Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:illuusio
basicssl-nginx-config
basicssl-nginx-config.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File basicssl-nginx-config.spec of Package basicssl-nginx-config
# # spec file for package basicssl-nginx-config # # Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: basicssl-nginx-config Version: 1.0.3 Release: 0 Summary: Opinionated NGINX SSL Configuration License: MIT Group: System/Monitoring URL: https://github.com/illuusio/nginx-config Source0: nginx-config-%{version}.tar.xz Requires: nginx Requires: nginx-module-brotli BuildArch: noarch %description Opinionated NGINX Configuration This project contains a highly opinionated NGINX configuration. The SSL setup adheres closely to the Mozilla Guideline v5.7 and incorporates hardening principles from digitalocean.com's NGINX configuration. Highlights * Moderately configured SSL settings * Includes optimized SSL HTTP security headers * Charset set to UTF-8 * Server tokens are disabled (server_tokens off) * Gzip compression is enabled with a compression level of 6 * Sendfile is enabled to enhance file transfer speed for static files * sendfile_max_chunk is set to 5 MB to accommodate moderately large files such as images * Maximum client_max_body_size is set to 2 GB * Includes blocking configurations for sensitive locations and CGI endpoints * Battle-tested against real-world internet traffic %prep %setup -q -n nginx-config-%{version} %build %install install -d %{buildroot}%{_sysconfdir}/nginx/conf.d/header install -d %{buildroot}%{_sysconfdir}/nginx/conf.d/compression install -d %{buildroot}%{_sysconfdir}/nginx/conf.d/compression/ext install -d %{buildroot}%{_sysconfdir}/nginx/conf.d/blocks install -d %{buildroot}%{_sysconfdir}/nginx/vhosts.d install -d %{buildroot}/srv/www/htdocs/container-root install -d %{buildroot}%{_bindir} install -m 644 etc/nginx/conf.d/*.conf %{buildroot}%{_sysconfdir}/nginx/conf.d/ install -m 644 etc/nginx/conf.d/blocks/*.conf %{buildroot}%{_sysconfdir}/nginx/conf.d/blocks/ install -m 644 etc/nginx/conf.d/compression/*.conf %{buildroot}%{_sysconfdir}/nginx/conf.d/compression/ install -m 644 etc/nginx/conf.d/compression/ext/*.conf %{buildroot}%{_sysconfdir}/nginx/conf.d/compression/ext/ install -m 644 etc/nginx/conf.d/header/ssl_headers.conf %{buildroot}%{_sysconfdir}/nginx/conf.d/header/ssl_headers.conf install -m 644 etc/nginx/nginx.conf.nginx-config %{buildroot}%{_sysconfdir}/nginx/nginx.conf.basicssl install -m 644 etc/nginx/vhosts.d/port80redirect.conf %{buildroot}%{_sysconfdir}/nginx/vhosts.d/port80redirect.conf install -m 644 srv/www/htdocs/container-root/index.html %{buildroot}/srv/www/htdocs/container-root/index.html install -m 644 usr/bin/nginx-launch.sh %{buildroot}%{_bindir}/basicssl-nginx-container-launch.sh chmod +x %{buildroot}%{_bindir}/*.sh %files %{_bindir}/* %dir /srv/www/htdocs/container-root /srv/www/htdocs/container-root/* %dir %{_sysconfdir}/nginx %dir %{_sysconfdir}/nginx/conf.d %dir %{_sysconfdir}/nginx/conf.d/compression %dir %{_sysconfdir}/nginx/conf.d/compression/ext %dir %{_sysconfdir}/nginx/conf.d/header %dir %{_sysconfdir}/nginx/conf.d/blocks %dir %{_sysconfdir}/nginx/vhosts.d %config(noreplace) %{_sysconfdir}/nginx/conf.d/cache.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/header/ssl_headers.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/http_agent.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/http_agent_map.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/methods.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/locations.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/expires.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/expires_map.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/sensitive_locations.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/sensitive_map.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/cgi_locations.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/cgi_map.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/special_attack.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/blocks/special_map.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/compression/gzip.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/compression/ext/brotli.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/max_post.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/security.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/ssl_ocsp.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/ssl_params.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/ssl_session.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/ssl_global.conf %config(noreplace) %{_sysconfdir}/nginx/vhosts.d/port80redirect.conf %config(noreplace) %{_sysconfdir}/nginx/nginx.conf.basicssl %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor