Update with more modern parameters
This commit is contained in:
parent
70b3e5530a
commit
f83602c1c4
|
@ -42,7 +42,7 @@ server {
|
||||||
location = /favicon.ico { access_log off; log_not_found off; }
|
location = /favicon.ico { access_log off; log_not_found off; }
|
||||||
location = /robots.txt { access_log off; log_not_found off; }
|
location = /robots.txt { access_log off; log_not_found off; }
|
||||||
|
|
||||||
# Uncomment for PHP support (check /etc/nginx/phpfpm.conf), assumes PHP 7.2 FPM is installed.
|
# Uncomment for PHP support (check /etc/nginx/phpfpm.conf), assumes PHP 8.1 FPM is installed.
|
||||||
# include phpfpm.conf;
|
# include phpfpm.conf;
|
||||||
|
|
||||||
access_log /var/log/nginx/default-access.log combined;
|
access_log /var/log/nginx/default-access.log combined;
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
BITS=2048;
|
||||||
|
|
||||||
|
if [[ ! -z "$1" ]]; then
|
||||||
|
BITS=$1;
|
||||||
|
fi
|
||||||
|
|
||||||
sudo touch /etc/nginx/dhparams.pem
|
sudo touch /etc/nginx/dhparams.pem
|
||||||
sudo chmod 700 /etc/nginx/dhparams.pem
|
sudo chmod 700 /etc/nginx/dhparams.pem
|
||||||
# 4096 would also work here:
|
sudo openssl dhparam -out /etc/nginx/dhparams.pem $BITS
|
||||||
sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
|
|
|
@ -1,7 +1,7 @@
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
|
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
||||||
|
|
13
setup.sh
13
setup.sh
|
@ -8,6 +8,7 @@ NGINX="/etc/nginx"
|
||||||
SSL_BASE="/srv/ssl"
|
SSL_BASE="/srv/ssl"
|
||||||
DEFAULT_DIR="$NGINX/conf.d";
|
DEFAULT_DIR="$NGINX/conf.d";
|
||||||
DEFAULT_NAME="000-default.conf";
|
DEFAULT_NAME="000-default.conf";
|
||||||
|
DH_PARAMS_BITS=4096;
|
||||||
|
|
||||||
help()
|
help()
|
||||||
{
|
{
|
||||||
|
@ -18,6 +19,7 @@ OPTIONS:
|
||||||
-h Shows helptext
|
-h Shows helptext
|
||||||
-a Installs acme.sh and downloads "bootstrapping" files.
|
-a Installs acme.sh and downloads "bootstrapping" files.
|
||||||
-d Downloads the $DEFAULT_NAME file into $DEFAULT_DIR
|
-d Downloads the $DEFAULT_NAME file into $DEFAULT_DIR
|
||||||
|
-b Use 4096 bits for dhparams (default: $DH_PARAMS_BITS)
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,6 +37,10 @@ while getopts "had" opt; do
|
||||||
DOWNLOAD_DEFAULT=1;
|
DOWNLOAD_DEFAULT=1;
|
||||||
echo "Downloading 000-default.conf to /etc/nginx/conf.d";
|
echo "Downloading 000-default.conf to /etc/nginx/conf.d";
|
||||||
;;
|
;;
|
||||||
|
b)
|
||||||
|
DH_PARAMS_BITS=4096;
|
||||||
|
echo "Using 4096 bits for dhparams";
|
||||||
|
;;
|
||||||
\?)
|
\?)
|
||||||
echo "Invalid option: -$OPTARG" >&2
|
echo "Invalid option: -$OPTARG" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -83,12 +89,15 @@ curl -L "$GIST/ssl_params.conf" > "$NGINX/ssl_params.conf"
|
||||||
# Get the base reverse proxy configuration
|
# Get the base reverse proxy configuration
|
||||||
curl -L "$GIST/proxy_params" > "$NGINX/proxy_params"
|
curl -L "$GIST/proxy_params" > "$NGINX/proxy_params"
|
||||||
|
|
||||||
# Get the PHP 7.4 FPM configuration (not enabled by default)
|
# Get the PHP 8.1 FPM configuration (not enabled by default)
|
||||||
# You also need to install PHP before enabling it.
|
# You also need to install PHP before enabling it.
|
||||||
curl -L "$GIST/phpfpm.conf" > "$NGINX/phpfpm.conf"
|
curl -L "$GIST/phpfpm.conf" > "$NGINX/phpfpm.conf"
|
||||||
|
|
||||||
# Get the dhparams file generation script, and execute.
|
# Get the dhparams file generation script, and execute.
|
||||||
curl -L "$GIST/generate-dhparams.sh" | sudo bash
|
DH_PARAMS_TEMP="$(mktemp)";
|
||||||
|
curl -L "$GIST/generate-dhparams.sh" -o "${DH_PARAMS_TEMP}";
|
||||||
|
sudo bash "${DH_PARAMS_TEMP}" $DH_PARAMS_BITS;
|
||||||
|
rm "${DH_PARAMS_TEMP}";
|
||||||
|
|
||||||
# Check if systemd is installed and enable the service.
|
# Check if systemd is installed and enable the service.
|
||||||
# Since I usually just install stock Debian with systemd, this may not be required.
|
# Since I usually just install stock Debian with systemd, this may not be required.
|
||||||
|
|
Loading…
Reference in New Issue