Most of the configuration can be found from Certbot page.

If you use Haproxy, see Nginx backends on Haproxy.

Useragent Blocklist

cd /etc/nginx/snippets
sudo mkdir useragent-blocklist
sudo chown -R $USER:$USER useragent-blocklist
cd useragent-blocklist
git clone .
cd ..

Then, add include snippets/useragent-blocklist/nginx.conf; to your nginx vhosts (Great way for this would for example to include it in ssl-params.conf (see example))


$ curl --header "User-agent: archive."
User-agent blocked


30      */3     *       *       *       cd /etc/nginx/snippets/useragent-blocklist && git pull --quiet

Generating .htpasswd

sudo htpasswd -c .htpasswd username