Hello to you dear HTPC Guides members!
As you probably know, we have a guide to configure nginx with Let's Encrypt certificates, and apart from using encrypted trusted certificates, we make nginx much more secure using some advanced configuration options.
The guide was written for Ubuntu Server 16.04, but many would like (and if you ask me, everybody running nginx accessible from Internet should) to use the guide on Debian 8 (Jessie), and on Debian based distros like Minibian or Raspbian running on Raspberry devices. For (Debian) Raspberry users there is a problem with the ancient version of nginx available in the repository. There is no support for http2 at all in these heavily outdated nginx version (not to mention the vulnerabilities address with newer versions).
We put together a script that makes building nginx very easy. Basically the script will do everything for you, it will compile the latest stable version of nginx (1.10.2 as of writing this), using static latest OpenSSL (LTS), zlib, pcre. We have added some extra modules, like full WebDAV and GeoIP support, therefore this nginx version will be ready for your ownCloud installation, or you can enable GeoIP restrictions in nginx (of course, you can add or remove modules to meet your needs).
The script will also create the required systemd unit for nginx, and the default configuration files in /etc/nginx, the same as you would install from PPA or Debian repository. Once the script completed successfully, you can proceed with the guide Secure nginx Reverse Proxy with Let’s Encrypt on Ubuntu 16.04 LTS, obviously omitting the part to install nginx.
I tested the script on Debian 8 and Minibian, for me it worked perfectly fine. However, I would like to ask your help to test the script. If you are on Debian 8, Minibian, Raspbian, OSCM, etc, and you would like to test the script, please drop me a PM and I will send you the instructions.
If the script is confirmed by several people to be working fine, we will publish a guide with the detailed steps.
Let's make the web a safer place!!!
Thanks,
drake
As you probably know, we have a guide to configure nginx with Let's Encrypt certificates, and apart from using encrypted trusted certificates, we make nginx much more secure using some advanced configuration options.
The guide was written for Ubuntu Server 16.04, but many would like (and if you ask me, everybody running nginx accessible from Internet should) to use the guide on Debian 8 (Jessie), and on Debian based distros like Minibian or Raspbian running on Raspberry devices. For (Debian) Raspberry users there is a problem with the ancient version of nginx available in the repository. There is no support for http2 at all in these heavily outdated nginx version (not to mention the vulnerabilities address with newer versions).
We put together a script that makes building nginx very easy. Basically the script will do everything for you, it will compile the latest stable version of nginx (1.10.2 as of writing this), using static latest OpenSSL (LTS), zlib, pcre. We have added some extra modules, like full WebDAV and GeoIP support, therefore this nginx version will be ready for your ownCloud installation, or you can enable GeoIP restrictions in nginx (of course, you can add or remove modules to meet your needs).
The script will also create the required systemd unit for nginx, and the default configuration files in /etc/nginx, the same as you would install from PPA or Debian repository. Once the script completed successfully, you can proceed with the guide Secure nginx Reverse Proxy with Let’s Encrypt on Ubuntu 16.04 LTS, obviously omitting the part to install nginx.
I tested the script on Debian 8 and Minibian, for me it worked perfectly fine. However, I would like to ask your help to test the script. If you are on Debian 8, Minibian, Raspbian, OSCM, etc, and you would like to test the script, please drop me a PM and I will send you the instructions.
If the script is confirmed by several people to be working fine, we will publish a guide with the detailed steps.
Let's make the web a safer place!!!
Thanks,
drake