this repo stores the nginx configuration for my personal server
- nginx (1.25.1+), compiled with...
- http2 (
--with-http_v2_module) - image-filter (
--with-http_image_filter_module) - pcre (
--with-pcre) - ssl (
--with-http_ssl_module)
- http2 (
you can add more site .conf files in the sites/ directory. they are all automagically included.
if you include any new ssl certificates, make sure these are included in certificates.toml. this file is in the format of:
certificate_name = ["domain1.example.org", "domain2.example.org"]the assumption is that certbot is set up so the certificate files (fullchain.pem and privkey.pem) will end up in the directory /etc/letsencrypt/live/{certificate_name}/.
The nginx.conf file from this repository should be used as nginx's config using the -c flag. this can be set in nginx's systemd configuration file, for example.
when set up like this, the relative include paths in this repository should resolve as expected.
if you've just pulled in new changes, it's worth making sure ssl certificates are all in place before reloading nginx config. you can do this with a simple python script (run as root):
sudo python prepare.pyyou can use the --force-remake flag if you want to renew all certificates, not just those that don't already exist.
make sure you are using python 3.11 or above! the script relies on the tomllib package that was included in the standard library from 3.11.
like pretty much everything i put online, this comes along with the bsd 2-clause license. read it and weep.