From 0c57aa32c6bff68015ce00965a7d10c902f162f8 Mon Sep 17 00:00:00 2001 From: tengel Date: Sun, 31 Mar 2024 10:44:34 -0500 Subject: [PATCH] import the dwarven empire --- doc/00_nginx-base.txt | 16 ++ doc/00_xyzzy-ee.txt | 21 +++ doc/01_xyzzy-fi.txt | 20 +++ doc/02_git-xyzzy-ee.txt | 20 +++ doc/03_dwarvenruins-com.txt | 20 +++ doc/04_dwarvenmail-com.txt | 20 +++ doc/05_dwarvenvault-com.txt | 20 +++ doc/{SETUP.md => README.md} | 14 +- .../sites-available/dwarvenmail.com.conf | 100 +++++++++++ .../dwarvenmail.com.conf.bootstrap | 31 ++++ .../sites-available/dwarvenruins.com.conf | 101 +++++++++++ .../dwarvenruins.com.conf.bootstrap | 31 ++++ .../sites-available/dwarvenvault.com.conf | 100 +++++++++++ .../dwarvenvault.com.conf.bootstrap | 31 ++++ html/dwarvenmail/favicon.ico | Bin 0 -> 5430 bytes html/dwarvenmail/index.css | 157 ++++++++++++++++++ html/dwarvenmail/index.html | 51 ++++++ html/dwarvenruins/favicon.ico | Bin 0 -> 5430 bytes html/dwarvenruins/index.css | 157 ++++++++++++++++++ html/dwarvenruins/index.html | 51 ++++++ html/dwarvenvault/favicon.ico | Bin 0 -> 5430 bytes html/dwarvenvault/index.css | 157 ++++++++++++++++++ html/dwarvenvault/index.html | 51 ++++++ 23 files changed, 1167 insertions(+), 2 deletions(-) create mode 100644 doc/00_nginx-base.txt create mode 100644 doc/00_xyzzy-ee.txt create mode 100644 doc/01_xyzzy-fi.txt create mode 100644 doc/02_git-xyzzy-ee.txt create mode 100644 doc/03_dwarvenruins-com.txt create mode 100644 doc/04_dwarvenmail-com.txt create mode 100644 doc/05_dwarvenvault-com.txt rename doc/{SETUP.md => README.md} (95%) create mode 100644 etc/nginx/sites-available/dwarvenmail.com.conf create mode 100644 etc/nginx/sites-available/dwarvenmail.com.conf.bootstrap create mode 100644 etc/nginx/sites-available/dwarvenruins.com.conf create mode 100644 etc/nginx/sites-available/dwarvenruins.com.conf.bootstrap create mode 100644 etc/nginx/sites-available/dwarvenvault.com.conf create mode 100644 etc/nginx/sites-available/dwarvenvault.com.conf.bootstrap create mode 100644 html/dwarvenmail/favicon.ico create mode 100644 html/dwarvenmail/index.css create mode 100644 html/dwarvenmail/index.html create mode 100644 html/dwarvenruins/favicon.ico create mode 100644 html/dwarvenruins/index.css create mode 100644 html/dwarvenruins/index.html create mode 100644 html/dwarvenvault/favicon.ico create mode 100644 html/dwarvenvault/index.css create mode 100644 html/dwarvenvault/index.html diff --git a/doc/00_nginx-base.txt b/doc/00_nginx-base.txt new file mode 100644 index 0000000..216ead2 --- /dev/null +++ b/doc/00_nginx-base.txt @@ -0,0 +1,16 @@ + +apt-get install --no-install-recommends \ + nginx nginx-core libnginx-mod-stream \ + certbot python3-certbot-nginx + +cd /etc/nginx/modules-enabled + +rm \ + 50-mod-http-geoip.conf \ + 50-mod-http-image-filter.conf \ + 50-mod-http-xslt-filter.conf \ + 50-mod-mail.conf \ + 70-mod-stream-geoip.conf + +cp security.conf /etc/nginx/conf.d/ + diff --git a/doc/00_xyzzy-ee.txt