commit c772c5a5c7f8dddd39cefdb2522ee0850f256756
parent a78a0ac5bfe5ec9aa7e4121d60bd6f66caabb3a9
Author: Kévin Le Gouguec <kevin.legouguec@gmail.com>
Date: Sun, 1 Aug 2021 18:43:40 +0200
Note down some basic nginx configuration steps
Cave in and add newlines after #+end_src, to ensure Org does not
highlight lines when everything is folded.
Diffstat:
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
@@ -36,7 +36,36 @@ So instead, I'll
Match User …
PasswordAuthentication yes
#+end_src
+
+* System
+** Hostname
+#+begin_src sh
+sudo hostnamectl set-hostname $fqdn
+#+end_src
+
* Web server
+Run ~sudo apt install nginx~; then, in
+=/etc/nginx/sites-available/$FQDN=:
+#+begin_src conf
+server {
+ listen 80;
+ listen [::]:80;
+
+ root /var/www/$FQDN/html;
+ index index.html;
+
+ server_name $FQDN www.$FQDN;
+ access_log /var/log/nginx/$FQDN.access.log;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+}
+#+end_src
+Use one =access_log= file per site, to simplify analytics.
+
+Run ~sudo systemctl restart nginx~.
+** fail2ban
With the following files in =$HOME=:
#+begin_src conf
# nginx-botsearch.local
@@ -56,12 +85,12 @@ enabled = true
[nginx-botsearch]
enabled = true
-logpath = /var/log/nginx/access.log
+# Assume that each requests to $fqdn will be logged to "$fqdn.access.log".
+logpath = /var/log/nginx/*access.log
#+end_src
-Do:
+Then:
#+begin_src sh
-sudo apt install nginx
sudo cp ~/nginx-botsearch.local /etc/fail2ban/filter.d/
sudo cp ~/jail.local /etc/fail2ban/
sudo systemctl restart fail2ban
