add tetóke

etc/nginx/sites-available/tetoke.com.conf

@@ -0,0 +1,87 @@
+# tetoke.com
+# www.tetoke.com
+
+server {
+    server_name tetoke.com;
+    root /var/xyzzy/html/tetoke;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/tetoke.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/tetoke.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    # https://ssl-config.mozilla.org/
+    add_header Strict-Transport-Security "max-age=15724800" always;
+
+    # https://observatory.mozilla.org
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
+}
+
+server {
+    server_name www.tetoke.com;
+    root /var/xyzzy/html/tetoke;
+    index index.html;
+
+    location ~ /\.well-known {
+        allow all;
+    }
+
+    location ~ / {
+        return 301 $scheme://tetoke.com$request_uri;
+    }
+
+    listen [::]:443 ssl; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/tetoke.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/tetoke.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    # https://ssl-config.mozilla.org/
+    add_header Strict-Transport-Security "max-age=15724800" always;
+
+    # https://observatory.mozilla.org
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+    add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';";
+}
+
+server {
+    if ($host = tetoke.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    listen [::]:80;
+    server_name tetoke.com;
+    root /var/xyzzy/html/tetoke;
+    index index.html;
+    return 404; # managed by Certbot
+}
+
+server {
+    if ($host = www.tetoke.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    listen [::]:80;
+    server_name www.tetoke.com;
+    root /var/xyzzy/html/tetoke;
+    index index.html;
+    return 404; # managed by Certbot
+}
+

etc/nginx/sites-available/tetoke.com.conf.bootstrap

@@ -0,0 +1,30 @@
+# tetoke.com
+# www.tetoke.com
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name tetoke.com;
+    root /var/xyzzy/html/tetoke;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name www.tetoke.com;
+    root /var/xyzzy/html/tetoke;
+    index index.html;
+
+    location ~ /\.well-known {
+        allow all;
+    }
+
+    location ~ / {
+        return 301 $scheme://tetoke.com$request_uri;
+    }
+}