Nginx Snippets for Ubuntu 24.04 Server
Install modular Nginx snippet library for Ubuntu 24.04.
This is not a demo and not an experiment.
This is reusable security, caching, TLS and performance building blocks — no clutter, no spaghetti config.
Why this exists
Editing one long config file scales poorly. Snippets make Nginx structured and maintainable.
What this installer does
✔ Drop-in security modules
✔ Cloudflare Real-IP support
✔ Caching bundles
✔ Hardened baseline templates included
✔ Hostfile examples provided
What this installer does NOT do
It won’t stop you from running the script without reading the documentation like there’s no tomorrow.
Skip the README, and whatever happens next is your headache, not a bug report.
Install
git clone https://git.x-files.dk/webserver/nginx-snippets.git /etc/nginx/nginx-snippets
If you used the nginx-ubuntu installer, these are already installed.
Directory Structure
nginx-snippets/
├─ cache-open-files.conf
├─ cache-js-css.conf
├─ cache-statics.conf
├─ cloudflare-real-ip.conf
├─ security-headers.conf
├─ badbots-block.conf
├─ ssl-defaults.conf
├─ errorpages/
│ ├─ 403.html
│ ├─ 404.html
│ ├─ 500.html
├─ hostfiles/
├─ example.80.conf
├─ wordpress.80.conf
├─ gitea.80.conf
├─ dokuwiki.80.conf
How to use a snippet
In any server block:
server {
include /etc/nginx/nginx-snippets/security-headers.conf;
include /etc/nginx/nginx-snippets/cloudflare-real-ip.conf;
}
Reload after changes:
sudo nginx -t && sudo systemctl reload nginx
Snippet Index & Purpose
| File | Purpose |
|---|---|
cloudflare-real-ip.conf |
Restores original visitor IP when behind Cloudflare |
badbots-block.conf |
Blocks known crawlers, scanners & garbage traffic |
security-headers.conf |
Modern HTTP security headers enabled |
ssl-defaults.conf |
Opinionated TLS configuration for production |
cache-open-files.conf |
Caches file descriptors for efficiency |
cache-statics.conf |
Caches images/fonts/media for long TTL |
cache-js-css.conf |
Caches CSS/JS aggressively |
Recommended Bundles
Performance stack
include cache-open-files.conf;
include cache-js-css.conf;
include cache-statics.conf;
Security hardening
include security-headers.conf;
include badbots-block.conf;
Cloudflare deployment
include cloudflare-real-ip.conf;
include security-headers.conf;
TLS enabled site
include ssl-defaults.conf;
include security-headers.conf;
Example Host File
server {
listen 80;
server_name example.com;
include /etc/nginx/nginx-snippets/security-headers.conf;
include /etc/nginx/nginx-snippets/cloudflare-real-ip.conf;
root /var/www/example;
index index.php index.html;
}
More examples in:
hostfiles/
More Information
More guides and documentation can be found on wiki.x-files.dk
License
Licensed under the MIT License.