Compare commits

...

2 Commits

Author SHA1 Message Date
144bab1ae7
Remove outdated comment
All checks were successful
ShellCheck / Shell syntax checker (push) Successful in 9s
2025-04-30 16:01:36 +02:00
6d97b954cb
Remove unnecessary commands 2025-04-30 16:00:45 +02:00

View File

@ -64,7 +64,6 @@ if [ "${ip_pinning}" = '1' ]; then
fi
# Setup webroot for NGINX
## Explicitly using /var/srv here because SELinux does not follow symlinks
sudo semanage fcontext -a -t httpd_sys_content_t "$(realpath /srv/nginx)(/.*)?"
sudo mkdir -p /srv/nginx/.well-known/acme-challenge
sudo chmod -R 755 /srv/nginx
@ -74,12 +73,6 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main
sudo chmod 644 /srv/nginx/ads.txt /srv/nginx/app-ads.txt /srv/nginx/robots.txt
sudo restorecon -Rv "$(realpath /srv/nginx)"
# NGINX hardening
sudo mkdir -p /etc/systemd/system/nginx.service.d
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/nginx.service.d/local.conf | sudo tee /etc/systemd/system/nginx.service.d/override.conf > /dev/null
sudo chmod 644 /etc/systemd/system/nginx.service.d/override.conf
sudo systemctl daemon-reload
# Setup nginx-create-session-ticket-keys
sudo mkdir -p /etc/nginx/session-ticket-keys