b/doc/00_xyzzy-ee.txt new file mode 100644 index 0000000..ae70485 --- /dev/null +++ b/doc/00_xyzzy-ee.txt @@ -0,0 +1,21 @@ + +cp xyzzy.ee.conf.bootstrap \ + /etc/nginx/sites-available/xyzzy.ee.conf + +cd /etc/nginx/sites-enabled +rm default +ln -s /etc/nginx/sites-available/xyzzy.ee.conf 00xyzzy.ee.conf +cd - + +nginx -t +systemctl restart nginx + +certbot --nginx -d xyzzy.ee,www.xyzzy.ee \ + --agree-tos -m "hostmaster@xyzzy.ee" --no-eff-email \ + --deploy-hook "systemctl reload nginx" + +cp xyzzy.ee.conf /etc/nginx/sites-available/xyzzy.ee.conf + +nginx -t +systemctl restart nginx + diff --git a/doc/01_xyzzy-fi.txt b/doc/01_xyzzy-fi.txt new file mode 100644 index 0000000..2c61e92 --- /dev/null +++ b/doc/01_xyzzy-fi.txt @@ -0,0 +1,20 @@ + +cp xyzzy.fi.conf.bootstrap \ + /etc/nginx/sites-available/xyzzy.fi.conf + +cd /etc/nginx/sites-enabled +ln -s /etc/nginx/sites-available/xyzzy.fi.conf 01xyzzy.fi.conf +cd - + +nginx -t +systemctl restart nginx + +certbot --nginx -d xyzzy.fi,www.xyzzy.fi \ + --agree-tos -m "hostmaster@xyzzy.fi" --no-eff-email \ + --deploy-hook "systemctl reload nginx" + +cp xyzzy.fi.conf /etc/nginx/sites-available/xyzzy.fi.conf + +nginx -t +systemctl restart nginx + diff --git a/doc/02_git-xyzzy-ee.txt b/doc/02_git-xyzzy-ee.txt new file mode 100644 index 0000000..aed8213 --- /dev/null +++ b/doc/02_git-xyzzy-ee.txt @@ -0,0 +1,20 @@ + +cp git.xyzzy.ee.conf.bootstrap \ + /etc/nginx/sites-available/git.xyzzy.ee.conf + +cd /etc/nginx/sites-enabled +ln -s /etc/nginx/sites-available/git.xyzzy.ee.conf 02git.xyzzy.ee.conf +cd - + +nginx -t +systemctl restart nginx + +certbot --nginx -d git.xyzzy.ee \ + --agree-tos -m "hostmaster@xyzzy.ee" --no-eff-email \ + --deploy-hook "systemctl reload nginx" + +cp git.xyzzy.ee.conf /etc/nginx/sites-available/git.xyzzy.ee.conf + +nginx -t +systemctl restart nginx + diff --git a/doc/03_dwarvenruins-com.txt b/doc/03_dwarvenruins-com.txt new file mode 100644 index 0000000..b4c2a08 --- /dev/null +++ b/doc/03_dwarvenruins-com.txt @@ -0,0 +1,20 @@ + +cp dwarvenruins.com.conf.bootstrap \ + /etc/nginx/sites-available/dwarvenruins.com.conf + +cd /etc/nginx/sites-enabled +ln -s /etc/nginx/sites-available/dwarvenruins.com.conf 03dwarvenruins.com.conf +cd - + +nginx -t +systemctl restart nginx + +certbot --nginx -d dwarvenruins.com,www.dwarvenruins.com \ + --agree-tos -m "hostmaster@dwarvenruins.com" --no-eff-email \ + --deploy-hook "systemctl reload nginx" + +cp dwarvenruins.com.conf /etc/nginx/sites-available/dwarvenruins.com.conf + +nginx -t +systemctl restart nginx + diff --git a/doc/04_dwarvenmail-com.txt b/doc/04_dwarvenmail-com.txt new file mode 100644 index 0000000..cc29850 --- /dev/null +++ b/doc/04_dwarvenmail-com.txt @@ -0,0 +1,20 @@ + +cp dwarvenmail.com.conf.bootstrap \ + /etc/nginx/sites-available/dwarvenmail.com.conf + +cd /etc/nginx/sites-enabled +ln -s /etc/nginx/sites-available/dwarvenmail.com.conf 04dwarvenmail.com.conf +cd - + +nginx -t +systemctl restart