diff --git a/.etckeeper b/.etckeeper index f884ca8a..9f257e84 100755 --- a/.etckeeper +++ b/.etckeeper @@ -732,6 +732,10 @@ maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1587868886.csr' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1587868886.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1594783398.csr' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1594783398.pem' +maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.csr' +maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.pem' +maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.csr' +maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/chain-1579873308.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/chain-1587868886.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/chain-1594783398.pem' @@ -741,6 +745,8 @@ maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/fullchain-1594783398.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/privkey-1579873308.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/privkey-1587868886.pem' maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/privkey-1594783398.pem' +maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/privkey-1605553624.pem' +maybe chmod 0600 'dehydrated/certs/vpn.ovalwonder.com/privkey-1605553735.pem' maybe chmod 0700 'dehydrated/certs/wifi.natalieandjoshua.com' maybe chmod 0600 'dehydrated/certs/wifi.natalieandjoshua.com/cert-1579873368.csr' maybe chmod 0600 'dehydrated/certs/wifi.natalieandjoshua.com/cert-1579873368.pem' @@ -1523,6 +1529,8 @@ maybe chmod 0644 'letsencrypt/archive/5f3b42dd7a0ab1cb.natalieandjoshua.com/priv maybe chmod 0644 'letsencrypt/archive/5f3b42dd7a0ab1cb.natalieandjoshua.com/privkey6.pem' maybe chmod 0644 'letsencrypt/archive/5f3b42dd7a0ab1cb.natalieandjoshua.com/privkey7.pem' maybe chmod 0644 'letsencrypt/archive/5f3b42dd7a0ab1cb.natalieandjoshua.com/privkey8.pem' +maybe chmod 0755 'letsencrypt/archive/pihole-f.natalieandjoshua.com' +maybe chmod 0755 'letsencrypt/archive/pihole-s.natalieandjoshua.com' maybe chmod 0755 'letsencrypt/archive/rss.natalieandjoshua.com' maybe chmod 0644 'letsencrypt/archive/rss.natalieandjoshua.com/cert1.pem' maybe chmod 0644 'letsencrypt/archive/rss.natalieandjoshua.com/cert2.pem' @@ -1544,6 +1552,7 @@ maybe chmod 0644 'letsencrypt/archive/rss.natalieandjoshua.com/privkey2.pem' maybe chmod 0644 'letsencrypt/archive/rss.natalieandjoshua.com/privkey3.pem' maybe chmod 0644 'letsencrypt/archive/rss.natalieandjoshua.com/privkey4.pem' maybe chmod 0644 'letsencrypt/archive/rss.natalieandjoshua.com/privkey5.pem' +maybe chmod 0755 'letsencrypt/archive/rush.natalieandjoshua.com' maybe chmod 0755 'letsencrypt/archive/vpn.ovalwonder.com' maybe chmod 0644 'letsencrypt/archive/vpn.ovalwonder.com/cert1.pem' maybe chmod 0644 'letsencrypt/archive/vpn.ovalwonder.com/cert2.pem' @@ -13715,8 +13724,11 @@ maybe chmod 0600 'letsencrypt/keys/6040_key-certbot.pem' maybe chmod 0700 'letsencrypt/live' maybe chmod 0755 'letsencrypt/live/5f3b42dd7a0ab1cb.natalieandjoshua.com' maybe chmod 0644 'letsencrypt/live/5f3b42dd7a0ab1cb.natalieandjoshua.com/README' +maybe chmod 0755 'letsencrypt/live/pihole-f.natalieandjoshua.com' +maybe chmod 0755 'letsencrypt/live/pihole-s.natalieandjoshua.com' maybe chmod 0755 'letsencrypt/live/rss.natalieandjoshua.com' maybe chmod 0644 'letsencrypt/live/rss.natalieandjoshua.com/README' +maybe chmod 0755 'letsencrypt/live/rush.natalieandjoshua.com' maybe chmod 0755 'letsencrypt/live/vpn.ovalwonder.com' maybe chmod 0644 'letsencrypt/live/vpn.ovalwonder.com/README' maybe chmod 0755 'letsencrypt/live/wifi.natalieandjoshua.com' @@ -13729,7 +13741,10 @@ maybe chmod 0755 'letsencrypt/renewal-hooks/deploy' maybe chmod 0755 'letsencrypt/renewal-hooks/post' maybe chmod 0755 'letsencrypt/renewal-hooks/pre' maybe chmod 0644 'letsencrypt/renewal/5f3b42dd7a0ab1cb.natalieandjoshua.com.conf' +maybe chmod 0644 'letsencrypt/renewal/pihole-f.natalieandjoshua.com.conf' +maybe chmod 0644 'letsencrypt/renewal/pihole-s.natalieandjoshua.com.conf' maybe chmod 0644 'letsencrypt/renewal/rss.natalieandjoshua.com.conf' +maybe chmod 0644 'letsencrypt/renewal/rush.natalieandjoshua.com.conf' maybe chmod 0644 'letsencrypt/renewal/vpn.ovalwonder.com.conf' maybe chmod 0644 'letsencrypt/renewal/wifi.natalieandjoshua.com.conf' maybe chmod 0644 'letsencrypt/renewal/wifi2.natalieandjoshua.com.conf' @@ -13853,6 +13868,8 @@ maybe chmod 0644 'nginx/nginx.conf' maybe chmod 0644 'nginx/proxy_params' maybe chmod 0644 'nginx/scgi_params' maybe chmod 0755 'nginx/sites-available' +maybe chown 'jgdye' 'nginx/sites-available/default' +maybe chgrp 'jgdye' 'nginx/sites-available/default' maybe chmod 0644 'nginx/sites-available/default' maybe chmod 0644 'nginx/sites-available/novnc' maybe chmod 0644 'nginx/sites-available/pihole' @@ -13862,6 +13879,15 @@ maybe chmod 0644 'nginx/sites-available/slim' maybe chmod 0644 'nginx/sites-available/wifi' maybe chmod 0644 'nginx/sites-available/wifi2' maybe chmod 0755 'nginx/sites-enabled' +maybe chown 'jgdye' 'nginx/sites-enabled/default' +maybe chgrp 'jgdye' 'nginx/sites-enabled/default' +maybe chmod 0644 'nginx/sites-enabled/default' +maybe chmod 0644 'nginx/sites-enabled/novnc' +maybe chmod 0644 'nginx/sites-enabled/pihole' +maybe chmod 0644 'nginx/sites-enabled/rss' +maybe chmod 0644 'nginx/sites-enabled/rush' +maybe chmod 0644 'nginx/sites-enabled/wifi' +maybe chmod 0644 'nginx/sites-enabled/wifi2' maybe chmod 0755 'nginx/snippets' maybe chmod 0644 'nginx/snippets/fastcgi-php.conf' maybe chmod 0644 'nginx/snippets/snakeoil.conf' diff --git a/dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.csr b/dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.csr new file mode 100644 index 