{"id":28542167,"url":"https://github.com/lozlof/nginx-config-files","last_synced_at":"2025-07-05T16:31:27.579Z","repository":{"id":259324273,"uuid":"877578070","full_name":"Lozlof/nginx-config-files","owner":"Lozlof","description":"Basic Nginx configuration file examples","archived":false,"fork":false,"pushed_at":"2025-04-21T22:45:54.000Z","size":46,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-09T20:37:34.398Z","etag":null,"topics":["basic-nginx","examples","nginx","nginx-config-files","nginx-configuration","nginx-example","nginx-firewall"],"latest_commit_sha":null,"homepage":"https://gistyr.dev","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Lozlof.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-23T22:31:55.000Z","updated_at":"2025-04-21T22:45:58.000Z","dependencies_parsed_at":"2024-10-24T12:11:04.931Z","dependency_job_id":"7877b034-7b36-423e-8c5c-7a9073ca9f93","html_url":"https://github.com/Lozlof/nginx-config-files","commit_stats":null,"previous_names":["lozlof/nginx-config-files-loz","lozlof/nginx-config-files"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Lozlof/nginx-config-files","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lozlof%2Fnginx-config-files","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lozlof%2Fnginx-config-files/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lozlof%2Fnginx-config-files/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lozlof%2Fnginx-config-files/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Lozlof","download_url":"https://codeload.github.com/Lozlof/nginx-config-files/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Lozlof%2Fnginx-config-files/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263770987,"owners_count":23508840,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["basic-nginx","examples","nginx","nginx-config-files","nginx-configuration","nginx-example","nginx-firewall"],"created_at":"2025-06-09T20:30:45.575Z","updated_at":"2025-07-05T16:31:27.573Z","avatar_url":"https://github.com/Lozlof.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nginx-config-files-Loz  \nConfig files for: Proxmox, Wiki.js, Hedgedoc, PfSense, OpenVPN Access Server, Visual Studio Code Server  \n### Warning!    \n**I host these services for my own needs, my services are not accessible to the public.**  \n**I use CloudFlare WAF, CloudFlare Zero Trust, CloudFlare reverse proxy, router firewalls, and host firewalls to keep my systems safe.**  \n**My point is I have not done much research into securing Nginx for use on publicly accessible infrastructure.**  \n**These configs work for me, they might work for you.**\n#### I am open to suggestions an how to improve them!  \nThank you. \n## SSL/TLS    \n#### This cert/key combo is Cloudflare Edge Certificates     \nssl_certificate /your/path/to/namecloudflare-tls.pem;                                 \nssl_certificate_key /your/path/to/namecloudflare-tls.key;  \n**Settings:**  \nTotal TLS - not applied  \nAlways Use HTTPS - applied  \nHTTP Strict Transport Security (HSTS) - Status: On - Max-Age: 6 months (Recommended) - Include subdomains: On - Preload: On  \nMinimum TLS Version - TLS 1.0 (default)  \nOpportunistic Encryption - applied  \nTLS 1.3 - applied  \nAutomatic HTTPS Rewrites - applied  \nCertificate Transparency Monitoring - applied  \nDisable Universal SSL - not applied  \n#### This cert is Cloudfalare Origin Certificates   \nssl_client_certificate /your/path/to/namecloudflare-ca.pem;       \n**Setting**    \nAuthenticated Origin Pulls - applied  \nIf you do not have this setting, remove this line:  \nssl_verify_client on;  \n#### One note about SSL/TLS   \nTraffic flow: CloudFlare -\u003e Router -\u003e Nginx -\u003e Proxy Pass to Internal Service    \nIt does not matter if your internal service is HTTP or HTTPS.  \nproxy_ssl_verify off; - It does not even check.  \nThe the SSL/TLS negotiation and encryption is happening between Nginx and Cloudflare, not your internal service and CloudFlare.  \n## general.purpose.com.conf\nThis is my go-to copy and paste configuration.      \nThe only lines you will have to change for each service is:\n- server_name\n- proxy_pass (Can pass to both HTTP and HTTPS)\n- And if you change the domain you will have to change the Edge Certs as well.      \n#### I personally use this configuration for:     \n- ProxmoxVE Web Interface\n- Hosting Wiki.js\n- PfSense Web Interface\n- OpenVPN Access Server Web Interface    \n## visualstudio.codeserver.com.conf   \nHow is this configuration any different than general.purpose.com.conf?   \nThe only difference is these two lines:    \n**proxy_set_header Connection upgrade;**       \n**proxy_set_header Accept-Encoding gzip;**       \nIf you do not add these lines, you will be able to access your VScode web page, however you will get the error:   \n\"An unexpected error occurred that requires a reload of this page. The workbench failed to connect to the server (Error: WebSocket close with status code 1006)\"   \n## hedgedoc.domain.com.conf     \nThe main difference between this config file and the general purpose config file is:     \nlocation /socket.io/ block   \n## Firewall   \nNot really necessary because I have like three other firewalls that traffic will have to pass through before it hits the Nginx rules. But more safety for minimal effort seems like a good choice to me.  \nThe rules are:   \nAllow CloudFlare IP's  \nDeny everything else\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flozlof%2Fnginx-config-files","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flozlof%2Fnginx-config-files","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flozlof%2Fnginx-config-files/lists"}