Often during a penetration test, phishing awareness campaign, or red team, I need to set up a webserver to host payloads, phishing websites, etc. This short post is a collection of Nginx configuration directives that I commonly use.
Example use cases: redirect HTTP traffic to HTTPS, enable PHP processing, configure a reverse proxy for HTTP(s) or TCP/UDP streams, add or remove HTTP headers in the responses or adding them for upstream servers.
Sometimes you want to quickly mirror a web page, maybe to keep an off-line version, download part of the site - for example, documents such as PDF. Another use case is creating a mirror as a base for phishing sites used during red teams or some awareness training campaigns. In such a case, we can quickly download a page with wget - including all stylesheets, images, other media files, etc. wget is a powerful tool - I highly recommend going through its man page.