--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/html/;
+ index index.html index.htm index.nginx-debian.html;
+}
--- /dev/null
+#!/bin/sh
+set -e
+set -x
+# Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/>
+
+if [ "$#" -ne 1 ]; then
+ echo 'Need domain name as argument.'
+ false
+fi
+domain="$1"
+
+# Install configs, set up firewall.
+config_tree_prefix="${HOME}/config/buster"
+./install_for_target.sh web
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Prepare NGINX config for Pleroma.
+sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/static.nginx
+ln -s /etc/nginx/sites-available/static.nginx /etc/nginx/sites-enabled/static.nginx
+
+service nginx restart