diff options
| author |  Daenney <daenney@users.noreply.github.com> | 2023-06-12 15:38:53 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-06-12 15:38:53 +0200 |
| commit | 4990099fdeee5ac362295de3879d4b291e629c76 (patch) | |
| tree | c630d02d3ce4e7600f68b012f5cfe3c02b958d1f /docs/getting_started/reverse_proxy/nginx.md | |
| parent | [chore]: Bump modernc.org/sqlite from 1.23.0 to 1.23.1 (#1884) (diff) | |
| download | gotosocial-4990099fdeee5ac362295de3879d4b291e629c76.tar.xz | |
[docs] Made Advanced its own section (#1883)
* [docs] Made Advanced its own section
This splits the Advanced page off from the Getting Started guide and
makes it its own thing. It now has some additional sub-sections for
bigger topics like caching and enhanced security. This also moves
tracing from Getting Started to Advanced as that feels like a more
appropriate location for it.
The enhanced security looks a little silly with a single section, but I
have guides pending for firewall configurations and I'd also like to
consolidate our how to provision TLS certificates in there as we repeat
this information multiple times.
* [docs] Fix all my spelling errors
* [docs] Inline the links in sandboxing
Diffstat (limited to 'docs/getting_started/reverse_proxy/nginx.md')
| -rw-r--r-- | docs/getting_started/reverse_proxy/nginx.md | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/docs/getting_started/reverse_proxy/nginx.md b/docs/getting_started/reverse_proxy/nginx.md index 377f2ef02..fd9a42941 100644 --- a/docs/getting_started/reverse_proxy/nginx.md +++ b/docs/getting_started/reverse_proxy/nginx.md @@ -57,7 +57,7 @@ In the above commands, replace `yourgotosocial.url` with your actual GoToSocial The file you're about to create should look like this: -```nginx.conf +```nginx server { listen 80; listen [::]:80; @@ -141,15 +141,20 @@ Now start GoToSocial again: sudo systemctl start gotosocial ``` +## Security hardening + +If you want to harden up your NGINX deployment with advanced configuration options, there are many guides online for doing so ([for example](https://beaglesecurity.com/blog/article/nginx-server-security.html)). Try to find one that's up to date. Mozilla also publishes best-practice SSL configuration [here](https://ssl-config.mozilla.org/). + ## Results You should now be able to open the splash page for your instance in your web browser, and will see that it runs under https! If you open the NGINX config again, you'll see that Certbot added some extra lines to it. -**Note**: This may look a bit different depending on the options you chose while setting up Certbot, and the NGINX version you're using. +!!! note + This may look a bit different depending on the options you chose while setting up Certbot, and the NGINX version you're using. -```nginx.conf +```nginx server { server_name example.org; location / { @@ -183,4 +188,4 @@ server { } ``` -A number of additional configurations for nginx, including static asset serving and caching, are documented in the [Advanced](../advanced.md) section of our documentation. +A number of additional configurations for nginx, including static asset serving and caching, are documented in the [Advanced](../../advanced/index.md) section of our documentation. |