Compare commits
2 Commits
d6a956eba3
...
144bab1ae7
Author | SHA1 | Date | |
---|---|---|---|
144bab1ae7 | |||
6d97b954cb |
7
setup.sh
7
setup.sh
@ -64,7 +64,6 @@ if [ "${ip_pinning}" = '1' ]; then
|
||||
fi
|
||||
|
||||
# Setup webroot for NGINX
|
||||
## Explicitly using /var/srv here because SELinux does not follow symlinks
|
||||
sudo semanage fcontext -a -t httpd_sys_content_t "$(realpath /srv/nginx)(/.*)?"
|
||||
sudo mkdir -p /srv/nginx/.well-known/acme-challenge
|
||||
sudo chmod -R 755 /srv/nginx
|
||||
@ -74,12 +73,6 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main
|
||||
sudo chmod 644 /srv/nginx/ads.txt /srv/nginx/app-ads.txt /srv/nginx/robots.txt
|
||||
sudo restorecon -Rv "$(realpath /srv/nginx)"
|
||||
|
||||
# NGINX hardening
|
||||
sudo mkdir -p /etc/systemd/system/nginx.service.d
|
||||
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/nginx.service.d/local.conf | sudo tee /etc/systemd/system/nginx.service.d/override.conf > /dev/null
|
||||
sudo chmod 644 /etc/systemd/system/nginx.service.d/override.conf
|
||||
sudo systemctl daemon-reload
|
||||
|
||||
# Setup nginx-create-session-ticket-keys
|
||||
|
||||
sudo mkdir -p /etc/nginx/session-ticket-keys
|
||||
|
Loading…
x
Reference in New Issue
Block a user