Skip to content

Instantly share code, notes, and snippets.

@shelbyKiraM

shelbyKiraM/cuddli.conf

Last active March 14, 2017 14:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shelbyKiraM/746e6ad248354fd0e493425705d71f79 to your computer and use it in GitHub Desktop.
Save shelbyKiraM/746e6ad248354fd0e493425705d71f79 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cuddli.conf
server {
server_name cudd.li www.cudd.li;
listen 80;
return 301 https://cudd.li$request_uri;
}
server {
server_name cudd.li www.cudd.li;
listen 443 ssl http2;
index index.php index.html index.htm;
root /home/user/http/cuddli;
ssl on;
ssl_certificate /etc/letsencrypt/live/cudd.li/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cudd.li/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=0;";
location ~* /\.\./ {
deny all;
return 404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_read_timeout 300;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /blog/index.php?p=$uri&$args;
}
}
Raw
letsgo.sh
#!/bin/bash
echo "service nginx stop"
service nginx stop
echo "swo.re"
letsencrypt certonly --standalone -d swo.re -d www.swo.re -d mail.swo.re
echo "cudd.li"
letsencrypt certonly --standalone -d cudd.li -d www.cudd.li
echo "shelbymunsch.com"
letsencrypt certonly --standalone -d shelbymunsch.com -d www.shelbymunsch.com
echo "emiliemunsch.com"
letsencrypt certonly --standalone -d emiliemunsch.com -d www.emiliemunsch.com
echo "smuns.ch"
letsencrypt certonly --standalone -d smuns.ch -d www.smuns.ch
echo "theoutcast.info"
letsencrypt certonly --standalone -d theoutcast.info -d www.theoutcast.info
echo "service nginx restart"
service nginx restart
echo "done."
Raw
nginx.conf
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:SSL:10m;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
include /var/www/*/.nginx/nginx.conf;
}
Raw
nginx2.conf
include /var/www/she/.nginx/sites-enabled/*.conf;
Raw
openssl-output.txt
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-66-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Last login: Tue Mar 14 14:10:38 2017 from 73.93.141.37
14:12:55 root@swo.re / openssl s_client -connect swo.re:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = cudd.li
verify return:1
---
Certificate chain
0 s:/CN=cudd.li
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISA9vTCac/o+WlWYU9aFdTLGRlMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMTQwMzQ2MDBaFw0x
NzA2MTIwMzQ2MDBaMBIxEDAOBgNVBAMTB2N1ZGQubGkwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDxpnoRw4jSocnkB1yRypAUcPmsYAZ5DkwtABGKq57e
MXq/GwyRMjgGr19ecnhZJMZcDzsMHut0u8yADyOJObXNKEKM12AXgB5mTtM527KV
J1+IUGdFvGhzMW33vMFdymPXQqRQ9WZfNoBjgwj65Xm4OWe3OuAyWiDD0umWJRie
e2/HfAIE94oSV2SH431tI8X/bq+fjhB2HuT6lI3UNsoMB21TwjR630QREhWmtASh
yj3lyXrhCC0h3v8/AJf1alkdNHZIkSLEhV3TMXDKdHv4VR1OtNfa19IQwpwRhkL+
5iRodmuUeFl9fT0w4XP21HM4nmG80FU1GeArxqtjMBPNAgMBAAGjggIVMIICETAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFAt1DU+pRm8cjhn3CCy0eiY4o5ljMB8GA1Ud
IwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEBBGQwYjAvBggr
BgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYI
KwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB8G
A1UdEQQYMBaCB2N1ZGQubGmCC3d3dy5jdWRkLmxpMIH+BgNVHSAEgfYwgfMwCAYG
Z4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nw
cy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZp
Y2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMg
YW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xp
Y3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8w