nginx + +certbot --nginx -d dwarvenmail.com,www.dwarvenmail.com \ + --agree-tos -m "hostmaster@dwarvenmail.com" --no-eff-email \ + --deploy-hook "systemctl reload nginx" + +cp dwarvenmail.com.conf /etc/nginx/sites-available/dwarvenmail.com.conf + +nginx -t +systemctl restart nginx + diff --git a/doc/05_dwarvenvault-com.txt b/doc/05_dwarvenvault-com.txt new file mode 100644 index 0000000..2cbf6cf --- /dev/null +++ b/doc/05_dwarvenvault-com.txt @@ -0,0 +1,20 @@ + +cp dwarvenvault.com.conf.bootstrap \ + /etc/nginx/sites-available/dwarvenvault.com.conf + +cd /etc/nginx/sites-enabled +ln -s /etc/nginx/sites-available/dwarvenvault.com.conf 05dwarvenvault.com.conf +cd - + +nginx -t +systemctl restart nginx + +certbot --nginx -d dwarvenvault.com,www.dwarvenvault.com \ + --agree-tos -m "hostmaster@dwarvenvault.com" --no-eff-email \ + --deploy-hook "systemctl reload nginx" + +cp dwarvenvault.com.conf /etc/nginx/sites-available/dwarvenvault.com.conf + +nginx -t +systemctl restart nginx + diff --git a/doc/SETUP.md b/doc/README.md similarity index 95% rename from doc/SETUP.md rename to doc/README.md index c9177ed..c9c6deb 100644 --- a/doc/SETUP.md +++ b/doc/README.md @@ -2,6 +2,8 @@ Debian 12 minimal installation, ensure the SSH server and standard system tools are included. +Note: text files to help with nginx deployment and/or migrating sites to new hosts/VMs (certbot et. al) are ancillary to this document. + ## Base Configuration @@ -90,10 +92,18 @@ else fi ``` -After confirming the change is correct: +Ensure SSH client alive is configured in `/etc/ssh/sshd_config`: ``` -systemctl restart sshd +TCPKeepAlive yes +ClientAliveInterval 60 +ClientAliveCountMax 3 +``` + +After confirming the `sshd_config` changes are correct: + +``` +systemctl restart sshd.service ``` Test logging in again as the user and sudo to root in another term. diff --git a/etc/nginx/sites-available/dwarvenmail.com.conf b/etc/nginx/sites-available/dwarvenmail.com.conf new file mode 100644 index 0000000..ea4b66c --- /dev/null +++ b/etc/nginx/sites-available/dwarvenmail.com.conf @@ -0,0 +1,100 @@ +# dwarvenmail.com +# www.dwarvenmail.com + +server { + server_name dwarvenmail.com; + root /var/xyzzy/html/dwarvenmail; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dwarvenmail.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dwarvenmail.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # https://ssl-config.mozilla.org/ + add_header Strict-Transport-Security "max-age=15724800" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/dwarvenmail.com/chain.pem; + resolver 9.9.9.9 8.8.8.8 1.1.1.1; + resolver_timeout 5s; + + # https://observatory.mozilla.org + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';"; +} + +server { + server_name www.dwarvenmail.com; + root /var/xyzzy/html/dwarvenmail; + index index.html; + + location ~ /\.well-known { + allow all; + } + + location ~ / { + return 301 $scheme://dwarvenmail.com$request_uri; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dwarvenmail.