--- /dev/null
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+# otherwise self-referential connections to local host will fail
+-A INPUT -i lo -j ACCEPT
+# tolerate any inbound connections requested by our server, no matter the port
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+# this enables ping etc.
+-A INPUT -p icmp -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# HTTP
+-A INPUT -p tcp --dport 80 -j ACCEPT
+# HTTPS
+-A INPUT -p tcp --dport 443 -j ACCEPT
+COMMIT
+# this last line is here because iptables-restore ignores the final command if no newline follows it
\ No newline at end of file
--- /dev/null
+# system integration
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+# is expected even if empty
+events {
+}
+
+http {
+ # define content-type headers
+ types {
+ text/html html htm shtml;
+ #text/css css;
+ #text/xml xml;
+ #text/plain txt sh rst md;
+ #application/xhtml+xml xhtml;
+ #application/pdf pdf;
+ #image/jpeg jpg jpeg;
+ #image/png png;
+ }
+ default_type application/octet_stream;
+ charset utf-8;
+
+ # logging deactivated due to DSGVO
+ #access_log /var/log/nginx/access.log;
+ #error_log /var/log/nginx/error.log;
+
+ # HTTP server: only enforce HTTPS
+ server {
+ listen 80;
+ return 301 https://$host$request_uri;
+ }
+
+ # HTTPS server
+ server {
+ listen 443 ssl;
+ server_name web20181130.plomlompom.com;
+ ssl_certificate /etc/letsencrypt/live/web20181130.plomlompom.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/web20181130.plomlompom.com/privkey.pem;
+ root /var/www/html/;
+ index index.html index.htm index.nginx-debian.html;
+ }
+}
projects / config / commitdiff