import the dwarven empire

2024-03-31 10:44:34 -05:00 · 2024-03-31 10:44:34 -05:00 · 0c57aa32c6
commit 0c57aa32c6
parent 363b83f93d
23 changed files with 1167 additions and 2 deletions
--- a/etc/nginx/sites-available/dwarvenmail.com.conf
+++ b/etc/nginx/sites-available/dwarvenmail.com.conf
@ -0,0 +1,100 @@
+# dwarvenmail.com
+# www.dwarvenmail.com
+
+server {
+    server_name dwarvenmail.com;
+    root /var/xyzzy/html/dwarvenmail;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/dwarvenmail.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dwarvenmail.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    # https://ssl-config.mozilla.org/
+    add_header Strict-Transport-Security "max-age=15724800" always;
+
+    # OCSP stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/letsencrypt/live/dwarvenmail.com/chain.pem;
+    resolver 9.9.9.9 8.8.8.8 1.1.1.1;
+    resolver_timeout 5s;
+
+    # https://observatory.mozilla.org
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
+}
+
+server {
+    server_name www.dwarvenmail.com;
+    root /var/xyzzy/html/dwarvenmail;
+    index index.html;
+
+    location ~ /\.well-known {
+        allow all;
+    }
+
+    location ~ / {
+        return 301 $scheme://dwarvenmail.com$request_uri;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/dwarvenmail.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dwarvenmail.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    # https://ssl-config.mozilla.org/
+    add_header Strict-Transport-Security "max-age=15724800" always;
+
+    # OCSP stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/letsencrypt/live/dwarvenmail.com/chain.pem;
+    resolver 9.9.9.9 8.8.8.8 1.1.1.1;
+    resolver_timeout 5s;
+
+    # https://observatory.mozilla.org
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
+}
+
+server {
+    if ($host = dwarvenmail.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    listen [::]:80;
+    server_name dwarvenmail.com;
+    root /var/xyzzy/html/dwarvenmail;
+    index index.html;
+    return 404; # managed by Certbot
+}
+
+server {
+    if ($host = www.dwarvenmail.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    listen [::]:80;
+    server_name www.dwarvenmail.com;
+    root /var/xyzzy/html/dwarvenmail;
+    index index.html;
+    return 404; # managed by Certbot
+}