# nginx
web server software


# Rate-limiting
See nginx blog for more: https://blog.nginx.org/blog/rate-limiting-nginx


# Listen directives
Make sure to specify both IPv4 and IPv6 listen directives:
```nginx
	server_name irix.ctq.ro;
        listen 443 ssl;
        listen [::]:443 ssl;
```


# Let's Encrypt
Get free TLS certs from EFF's Let's Encrypt.
Automate it with `python3-certbot`
Additional support package for nginx: `python3-certbot-nginx`

## Wildcard domain
Configure wildcard DNS entry with your provider
Install certbot support packages for DNS provider
Create and save a token from your DNS provider somewhere and `chmod 600` it. (ex `/etc/letsencrypt/secrets`)
Run `sudo certbot certonly --authenticator dns-PROVIDER --dns-PROVIDER-credentials /etc/letsencrypt/secrets/example.com.ini -d "example.com" -d "*.example.com"`

### deSEC
package `python3-certbot-desec`
`sudo certbot certonly --authenticator dns-desec --dns-desec-credentials /etc/letsencrypt/secrets/example.com.ini -d "example.com" -d "*.example.com"`


# HTTP basic auth
Install package `apache2-utils` for `htpasswd`
Add user password pair with `sudo htpasswd -c /etc/nginx/.htpasswd AzureDiamond`
Configure and reload nginx to use http basic auth:
```sh
location / {
	allow 127.0.0.1;
	allow ::1;
	auth_basic "See https://ctq.ro/git for credentials";
	auth_basic_user_file .htpasswd;
	
	[...]
}
```