import the dwarven empire
This commit is contained in:
parent
363b83f93d
commit
0c57aa32c6
23 changed files with 1167 additions and 2 deletions
16
doc/00_nginx-base.txt
Normal file
16
doc/00_nginx-base.txt
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
|
||||
apt-get install --no-install-recommends \
|
||||
nginx nginx-core libnginx-mod-stream \
|
||||
certbot python3-certbot-nginx
|
||||
|
||||
cd /etc/nginx/modules-enabled
|
||||
|
||||
rm \
|
||||
50-mod-http-geoip.conf \
|
||||
50-mod-http-image-filter.conf \
|
||||
50-mod-http-xslt-filter.conf \
|
||||
50-mod-mail.conf \
|
||||
70-mod-stream-geoip.conf
|
||||
|
||||
cp security.conf /etc/nginx/conf.d/
|
||||
|
||||
21
doc/00_xyzzy-ee.txt
Normal file
21
doc/00_xyzzy-ee.txt
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
|
||||
cp xyzzy.ee.conf.bootstrap \
|
||||
/etc/nginx/sites-available/xyzzy.ee.conf
|
||||
|
||||
cd /etc/nginx/sites-enabled
|
||||
rm default
|
||||
ln -s /etc/nginx/sites-available/xyzzy.ee.conf 00xyzzy.ee.conf
|
||||
cd -
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
certbot --nginx -d xyzzy.ee,www.xyzzy.ee \
|
||||
--agree-tos -m "hostmaster@xyzzy.ee" --no-eff-email \
|
||||
--deploy-hook "systemctl reload nginx"
|
||||
|
||||
cp xyzzy.ee.conf /etc/nginx/sites-available/xyzzy.ee.conf
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
20
doc/01_xyzzy-fi.txt
Normal file
20
doc/01_xyzzy-fi.txt
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
cp xyzzy.fi.conf.bootstrap \
|
||||
/etc/nginx/sites-available/xyzzy.fi.conf
|
||||
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s /etc/nginx/sites-available/xyzzy.fi.conf 01xyzzy.fi.conf
|
||||
cd -
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
certbot --nginx -d xyzzy.fi,www.xyzzy.fi \
|
||||
--agree-tos -m "hostmaster@xyzzy.fi" --no-eff-email \
|
||||
--deploy-hook "systemctl reload nginx"
|
||||
|
||||
cp xyzzy.fi.conf /etc/nginx/sites-available/xyzzy.fi.conf
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
20
doc/02_git-xyzzy-ee.txt
Normal file
20
doc/02_git-xyzzy-ee.txt
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
cp git.xyzzy.ee.conf.bootstrap \
|
||||
/etc/nginx/sites-available/git.xyzzy.ee.conf
|
||||
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s /etc/nginx/sites-available/git.xyzzy.ee.conf 02git.xyzzy.ee.conf
|
||||
cd -
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
certbot --nginx -d git.xyzzy.ee \
|
||||
--agree-tos -m "hostmaster@xyzzy.ee" --no-eff-email \
|
||||
--deploy-hook "systemctl reload nginx"
|
||||
|
||||
cp git.xyzzy.ee.conf /etc/nginx/sites-available/git.xyzzy.ee.conf
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
20
doc/03_dwarvenruins-com.txt
Normal file
20
doc/03_dwarvenruins-com.txt
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
cp dwarvenruins.com.conf.bootstrap \
|
||||
/etc/nginx/sites-available/dwarvenruins.com.conf
|
||||
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s /etc/nginx/sites-available/dwarvenruins.com.conf 03dwarvenruins.com.conf
|
||||
cd -
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
certbot --nginx -d dwarvenruins.com,www.dwarvenruins.com \
|
||||
--agree-tos -m "hostmaster@dwarvenruins.com" --no-eff-email \
|
||||
--deploy-hook "systemctl reload nginx"
|
||||
|
||||
cp dwarvenruins.com.conf /etc/nginx/sites-available/dwarvenruins.com.conf
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
20
doc/04_dwarvenmail-com.txt
Normal file
20
doc/04_dwarvenmail-com.txt
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
cp dwarvenmail.com.conf.bootstrap \
|
||||
/etc/nginx/sites-available/dwarvenmail.com.conf
|
||||
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s /etc/nginx/sites-available/dwarvenmail.com.conf 04dwarvenmail.com.conf
|
||||
cd -
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
certbot --nginx -d dwarvenmail.com,www.dwarvenmail.com \
|
||||
--agree-tos -m "hostmaster@dwarvenmail.com" --no-eff-email \
|
||||
--deploy-hook "systemctl reload nginx"
|
||||
|
||||
cp dwarvenmail.com.conf /etc/nginx/sites-available/dwarvenmail.com.conf
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
20
doc/05_dwarvenvault-com.txt
Normal file
20
doc/05_dwarvenvault-com.txt
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
cp dwarvenvault.com.conf.bootstrap \
|
||||
/etc/nginx/sites-available/dwarvenvault.com.conf
|
||||
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s /etc/nginx/sites-available/dwarvenvault.com.conf 05dwarvenvault.com.conf
|
||||
cd -
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
certbot --nginx -d dwarvenvault.com,www.dwarvenvault.com \
|
||||
--agree-tos -m "hostmaster@dwarvenvault.com" --no-eff-email \
|
||||
--deploy-hook "systemctl reload nginx"
|
||||
|
||||
cp dwarvenvault.com.conf /etc/nginx/sites-available/dwarvenvault.com.conf
|
||||
|
||||
nginx -t
|
||||
systemctl restart nginx
|
||||
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
Debian 12 minimal installation, ensure the SSH server and standard system tools are included.
|
||||
|
||||
Note: text files to help with nginx deployment and/or migrating sites to new hosts/VMs (certbot et. al) are ancillary to this document.
|
||||
|
||||
|
||||
## Base Configuration
|
||||
|
||||
|
|
@ -90,10 +92,18 @@ else
|
|||
fi
|
||||
```
|
||||
|
||||
After confirming the change is correct:
|
||||
Ensure SSH client alive is configured in `/etc/ssh/sshd_config`:
|
||||
|
||||
```
|
||||
systemctl restart sshd
|
||||
TCPKeepAlive yes
|
||||
ClientAliveInterval 60
|
||||
ClientAliveCountMax 3
|
||||
```
|
||||
|
||||
After confirming the `sshd_config` changes are correct:
|
||||
|
||||
```
|
||||
systemctl restart sshd.service
|
||||
```
|
||||
|
||||
Test logging in again as the user and sudo to root in another term.
|
||||
Loading…
Add table
Add a link
Reference in a new issue