Nginx

Most of the configuration can be found from Certbot page.

If you use Haproxy, see Nginx backends on Haproxy.

Useragent Blocklist

cd /etc/nginx/snippets
sudo mkdir useragent-blocklist
sudo chown -R $USER:$USER useragent-blocklist
cd useragent-blocklist
git clone https://git.lelux.fi/theel0ja/useragent-blocklist.git .
cd ..

Then, add include snippets/useragent-blocklist/nginx.conf; to your nginx vhosts (Great way for this would for example to include it in ssl-params.conf (see example))

Test

$ curl https://rauduskoivu.theel0ja.info/ --header "User-agent: archive."
User-agent blocked

Cronjob

30      */3     *       *       *       cd /etc/nginx/snippets/useragent-blocklist && git pull --quiet

Generating .htpasswd

sudo htpasswd -c .htpasswd username