From c0989dc7cfd35109b913e0f042e23c2bef5bb7d8 Mon Sep 17 00:00:00 2001
From: samuel <samuel.campos@netoik.io>
Date: Sun, 28 Dec 2025 11:09:19 +0100
Subject: [PATCH] First commit

---
 .gitignore     |  1 +
 Makefile       | 28 +++++++++++++++++++++++
 netoik-rp.spec | 28 +++++++++++++++++++++++
 nginx.conf     | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 118 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Makefile
 create mode 100644 netoik-rp.spec
 create mode 100644 nginx.conf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1377554
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.swp
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..b270b4a
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,28 @@
+NAME = "$(shell basename $PWD)"
+VERSION = "$(shell git describe | sed 's/-/./g' || echo '0.1.0')"
+BRANCH = "$(shell git branch --show-current)"
+
+RPM_SOURCEDIR = "$(shell rpm --eval '%{_sourcedir}')
+RPM_SYSCONFDIR = "$(shell rpm --eval '%{_sysconfdir}')"
+
+.PHONY: name
+name:
+	@echo "$(NAME)"
+
+.PHONY: version
+version:
+	@echo "$(VERSION)"
+
+$(RPMSOURCE_DIR)/$(NAME)-%.tar.gz: *
+	git archive --format=tar.gz \
+	            --output="$@" \
+	            --prefix="$(NAME)-$(VERSION)/" \
+	            --verbose \
+	            "$(BRANCH)"
+
+.PHONY: tarball
+tarball: $(RPM_SOURCEDIR)/$(NAME)-$(VERSION).tar.gz
+
+.PHONY: install
+install:
+	install -m 644 --target-directory=$(DESTDIR)/$(RPM_SYSCONFDIR)/nginx nginx.conf
diff --git a/netoik-rp.spec b/netoik-rp.spec
new file mode 100644
index 0000000..54cc95b
--- /dev/null
+++ b/netoik-rp.spec
@@ -0,0 +1,28 @@
+Name:			      netoik-rp
+Version:	      %(make version)
+Release:	      1%{?dist}
+Summary:	      Netoik Reverse Proxy
+License:	      MIT
+
+URL:            https://git.netoik.io/samuel/netoik-rp
+Source0:        %{name}-%{version}.tar.gz
+
+Buildarch:      x86_64
+BuildRequires:  make
+
+Requires:       nginx
+
+%description
+Install the reverse proxy called nginx with a predefined configuration and with TLS certificates attached to netoik.io
+
+%prep
+%autosetup -v
+
+%install
+%make_install
+
+%files
+%attr(644, root, root) /%{_sysconfdir}/nginx/nginx.conf
+
+%changelog
+# let's skip this for now
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..8d6d299
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,61 @@
+# For more information on configuration
+# See: http://nginx.org/en/docs/
+
+# Configure core
+# See: https://nginx.org/en/docs/ngx_core_module.html
+user             nginx;
+worker_processes auto;
+error_log        /var/log/nginx/error.log;
+pid              /run/nginx.pid;
+
+# Load dynamic modules
+# See: /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    # Configure logs
+    # See: https://nginx.org/en/docs/http/ngx_http_log_module.html
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+
+    # Configure core
+    # See: https://nginx.org/en/docs/ngx_core_module.html
+    include             /etc/nginx/mime.types;
+    default_type        text/html;
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 4096;
+
+    # Configure ssl module
+    # See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html 
+    include                   /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_certificate           /etc/letsencrypt/live/netoik.io/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/netoik.io/privkey.pem;
+    ssl_dhparam               /etc/letsencrypt/ssl-dhparams.pem;
+    ssl_session_cache         shared:SSL:1m;
+    ssl_prefer_server_ciphers on;
+
+    # Configure headers
+    # See: https://nginx.org/en/docs/http/ngx_http_headers_module.html
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
+
+    # Configure http2
+    # See: https://nginx.org/en/docs/http/ngx_http_v2_module.html
+    http2 on;
+
+    # Configure http3
+    # See: https://nginx.org/en/docs/http/ngx_http_v3_module.html
+    http3 on;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See: http://nginx.org/en/docs/ngx_core_module.html#include
+    include /etc/nginx/conf.d/*.conf;
+}