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dwarvenmail.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # https://ssl-config.mozilla.org/ + add_header Strict-Transport-Security "max-age=15724800" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/dwarvenmail.com/chain.pem; + resolver 9.9.9.9 8.8.8.8 1.1.1.1; + resolver_timeout 5s; + + # https://observatory.mozilla.org + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';"; +} + +server { + if ($host = dwarvenmail.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + listen [::]:80; + server_name dwarvenmail.com; + root /var/xyzzy/html/dwarvenmail; + index index.html; + return 404; # managed by Certbot +} + +server { + if ($host = www.dwarvenmail.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + listen [::]:80; + server_name www.dwarvenmail.com; + root /var/xyzzy/html/dwarvenmail; + index index.html; + return 404; # managed by Certbot +} diff --git a/etc/nginx/sites-available/dwarvenmail.com.conf.bootstrap b/etc/nginx/sites-available/dwarvenmail.com.conf.bootstrap new file mode 100644 index 0000000..a1d10af --- /dev/null +++ b/etc/nginx/sites-available/dwarvenmail.com.conf.bootstrap @@ -0,0 +1,31 @@ +# dwarvenmail.com +# www.dwarvenmail.com + +server { + listen 80; + listen [::]:80; + server_name dwarvenmail.com; + root /var/xyzzy/html/dwarvenmail; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + +} + +server { + listen 80; + listen [::]:80; + server_name www.dwarvenmail.com; + root /var/xyzzy/html/dwarvenmail; + index index.html; + + location ~ /\.well-known { + allow all; + } + + location ~ / { + return 301 $scheme://dwarvenmail.com$request_uri; + } +} diff --git a/etc/nginx/sites-available/dwarvenruins.com.conf b/etc/nginx/sites-available/dwarvenruins.com.conf new file mode 100644 index 0000000..0d6c43a --- /dev/null +++ b/etc/nginx/sites-available/dwarvenruins.com.conf @@ -0,0 +1,101 @@ +# dwarvenruins.com +# www.dwarvenruins.com + +server { + server_name dwarvenruins.com; + root /var/xyzzy/html/dwarvenruins; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dwarvenruins.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dwarvenruins.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # https://ssl-config.mozilla.org/ + add_header Strict-Transport-Security "max-age=15724800" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/dwarvenruins.com/chain.pem; + resolver 9.9.9.9 8.8.8.8 1.1.1.1; + resolver_timeout 5s; + + # https://observatory.mozilla.org + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';"; +} + +server { + server_name www.dwarvenruins.com; + root /var/xyzzy/html/dwarvenruins; + index index.html; + + location ~ /\.well-known { + allow all; + } + + location ~ / { + return 301 $scheme://dwarvenruins.com$request_uri; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dwarvenruins.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dwarvenruins.