Last active
July 12, 2020 20:44
-
-
Save bf/a6d9c6f7e14eb64b3a0d12d57a635147 to your computer and use it in GitHub Desktop.
Debian 10 with Nginx, Letsencrypt and Hugo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # remove annoying mouse handling from vim | |
| echo "set mouse -=a" > ~/.vimrc | |
| # install packages | |
| sudo apt install -y git hugo python3-acme python3-certbot python3-mock python3-openssl \ | |
| python3-pkg-resources python3-pyparsing python3-zope.interface python3-certbot-nginx | |
| # add user, follow instructions, generate strong password with pwgen 100 | |
| adduser foobar | |
| # switch to user | |
| su - foobar | |
| # add ssh key to user | |
| mkdir ~/.ssh | |
| echo "...." > authorized_keys | |
| # create git and checkout folder | |
| mkdir hugo hugo.git | |
| # init empty git repo | |
| cd hugo.git | |
| git init --bare | |
| # fix the hugo.git/hooks/post-receive | |
| echo "GIT_WORK_TREE=/home/foobar/hugo git checkout -f master && hugo -s /home/foobar/hugo " > ~/hugo.git/hooks/post-receive | |
| chmod +x ~/hugo.git/hooks/post-receive | |
| # on your local machine, change git config so new git repo is used | |
| git remote add origin foobar@host:hugo.git | |
| git push origin master | |
| # add nginx config for page | |
| cat > /etc/nginx/sites-available/mypage.com <<EOF | |
| server { | |
| listen 80; | |
| server_name mypage.com www.mypage.com; | |
| # add compression | |
| gzip on; | |
| gzip_disable "msie6"; | |
| gzip_comp_level 6; | |
| gzip_min_length 1100; | |
| gzip_buffers 16 8k; | |
| gzip_proxied any; | |
| gzip_types | |
| text/plain | |
| text/css | |
| text/js | |
| text/xml | |
| text/javascript | |
| application/javascript | |
| application/json | |
| application/xml | |
| application/rss+xml | |
| image/svg+xml; | |
| # add caching | |
| location ~* \.(jpe?g|png|gif|ttf|svg|eot|woff2?)$ { | |
| expires 365d; | |
| add_header Vary Accept-Encoding; | |
| add_header Cache-Control "public"; | |
| access_log off; | |
| tcp_nodelay off; | |
| break; | |
| } | |
| # add routes | |
| root /home/foobar/hugo/public; | |
| index index.html; | |
| location / { | |
| try_files $uri $uri/ =404; | |
| } | |
| } | |
| EOF | |
| # enable config | |
| ln -s /etc/nginx/sites-available/mypage.com /etc/nginx/sites-enabled/mypage.com | |
| # test nginx config | |
| nginx -t | |
| # restart nginx | |
| systemctl restart nginx | |
| # run certbot and follow the dialog | |
| certbot --nginx -d mydomain.com -d www.mydomain.com | |
| # certbot should have automatically installed a cronjob now | |
| # fix nginx config to make sure that only either www. or non-www. subdomain is used | |
| # go to /etc/ssh/sshd_config and disable password authentication | |
| # enable unattended upgrades | |
| apt install -y unattended-upgrades apt-listchanges |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment