💾 Archived View for elmau.net › notes › nginx.gmi captured on 2021-11-30 at 20:18:30. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
* Ubuntu Server 20.04
sudo apt install nginx
sudo vim /etc/nginx/nginx.conf user www-data; worker_processes auto; worker_rlimit_nofile 20480; pid /run/nginx.pid; error_log /var/log/nginx/error.log warn; events { worker_connections 5120; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_tokens off; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; include /etc/nginx/sites-enabled/*.conf; disable_symlinks off; client_max_body_size 10m; }
vim /etc/letsencrypt/options-ssl-nginx.conf add_header Permissions-Policy interest-cohort=();
sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker sudo chmod +x /usr/local/sbin/install-ngxblocker sudo install-ngxblocker -x sudo chmod +x /usr/local/sbin/setup-ngxblocker sudo chmod +x /usr/local/sbin/update-ngxblocker sudo /usr/local/sbin/setup-ngxblocker -x -e conf
sudo vim /etc/nginx/bots.d/blacklist-user-agents.conf # ------------ # MY BLACKLIST # ------------ "~*(?:\b)x22(?:\b)" 3; "~*(?:\b){|}(?:\b)" 3; "~*(?:\b)mb_ereg_replace(?:\b)" 3; "~*(?:\b)file_put_contents(?:\b)" 3; "~*(?:\b)AdsBot-Google(?:\b)" 3; "~*(?:\b)DoCoMo(?:\b)" 3; "~*(?:\b)Feedfetcher-Google(?:\b)" 3; "~*(?:\b)Google-HTTP-Java-Client(?:\b)" 3; "~*(?:\b)Googlebot(?:\b)" 3; "~*(?:\b)Googlebot-Image(?:\b)" 3; "~*(?:\b)Googlebot-Mobile(?:\b)" 3; "~*(?:\b)Googlebot-News(?:\b)" 3; "~*(?:\b)Googlebot-Video(?:\b)" 3; "~*(?:\b)Googlebot/Test(?:\b)" 3; "~*(?:\b)Gravityscan(?:\b)" 3; "~*(?:\b)Jakarta\ Commons(?:\b)" 3; "~*(?:\b)Kraken/0.1(?:\b)" 3; "~*(?:\b)LinkedInBot(?:\b)" 3; "~*(?:\b)Mediapartners-Google(?:\b)" 3; "~*(?:\b)SAMSUNG(?:\b)" 3; "~*(?:\b)Slackbot(?:\b)" 3; "~*(?:\b)Slackbot-LinkExpanding(?:\b)" 3; "~*(?:\b)TwitterBot(?:\b)" 3; "~*(?:\b)Wordpress(?:\b)" 3; "~*(?:\b)adidxbot(?:\b)" 3; "~*(?:\b)aolbuild(?:\b)" 3; "~*(?:\b)bingbot(?:\b)" 3; "~*(?:\b)bingpreview(?:\b)" 3; "~*(?:\b)developers.facebook.com(?:\b)" 3; "~*(?:\b)duckduckgo(?:\b)" 3; "~*(?:\b)facebookexternalhit(?:\b)" 3; "~*(?:\b)facebookplatform(?:\b)" 3; "~*(?:\b)gsa-crawler(?:\b)" 3; "~*(?:\b)msnbot(?:\b)" 3; "~*(?:\b)msnbot-media(?:\b)" 3; "~*(?:\b)slurp(?:\b)" 3; "~*(?:\b)teoma(?:\b)" 3; "~*(?:\b)yahoo(?:\b)" 3;