Update with more modern parameters
This commit is contained in:
parent
70b3e5530a
commit
f83602c1c4
GPG Key ID:
10BD786B5F6FF5DE
|
|
@ -42,7 +42,7 @@ server {
|
|||
location = /favicon.ico { access_log off; log_not_found off; }
|
||||
location = /robots.txt { access_log off; log_not_found off; }
|
||||
|
||||
# Uncomment for PHP support (check /etc/nginx/phpfpm.conf), assumes PHP 7.2 FPM is installed.
|
||||
# Uncomment for PHP support (check /etc/nginx/phpfpm.conf), assumes PHP 8.1 FPM is installed.
|
||||
# include phpfpm.conf;
|
||||
|
||||
access_log /var/log/nginx/default-access.log combined;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,11 @@
|
|||
#!/bin/bash
|
||||
|
||||
BITS=2048;
|
||||
|
||||
if [[ ! -z "$1" ]]; then
|
||||
BITS=$1;
|
||||
fi
|
||||
|
||||
sudo touch /etc/nginx/dhparams.pem
|
||||
sudo chmod 700 /etc/nginx/dhparams.pem
|
||||
# 4096 would also work here:
|
||||
sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
|
||||
sudo openssl dhparam -out /etc/nginx/dhparams.pem $BITS
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
||||
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
||||
|
|
|
|||
13
setup.sh
13
setup.sh
|
|
@ -8,6 +8,7 @@ NGINX="/etc/nginx"
|
|||
SSL_BASE="/srv/ssl"
|
||||
DEFAULT_DIR="$NGINX/conf.d";
|
||||
DEFAULT_NAME="000-default.conf";
|
||||
DH_PARAMS_BITS=4096;
|
||||
|
||||
help()
|
||||
{
|
||||
|
|
@ -18,6 +19,7 @@ OPTIONS:
|
|||
-h Shows helptext
|
||||
-a Installs acme.sh and downloads "bootstrapping" files.
|
||||
-d Downloads the $DEFAULT_NAME file into $DEFAULT_DIR
|
||||
-b Use 4096 bits for dhparams (default: $DH_PARAMS_BITS)
|
||||
EOF
|
||||
}
|
||||
|
||||
|
|
@ -35,6 +37,10 @@ while getopts "had" opt; do
|
|||
DOWNLOAD_DEFAULT=1;
|
||||
echo "Downloading 000-default.conf to /etc/nginx/conf.d";
|
||||
;;
|
||||
b)
|
||||
DH_PARAMS_BITS=4096;
|
||||
echo "Using 4096 bits for dhparams";
|
||||
;;
|
||||
\?)
|
||||
echo "Invalid option: -$OPTARG" >&2
|
||||
exit 1
|
||||
|
|
@ -83,12 +89,15 @@ curl -L "$GIST/ssl_params.conf" > "$NGINX/ssl_params.conf"
|
|||
# Get the base reverse proxy configuration
|
||||
curl -L "$GIST/proxy_params" > "$NGINX/proxy_params"
|
||||
|
||||
# Get the PHP 7.4 FPM configuration (not enabled by default)
|
||||
# Get the PHP 8.1 FPM configuration (not enabled by default)
|
||||
# You also need to install PHP before enabling it.
|
||||
curl -L "$GIST/phpfpm.conf" > "$NGINX/phpfpm.conf"
|
||||
|
||||
# Get the dhparams file generation script, and execute.
|
||||
curl -L "$GIST/generate-dhparams.sh" | sudo bash
|
||||
DH_PARAMS_TEMP="$(mktemp)";
|
||||
curl -L "$GIST/generate-dhparams.sh" -o "${DH_PARAMS_TEMP}";
|
||||
sudo bash "${DH_PARAMS_TEMP}" $DH_PARAMS_BITS;
|
||||
rm "${DH_PARAMS_TEMP}";
|
||||
|
||||
# Check if systemd is installed and enable the service.
|
||||
# Since I usually just install stock Debian with systemd, this may not be required.
|
||||
|
|
|
|||
Loading…
Reference in New Issue