Collection of nginx configuration templates for various use cases, mainly intended to run PHP web applications.
sudo git clone https://github.com/Fleshgrinder/nginx-configuration /etc/nginx sudo sh /etc/nginx/bin/nginx-conf sscert sudo sh /etc/nginx/bin/nginx-conf server example.com sudo sh /etc/nginx/bin/nginx-conf server example.com blog sudo nginx -t sudo service nginx start
Create a copy of
nginx.conf.dist and customize it to your needs. You can keep
the repository and pull as you need, your actual
nginx.conf is always ignored,
so are all files in the certificates and sites directories.
nginx-conf application in the
bin directory provides you with a few
sscert– Generate self-signed certificate and key for default server.
server– Generate a boilerplate server configuration.
ocsp-file– Generate OCSP DER file for nginx’s
ocs-validate– Validate OCSP stapling status of your server.
More to come …
I propose the following directory structure for the sites directory:
./sites └─/example.com └─/www.conf └─/subdomain.conf
www file always refers to the domain with the www and without it. So this
file always contains the
server_name example.com www.example.com no matter
what kind of redirection you choose.
subdomain.conf file always contains the configuration for a single subdomain.
I decided to use this structure because it is optimal for shell completion. Want to know all available subdomains?
$ ls /etc/nginx/sites/ex
Just hit tab followed by enter at this point and there you go.
On a last note. There are no
in my configuration because the configuration files are always provided by a
project and the files within the sites directory are what you might know as the
files within your
sites-enabled directory. In essence this means that all
directories within my
sites directory are symbolic links to a configuration
directory somewhere else within a project.
It is assumed that you are using the free certificates from StartSSL, simply because I use them. Since you need a separate certificate for each of your subdomains, I propose and assume the following directory structure:
./certificates └─/example.com └─/www └─/pem └─/key
pem is the server’s certificate and
key the private key without a
passphrase. Note how this structure matches the server configuration structure.
All StartSSL certificates you need are already included in this repository, if you need more or want to update them, go to: startssl.com/certs
Other repositories of interest:
- hpkp (HTTP Public Key Pinning)
- Create command to concatenate intermediate certificates with server certificate
by reading from
STDINfor easy pasting.