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # https://ssl-config.mozilla.org/ + add_header Strict-Transport-Security "max-age=15724800" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/dwarvenruins.com/chain.pem; + resolver 9.9.9.9 8.8.8.8 1.1.1.1; + resolver_timeout 5s; + + # https://observatory.mozilla.org + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';"; +} + +server { + if ($host = dwarvenruins.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + listen [::]:80; + server_name dwarvenruins.com; + root /var/xyzzy/html/dwarvenruins; + index index.html; + return 404; # managed by Certbot +} + +server { + if ($host = www.dwarvenruins.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + listen [::]:80; + server_name www.dwarvenruins.com; + root /var/xyzzy/html/dwarvenruins; + index index.html; + return 404; # managed by Certbot +} + diff --git a/etc/nginx/sites-available/dwarvenruins.com.conf.bootstrap b/etc/nginx/sites-available/dwarvenruins.com.conf.bootstrap new file mode 100644 index 0000000..f471868 --- /dev/null +++ b/etc/nginx/sites-available/dwarvenruins.com.conf.bootstrap @@ -0,0 +1,31 @@ +# dwarvenruins.com +# www.dwarvenruins.com + +server { + listen 80; + listen [::]:80; + server_name dwarvenruins.com; + root /var/xyzzy/html/dwarvenruins; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + +} + +server { + listen 80; + listen [::]:80; + server_name www.dwarvenruins.com; + root /var/xyzzy/html/dwarvenruins; + index index.html; + + location ~ /\.well-known { + allow all; + } + + location ~ / { + return 301 $scheme://dwarvenruins.com$request_uri; + } +} diff --git a/etc/nginx/sites-available/dwarvenvault.com.conf b/etc/nginx/sites-available/dwarvenvault.com.conf new file mode 100644 index 0000000..09356bd --- /dev/null +++ b/etc/nginx/sites-available/dwarvenvault.com.conf @@ -0,0 +1,100 @@ +# dwarvenvault.com +# www.dwarvenvault.com + +server { + server_name dwarvenvault.com; + root /var/xyzzy/html/dwarvenvault; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dwarvenvault.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dwarvenvault.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # https://ssl-config.mozilla.org/ + add_header Strict-Transport-Security "max-age=15724800" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/dwarvenvault.com/chain.pem; + resolver 9.9.9.9 8.8.8.8 1.1.1.1; + resolver_timeout 5s; + + # https://observatory.mozilla.org + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';"; +} + +server { + server_name www.dwarvenvault.com; + root /var/xyzzy/html/dwarvenvault; + index index.html; + + location ~ /\.well-known { + allow all; + } + + location ~ / { + return 301 $scheme://dwarvenvault.com$request_uri; + } + + listen [::]:443 ssl; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/dwarvenvault.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/dwarvenvault.