Infrastructure/nginx
1
Fork 0
Code Issues Pull requests Activity
No description
9 commits 1 branch 0 tags 50 KiB
Find a file
Exact
Korbs 7a4dc2b902
 Update Immich and Mastodon
2025-10-31 17:20:31 -04:00
certs 🚀 Init 2025-10-18 14:11:20 -04:00
conf.d Modify upload size limit, for services such as Immich to handle large files. 2025-10-31 17:20:16 -04:00
templates Modify upload size limit, for services such as Immich to handle large files. 2025-10-31 17:20:16 -04:00
.gitignore 🚀 Init 2025-10-18 14:11:20 -04:00
build.sh Modify upload size limit, for services such as Immich to handle large files. 2025-10-31 17:20:16 -04:00
compose.yml Use Docker, nginx natively has too many permission issues 2025-10-23 14:58:13 -04:00
domains.env Update Immich and Mastodon 2025-10-31 17:20:31 -04:00
README.md Add update script 2025-10-23 15:06:02 -04:00
reload.sh Add update script 2025-10-23 15:06:02 -04:00

README.md

SudoVanilla NGINX Setup

This repo contains the entire setup for NGINX on the SudoVanilla Web Server.

How It Works

Domains

All domains are stored in one file, called default.conf, found in the /conf.d/ directory, which is generated from the build.sh and domains.env file.

Domains are setup as the following in the domains.env file:

# Static Website
[example.org]
certificate=example.org
type=site
assets=true
root_path=/usr/websites/portfolio/

# Static Website
[blog.example.org]
certificate=example.org
type=site
root_path=/usr/websites/blog/

# Reverse Proxy
[database.example.org]
certificate=example.org
type=proxy
host=192.168.1.10
port=3000

# Reverse Proxy (Sub-level domain)
[backup.database.example.org]
certificate=backup.database.example.org
type=proxy
host=192.168.1.10
port=4000
Variable Description
certificate Domain used for certificate.
type Either site(static) or proxy.
root_path Applies to site sites only, sets path NGINX will use for said site.
host Local or public IP address where the host lives.
port Applies to proxy sites only, sets path NGINX will use for said site.

Once you've have the domains.env setup properly, run the build script:

sh build.sh

The build script will build with templates that are available in the /templates/ directory, you can adjust them as needed.

Certificates

A ./certs/ directory is provided containing two files by default, both compose.yml and .env. The compose file is setup to generate new certificates from Let's Encrypt and using the Porkbun API*.

During first setup, make sure the API keys from Porkbun are provided in the .env file. Then, during each renewal, make sure to change the DOMAIN variable. Please set the correct email for Let's Encrypt.

Porkbun does provide SSL certificates for the root domain and wildcard. The wildcard is only one level, so this should only be nessesary to use if you have another level such as another-sub.sub.example.org. This is also why there is a "certificate" variable in domains.env.

*Porkbun is the domain registar used by SudoVanilla for all domains.

Run

Once completed with setting up the domains.env file and generating certificates, you can run it with Docker using the compose.yml file.

Simple run:

docker compose up -d

NGINX will run on port 80 and 443.

Update NGINX

To update NGINX, if the configuration file is updated, just run the reload.sh script.

sh reload.sh

License

MIT License

Copyright 2025 SudoVanilla

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

In addition, the following restrictions apply:

1. The Software and any modifications made to it may not be used for the purpose of training or improving machine learning algorithms,
including but not limited to artificial intelligence, natural language processing, or data mining. This condition applies to any derivatives,
modifications, or updates based on the Software code. Any usage of the Software in an AI-training dataset is considered a breach of this License.

2. The Software may not be included in any dataset used for training or improving machine learning algorithms,
including but not limited to artificial intelligence, natural language processing, or data mining.

3. Any person or organization found to be in violation of these restrictions will be subject to legal action and may be held liable
for any damages resulting from such use.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Please don't upload to GitHub