# Nginx Snippets for Ubuntu 24.04 Server [![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#) [![Shell](https://img.shields.io/badge/shell-bash-121011)](#) [![WebServer](https://img.shields.io/badge/server-nginx-009639)](#) [![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE) Install modular Nginx snippet library for Ubuntu 24.04. This is not a demo and not an experiment. This is reusable security, caching, TLS and performance building blocks — no clutter, no spaghetti config. ## Why this exists Editing one long config file scales poorly. Snippets make Nginx structured and maintainable. ## What this installer does ✔ Drop-in security modules ✔ Cloudflare Real-IP support ✔ Caching bundles ✔ Hardened baseline templates included ✔ Hostfile examples provided ## What this installer does *NOT* do It won’t stop you from running the script without reading the documentation like there’s no tomorrow. Skip the README, and whatever happens next is your headache, not a bug report. --- ## Install ``` git clone https://git.x-files.dk/webserver/nginx-snippets.git /etc/nginx/nginx-snippets ``` If you used the **nginx-ubuntu installer**, these are already installed. --- ## Directory Structure ``` nginx-snippets/ ├─ cache-open-files.conf ├─ cache-js-css.conf ├─ cache-statics.conf ├─ cloudflare-real-ip.conf ├─ security-headers.conf ├─ badbots-block.conf ├─ ssl-defaults.conf ├─ errorpages/ │ ├─ 403.html │ ├─ 404.html │ ├─ 500.html ├─ hostfiles/ ├─ example.80.conf ├─ wordpress.80.conf ├─ gitea.80.conf ├─ dokuwiki.80.conf ``` --- ## How to use a snippet In any server block: ``` server { include /etc/nginx/nginx-snippets/security-headers.conf; include /etc/nginx/nginx-snippets/cloudflare-real-ip.conf; } ``` Reload after changes: ``` sudo nginx -t && sudo systemctl reload nginx ``` --- ## Snippet Index & Purpose | File | Purpose | |---|---| | `cloudflare-real-ip.conf` | Restores original visitor IP when behind Cloudflare | | `badbots-block.conf` | Blocks known crawlers, scanners & garbage traffic | | `security-headers.conf` | Modern HTTP security headers enabled | | `ssl-defaults.conf` | Opinionated TLS configuration for production | | `cache-open-files.conf` | Caches file descriptors for efficiency | | `cache-statics.conf` | Caches images/fonts/media for long TTL | | `cache-js-css.conf` | Caches CSS/JS aggressively | --- ## Recommended Bundles ### Performance stack ``` include cache-open-files.conf; include cache-js-css.conf; include cache-statics.conf; ``` ### Security hardening ``` include security-headers.conf; include badbots-block.conf; ``` ### Cloudflare deployment ``` include cloudflare-real-ip.conf; include security-headers.conf; ``` ### TLS enabled site ``` include ssl-defaults.conf; include security-headers.conf; ``` --- ## Example Host File ``` server { listen 80; server_name example.com; include /etc/nginx/nginx-snippets/security-headers.conf; include /etc/nginx/nginx-snippets/cloudflare-real-ip.conf; root /var/www/example; index index.php index.html; } ``` More examples in: ``` hostfiles/ ``` --- ### More Information More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk) --- ### License Licensed under the [MIT License](./LICENSE). ---