From: Christian Heller Date: Sun, 2 Dec 2018 00:31:25 +0000 (+0100) Subject: Add etc files for web server. X-Git-Url: https://plomlompom.com/repos/%7B%7Bdb.prefix%7D%7D/static/%7B%7Bprefix%7D%7D/do_day?a=commitdiff_plain;h=500ec90dee8ba3b3eec0bbd6804bd23c874238c1;p=config Add etc files for web server. --- diff --git a/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 new file mode 100644 index 0000000..9b714c6 --- /dev/null +++ b/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 @@ -0,0 +1,18 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +# HTTP +-A INPUT -p tcp --dport 80 -j ACCEPT +# HTTPS +-A INPUT -p tcp --dport 443 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..1072651 --- /dev/null +++ b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,44 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +# is expected even if empty +events { +} + +http { + # define content-type headers + types { + text/html html htm shtml; + #text/css css; + #text/xml xml; + #text/plain txt sh rst md; + #application/xhtml+xml xhtml; + #application/pdf pdf; + #image/jpeg jpg jpeg; + #image/png png; + } + default_type application/octet_stream; + charset utf-8; + + # logging deactivated due to DSGVO + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + + # HTTP server: only enforce HTTPS + server { + listen 80; + return 301 https://$host$request_uri; + } + + # HTTPS server + server { + listen 443 ssl; + server_name web20181130.plomlompom.com; + ssl_certificate /etc/letsencrypt/live/web20181130.plomlompom.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/web20181130.plomlompom.com/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + } +}