sensitive information.
  • Disable sending the nginx version number in error pages and Server header.
  • Disallow the browser to render the page inside a frame or iframe and avoid click-jacking in default.
  • Disable content-type sniffing on some browsers.
  • Enable the Cross-site scripting (XSS) filter built into most recent web browsers.
  • Enable `Content Security Policy` (CSP) to tell the browser that it can only download content from the domains you explicitly allow.
  • Enable Gzip.
  • Caching for static files.
  • Disable directory listing.
  • Ignore common 404s.
  • Disable direct access to Dotfiles.
  • Prevent access to any files starting with a $ (usually temp files).
  • Block executable file type.
  • Allow ACME Challenge requests.
  • Enable SSL common configurations.
  • Built-in templates that help to create new website using virtual host easily:
    • `app` – App template: Redirect to an HTTP app using `proxy_pass`.
    • `static` – Static template: Serve static app like `HTML` app, `SPA` using `root`.
    • `wp` – WordPress template: Redirect to an HTTP website (that could be served by another web server, eg: Apache, OpenLiteSpeed, Docker Container, etc.).
    • `wp_php` – PHP WordPress template: Serve WordPress website using PHP FastCGI with `fastcgi_pass`.

WordPress’ security features:

  • Enable rate limit.
  • Hide PHP version.
  • PHP FastCGI default configuration.
  • Common deny or internal locations, to help prevent access to areas of the site that should not be public.
  • Block WordPress installation pages to avoid brute force attacks and for obscurity.
  • Deny accesses to .php files in some directories (including sub-folders).
  • Block common exploit requests.
  • Block accesses to wp-config.php and any files similarly named.
  • Limit XML-RPC Access.
  • Limit Request Types.
  • Block user enumeration to protect usernames.
  • Reduce spam.


Edit the `` file to update the default Nginx directory.


Clone this repository or copy the files from this repository into a new folder:

git clone

Open a terminal, `cd` to the folder in which `nginx-templates` is saved.

Data Structure

Cloned project

├── conf.d
├── html
├── includes
├── templates
├── nginx.conf
  • `conf.d` contains default configurations for common uses.
  • `html` contains nginx public files.
  • `includes` contains configuration files for specific purposes.
  • `templates` contains template files for ease of use.


Fresh install

Start fresh installation by run the following script:


Apply to existed nginx


Creating new website from template

You can easily create a new website configuration by edit the `` file then execute the following command:

  • `TEMPLATE_TYPE` should be one of these values: [`app`, `static`, `wp`, `wp_php`]
  • `OUTPUT_PATH` is path of the output file.

Then, check out the configuration file with the name `DOMAIN.conf` created in the `OUTPUT_PATH`.


./ app apps
systemctl restart nginx
Glad to have you at
Welcome to TravisBot