DQYJKoZIhvcNAQELBQADggEBAHlg84nRNNl34PVtk4RzpVqkeT2fjZR4D8OnC17B
+t9lJOaBAEsd9K7gSxEGFIQOnH8a8w4+TW832kDctMFBzK2xAe1fEevkbW18U+x7
xTN80fwNS7mdnw5muj3wTu8uJ3DdPKAukEazoAq72TYU6SiZMt7N60ikRpt9x7hm
XjO22Bw2AfB5JYvZ5Us/Ub3BADiKCN4kseJzOd8Tm6LMfLlKCzg2B2gRmhhzTI0s
WAB2fcG+gFQhnpJR4swALl+OjAcLaMUJJSAJkt3oIF0rSpw7ZRRgt1BBCwNQ1GSM
CEhGJ+7nuARCRTTgCfevR7BP7riLffL/bm2grhszxr/HdSM=
-----END CERTIFICATE-----
subject=/CN=cudd.li
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3135 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 09879233727A2B98B8D78F67B4F8F13BBF82AB5A15F1B7D397AE1800BB269A86
Session-ID-ctx:
Master-Key: 3EC707C3A6CD1D567A5B0706ECD0FFFBC8E4B19E4B1C058C03ADA3B8359072EF41D4597CB0EC3FF9A9DECD6E44A81768
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 20 87 8c 38 af 6b dd a1-b0 b2 a0 0f 1d 22 cb 6e ..8.k.......".n
0010 - 06 c7 02 40 4b e2 8b 44-6b ca 1f cc 1f 8a a5 07 ...@K..Dk.......
0020 - 99 23 72 8a a1 cd df 59-9b 7d 47 41 7a d6 f2 f6 .#r....Y.}GAz...
0030 - 78 6b b9 aa 44 e5 3f 27-f5 ac 34 8a 9f 53 e0 4e xk..D.?'..4..S.N
0040 - 1a 03 dd eb 7f 11 5b ed-f1 1c bc cb ab d1 24 a3 ......[.......$.
0050 - ce 83 f7 5e fa b6 68 f8-80 c8 29 a0 4d 76 51 d5 ...^..h...).MvQ.
0060 - 27 b9 e2 15 ba 85 64 b3-a5 d2 f9 e0 15 75 01 9e '.....d......u..
0070 - f6 84 b1 82 e2 6f 53 a7-0f 2d 9b fe a8 8b 40 ed .....oS..-....@.
0080 - c5 0c 14 c1 30 71 34 54-24 b1 7c 9e 88 74 8a f3 ....0q4T$.|..t..
0090 - 15 10 54 71 77 50 fa d3-0a b7 7c b9 9a 9c 58 f2 ..TqwP....|...X.
00a0 - d4 2e 5e 18 7c 9a 2e 33-69 80 c3 60 35 7c fb 36 ..^.|..3i..`5|.6
Start Time: 1489500778
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
^C
14:13:04 root@swo.re / 130 ↵
Raw
smunsch.conf
server {
server_name smuns.ch www.smuns.ch;
listen 80;
return 301 https://smuns.ch$request_uri;
}
server {
server_name www.smuns.ch;
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/smuns.ch/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/smuns.ch/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=0;";
return 301 https://smuns.ch$request_uri;
}
server {
server_name smuns.ch;
listen 443 ssl;
root /home/she/http/smunsch;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/letsencrypt/live/smuns.ch/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/smuns.ch/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=0;";
location ~* /\.\./ {
deny all;
return 404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_read_timeout 300;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /blog/index.php?p=$uri&$args;
}
}
Raw
swore.conf
server {
server_name swo.re www.swo.re mail.swo.re;
listen 80;
return 301 https://swo.re$request_uri;
}
server {
server_name www.swo.re mail.swo.re;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/swo.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/swo.re/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=0;";
return 301 https://swo.re$request_uri;
}
server {
server_name swo.re;
listen 443 ssl http2;
index index.php index.html index.htm;
root /home/she/http/swore;
ssl_certificate /etc/letsencrypt/live/swo.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/swo.re/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=0;";
location ~* /\.\./ {
deny all;
return 404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /redir.php?p=$uri&$args;
}
location /fap/ {
autoindex on;
}
location /reactions/ {
autoindex on;
}
location /reaction/ {
autoindex on;
}
location /img/ {
autoindex on;
}
location /TFSM/ {
autoindex on;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment