Nginx

Nginx is a fast and powerful web server.

Install
The version of nginx in Debian Jessie support the deprecated SPDY protocol. Using the version from jessie-backports allows to get support for HTTP/2.

conf.d
The conf.d folder stores shared configuration shared between all the sites hosted on your server.

Create the following files: Configuration file if you need php. Don't forget to install PHP.



snippets
The snippets folder allows you to store bits of configuration that you can later include in virtual hosts configuration.This saves a lot of typing and errors when creating a new site. See TLS

Obviously, you need to replace the example IP addresses by the one of your server. You can get the IP of your server with the commands  and.

Fail2Ban
Webservers are usually a good target for hackers. A lot of them contain outdated, insecure and misconfigured software and if your server run languages like PHP, the attacker would be able to execute pretty much any action once he cracked your server.

Warning: The rules described here protect against generic attacks on your webserver. If you install some specific software that has it's own authentication (owncoud, roundcube...) you need to create rules for it.

nginx-http-auth
First rule is pretty simple simple. It protect against http authentication (the ugly popups asking your password before you enter the site).

Create file

nginx-botsearch
This rule match 404 errors when bots try to find unsecure software on your server. While it should generally work fine, you should check ban report to make sure you don't lock out legitimate users.

Create file