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # https://ssl-config.mozilla.org/ + add_header Strict-Transport-Security "max-age=15724800" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/letsencrypt/live/dwarvenvault.com/chain.pem; + resolver 9.9.9.9 8.8.8.8 1.1.1.1; + resolver_timeout 5s; + + # https://observatory.mozilla.org + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';"; +} + +server { + if ($host = dwarvenvault.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + listen [::]:80; + server_name dwarvenvault.com; + root /var/xyzzy/html/dwarvenvault; + index index.html; + return 404; # managed by Certbot +} + +server { + if ($host = www.dwarvenvault.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + listen [::]:80; + server_name www.dwarvenvault.com; + root /var/xyzzy/html/dwarvenvault; + index index.html; + return 404; # managed by Certbot +} diff --git a/etc/nginx/sites-available/dwarvenvault.com.conf.bootstrap b/etc/nginx/sites-available/dwarvenvault.com.conf.bootstrap new file mode 100644 index 0000000..e96ae41 --- /dev/null +++ b/etc/nginx/sites-available/dwarvenvault.com.conf.bootstrap @@ -0,0 +1,31 @@ +# dwarvenvault.com +# www.dwarvenvault.com + +server { + listen 80; + listen [::]:80; + server_name dwarvenvault.com; + root /var/xyzzy/html/dwarvenvault; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + +} + +server { + listen 80; + listen [::]:80; + server_name www.dwarvenvault.com; + root /var/xyzzy/html/dwarvenvault; + index index.html; + + location ~ /\.well-known { + allow all; + } + + location ~ / { + return 301 $scheme://dwarvenvault.com$request_uri; + } +} diff --git a/html/dwarvenmail/favicon.ico b/html/dwarvenmail/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..526809a23e97827b497c6a440e18824aaeccb335 GIT binary patch literal 5430 zcmdUxYmA&@6vv;PZL><))h?;q?x2dqC#5M(Ojlj{rRgU=kdhEpA85s;g4j`YiBLk5 z6(S-L5#NxgyU|MA5)og8Z8afC>=vmZYsc@m^FHz9%{#L*izYqEFVA_-`JZ#%ci!8C z&=X2wU?8xT!^U|bEDa%)%gy~u#J3YWgBUJ~W}KxHTYzX;#!ynAALD9@Y(2p{;cIBX zyAVy^m^n4;A+;@R%um9tnSX%wwhVpq=G5q0qs@nnFagH5!8rT{+cWfynNy?I8f*Er z!ampx=6-}VumX0%E~tPpb86IDW36^MjDg2{HM|2)fam)&JPF3ksZnc9YG<-}3qFHu z;Ba^qc4xjZb86J)Z8?D}a=~@%^K;aw&D+xi*1`_(d>?`v;hxMlW=@UTyj@IS1g-+- zdc0M5JoAm2Q=>L-D+x3be#ftZ_4;Y|g~Wa5r9Gl=yj6}TD6B51`;FMCkecswf2SKD_KxfO#Et>$ zVl1w$=Bu^F+Nh1IGo0njXh-1e1)kuU?@`po^#bA#L)`lg+X22qMBiA<4%hj)QaHHP{V)H;kE6qt==@*VUe7aEAMI{$cFvFbyM+ zzYY_`?B56H0dKw;ecFF0%c)UoO`5l-y`AAKXQpP(nsGQ1-UN@?YkV~Lzr*vjr|0)& z=DYV^U!3i|-&cV>wt&y_d*Jzg1@`p%7ui_^_rW7zzX5RW8xYUM<3AT(Oky8rF>_I8 zjkWez4ED6QGuoNora@Q^uS4wTc{~QEgLW6h+_N*0W=>6ff0?(3z3gf4PV5duvG=F= zexDcQ3fCo?n{zp})>s?+*t1jfdHM;w$6MJF5_Q-QzNcH6J?v%APR-|O%`D;)d7u4- z;Jwz)>}AhRY%L=1TN#2ya68-t^I;`y25l#J@A-TfGp9zaHP+fA_OthF_5uR0neQ;` zzkmba@n4krRaPxt+f(qXpiYfieQWJuFSYib%{=zIp$ELjUk3XP!t>z0)(=`b-9`>@Qy*n|VG0&q2@3mc7lXSi@b44}A;&Ypowq3T7jlGN3iL5&2{QZr^ebKr# ztLbF9ewJQynSWg;gEP(2|6%@;F6Jx!q|GsOd;TAFIa~Q^NWUlPHSK1;Jw|Le2fLS= zbZ+#!nLj#*xoL^d^q;xo=w!Y%o6<)A!uR=l3cd$_gLd=3BR>Ww!+&kQ$Nc7;oi&cv z!{ak%PR+rxbpFAbnaWN)p%#(!(6avf8Q?cx9T + + + + + Dwarven Mail + + + + + + + + +
+ + + +
+ +
