nginx

web server software

Rate-limiting

See nginx blog for more: https://blog.nginx.org/blog/rate-limiting-nginx

Listen directives

Make sure to specify both IPv4 and IPv6 listen directives:

	server_name irix.ctq.ro;
        listen 443 ssl;
        listen [::]:443 ssl;

Let's Encrypt

Get free TLS certs from EFF's Let's Encrypt.
Automate it with python3-certbot
Additional support package for nginx: python3-certbot-nginx

Wildcard domain

Configure wildcard DNS entry with your provider
Install certbot support packages for DNS provider
Create and save a token from your DNS provider somewhere and chmod 600 it. (ex /etc/letsencrypt/secrets)
Run sudo certbot certonly --authenticator dns-PROVIDER --dns-PROVIDER-credentials /etc/letsencrypt/secrets/example.com.ini -d "example.com" -d "*.example.com"

deSEC

package python3-certbot-desec
sudo certbot certonly --authenticator dns-desec --dns-desec-credentials /etc/letsencrypt/secrets/example.com.ini -d "example.com" -d "*.example.com"

HTTP basic auth

Install package apache2-utils for htpasswd
Add user password pair with sudo htpasswd -c /etc/nginx/.htpasswd AzureDiamond
Configure and reload nginx to use http basic auth:

location / {
	allow 127.0.0.1;
	allow ::1;
	auth_basic "See https://ctq.ro/git for credentials";
	auth_basic_user_file .htpasswd;
 
	[...]
}

Table of Contents