+ +
+ + + +
+ +
+ + + diff --git a/html/dwarvenruins/favicon.ico b/html/dwarvenruins/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..526809a23e97827b497c6a440e18824aaeccb335 GIT binary patch literal 5430 zcmdUxYmA&@6vv;PZL><))h?;q?x2dqC#5M(Ojlj{rRgU=kdhEpA85s;g4j`YiBLk5 z6(S-L5#NxgyU|MA5)og8Z8afC>=vmZYsc@m^FHz9%{#L*izYqEFVA_-`JZ#%ci!8C z&=X2wU?8xT!^U|bEDa%)%gy~u#J3YWgBUJ~W}KxHTYzX;#!ynAALD9@Y(2p{;cIBX zyAVy^m^n4;A+;@R%um9tnSX%wwhVpq=G5q0qs@nnFagH5!8rT{+cWfynNy?I8f*Er z!ampx=6-}VumX0%E~tPpb86IDW36^MjDg2{HM|2)fam)&JPF3ksZnc9YG<-}3qFHu z;Ba^qc4xjZb86J)Z8?D}a=~@%^K;aw&D+xi*1`_(d>?`v;hxMlW=@UTyj@IS1g-+- zdc0M5JoAm2Q=>L-D+x3be#ftZ_4;Y|g~Wa5r9Gl=yj6}TD6B51`;FMCkecswf2SKD_KxfO#Et>$ zVl1w$=Bu^F+Nh1IGo0njXh-1e1)kuU?@`po^#bA#L)`lg+X22qMBiA<4%hj)QaHHP{V)H;kE6qt==@*VUe7aEAMI{$cFvFbyM+ zzYY_`?B56H0dKw;ecFF0%c)UoO`5l-y`AAKXQpP(nsGQ1-UN@?YkV~Lzr*vjr|0)& z=DYV^U!3i|-&cV>wt&y_d*Jzg1@`p%7ui_^_rW7zzX5RW8xYUM<3AT(Oky8rF>_I8 zjkWez4ED6QGuoNora@Q^uS4wTc{~QEgLW6h+_N*0W=>6ff0?(3z3gf4PV5duvG=F= zexDcQ3fCo?n{zp})>s?+*t1jfdHM;w$6MJF5_Q-QzNcH6J?v%APR-|O%`D;)d7u4- z;Jwz)>}AhRY%L=1TN#2ya68-t^I;`y25l#J@A-TfGp9zaHP+fA_OthF_5uR0neQ;` zzkmba@n4krRaPxt+f(qXpiYfieQWJuFSYib%{=zIp$ELjUk3XP!t>z0)(=`b-9`>@Qy*n|VG0&q2@3mc7lXSi@b44}A;&Ypowq3T7jlGN3iL5&2{QZr^ebKr# ztLbF9ewJQynSWg;gEP(2|6%@;F6Jx!q|GsOd;TAFIa~Q^NWUlPHSK1;Jw|Le2fLS= zbZ+#!nLj#*xoL^d^q;xo=w!Y%o6<)A!uR=l3cd$_gLd=3BR>Ww!+&kQ$Nc7;oi&cv z!{ak%PR+rxbpFAbnaWN)p%#(!(6avf8Q?cx9T + + + + + Dwarven Ruins + + + + + + + + +
+ + + +
+ +
+ +
+ + + +
+ +
+ + + diff --git a/html/dwarvenvault/favicon.ico b/html/dwarvenvault/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..526809a23e97827b497c6a440e18824aaeccb335 GIT binary patch literal 5430 zcmdUxYmA&@6vv;PZL><))h?;q?x2dqC#5M(Ojlj{rRgU=kdhEpA85s;g4j`YiBLk5 z6(S-L5#NxgyU|MA5)og8Z8afC>=vmZYsc@m^FHz9%{#L*izYqEFVA_-`JZ#%ci!8C z&=X2wU?8xT!^U|bEDa%)%gy~u#J3YWgBUJ~W}KxHTYzX;#!ynAALD9@Y(2p{;cIBX zyAVy^m^n4;A+;@R%um9tnSX%wwhVpq=G5q0qs@nnFagH5!8rT{+cWfynNy?I8f*Er z!ampx=6-}VumX0%E~tPpb86IDW36^MjDg2{HM|2)fam)&JPF3ksZnc9YG<-}3qFHu z;Ba^qc4xjZb86J)Z8?D}a=~@%^K;aw&D+xi*1`_(d>?`v;hxMlW=@UTyj@IS1g-+- zdc0M5JoAm2Q=>L-D+x3be#ftZ_4;Y|g~Wa5r9Gl=yj6}TD6B51`;FMCkecswf2SKD_KxfO#Et>$ zVl1w$=Bu^F+Nh1IGo0njXh-1e1)kuU?@`po^#bA#L)`lg+X22qMBiA<4%hj)QaHHP{V)H;kE6qt==@*VUe7aEAMI{$cFvFbyM+ zzYY_`?B56H0dKw;ecFF0%c)UoO`5l-y`AAKXQpP(nsGQ1-UN@?YkV~Lzr*vjr|0)& z=DYV^U!3i|-&cV>wt&y_d*Jzg1@`p%7ui_^_rW7zzX5RW8xYUM<3AT(Oky8rF>_I8 zjkWez4ED6QGuoNora@Q^uS4wTc{~QEgLW6h+_N*0W=>6ff0?(3z3gf4PV5duvG=F= zexDcQ3fCo?n{zp})>s?+*t1jfdHM;w$6MJF5_Q-QzNcH6J?v%APR-|O%`D;)d7u4- z;Jwz)>}AhRY%L=1TN#2ya68-t^I;`y25l#J@A-TfGp9zaHP+fA_OthF_5uR0neQ;` zzkmba@n4krRaPxt+f(qXpiYfieQWJuFSYib%{=zIp$ELjUk3XP!t>z0)(=`b-9`>@Qy*n|VG0&q2@3mc7lXSi@b44}A;&Ypowq3T7jlGN3iL5&2{QZr^ebKr# ztLbF9ewJQynSWg;gEP(2|6%@;F6Jx!q|GsOd;TAFIa~Q^NWUlPHSK1;Jw|Le2fLS= zbZ+#!nLj#*xoL^d^q;xo=w!Y%o6<)A!uR=l3cd$_gLd=3BR>Ww!+&kQ$Nc7;oi&cv z!{ak%PR+rxbpFAbnaWN)p%#(!(6avf8Q?cx9T + + + + + Dwarven Vault + + + + + + + + +
+ + + +
+ +
+ +
+ + + +
+ +
+ + +