00000000..ece150e5 --- /dev/null +++ b/dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEkjCCAnoCAQAwHTEbMBkGA1UEAwwSdnBuLm92YWx3b25kZXIuY29tMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAud4TAu9pcpTVQE3/d4k7EOH/M0/y +j3jRkEOPUdhzAdeQumyhw/vuSXTM6WWbQvuWaglvkEI1eVQ51xyNQkHVU5htNk4+ +blXvdSwE/AsB6SDkip3LXgynPchbetuQBgyqjHc5rlWhSYbnU/yh4W8PZdTrySO0 +Hb/RACeOHl2Y9WcLykCbadQSlwx1wMtopNabde66ODUzM2IqgF80nDldpwYjEQ60 +i/3ySHc74YtTZjd7IQQ65+MebMwshzxEs15EeM/O272bvXasz6QJmwDzzOZPyVBN +g74+WW8Mzx5U+D9PJF+a36Al5nn4OCITDQlx7En5EtEmbWw7gggecynowxjT/x+Z +UkQI/slIvKnyhZNp7NB6Ay79LvfsBiV2fsGgi8C5f3VYVo5gAjcN+HpavW5bcSVO +N4U8YvtGgu51y1MOg7QVcY7rk+s3gU2CYiUCBn7geQoITMEX+WSE061MFEtdOsXG +zmsBFyKGYAXGmIB4lJgIrxVTHXuxM/DkZXaWi4LJSEK5lSFMhtMtlic6Q3RewaLn +s5d7Hrnt7STTbB5YcP1Pp+di9nX4ihSXZKPp7LLlRwU5GIFY5p63ZIl3FmxEBOBa +bWyQLhOq6nDn7AieJOkuoTwFJsYM63taXNRnmu5oiz2JJMIQiLmV1i+XY/tNhEun +nTL8KuW8XSwsib0CAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYwFIIS +dnBuLm92YWx3b25kZXIuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQCZu9SWV4aWnj3a +HqzDEN//RA0yijJ8+TcpyDM9MibN+ZcDjsu+NQf/AjpnmqyMnWcKvH5YBppXvpT5 +bUsAHUyEGDlcT6u8BMbsnyJ8gyi75X2pMzcQZ2RGZfCHGPdykJrQlK/gqgdagPHY +VjuA2GFL6oRzUOxKOy6MQo0odpueKJqnI9dv5ruwJeiiTfTPZ6g/xNwY0Ijn3OuF +8DUcLaaM3Sl3OEAH90Tbj7s9ErSBYJ21ZsWT+ZfPofGtYW8qG4/yUOsNRqE3v6eY +o/e9lFg2Vtjk+b/N/TjKHNehgUQAGie3WjqNOSsK9S4Te11gQe89IOJTYDZ24Khc +GzLFh1rsrak5dElIgrsUpbpm2V3s+u9GHCWyeJutSBNOZDJ+gg18z895bfR/DdTh +CpJbyOCdCWedF7axuSU1vItJRScIQwKW2fftRVaD6nmeHJePfJ4AhyLZM8xcbcFE +SUfe6inPAWtGs8dftvKzKd4Vr1kqWvrDsjZMrfIKSivBzFlrELfriVkepoLsWIGB +dD+Z0zVFHRrbPqSC/IkhmMCD74h8u+SJxWg7WwzeR2RDSZOeepOpWLCX2gyct+NN +kynVb0HV5OOud7biqsfdYeADswW7Psa0/kZ8iSRLh+JNPf/7V6WmsEHpusx2+dmY +Cb27vhLIuLA/fumU0KOQHqhQWGY+iA== +-----END CERTIFICATE REQUEST----- diff --git a/dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.pem b/dehydrated/certs/vpn.ovalwonder.com/cert-1605553624.pem new file mode 100644 index 00000000..e69de29b diff --git a/dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.csr b/dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.csr new file mode 100644 index 00000000..0fc5b073 --- /dev/null +++ b/dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEkjCCAnoCAQAwHTEbMBkGA1UEAwwSdnBuLm92YWx3b25kZXIuY29tMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAraIJ2GZfWtQeb9kfonWISygikKoP +P1TFfkVGI7UV1nefR319cGel4eQHs23ifpA3OI/SEN40lqlA0Cp499I/3jg6oK8P +OTy+D6vlMGfbOqaNE3zKAYxTIIufmrAq/Fwj6ffAByzGBqAcX84t1Bn6ZWG41UQ3 +pnrSbzPqxuqnjpkth6ipHmg5ae+moeADrk6ap7SdilG3c7IEdQgDcRDgFB7kfGnk +8c0u7AhASsJKqPhxxQqMJFS5BX1WJYy4X0yfUsJDTfO9ZL02uxUj84VU6XAkdo9e +v6FmyZ85yMmdtZNIZJgs1fe1lIj1HQpsEpx99PLL9Zh+SKgVJoe/uzimh8mCgoXw +R4IOEFIfdtM5XIQaYjnOgUg4+NC1R2SnhDc5zVdmERDM1RkuibFPqFrn/vH+0Uuj +Nx/NADuuY4TbiIgeMAwZ9pPj8QztW3ita3TlcahaMNt0983c3M2dlQIeWHAa4nMO +ETCAV/2VkleUWe+E7usTiBEOu96Yd3V/jB6cjXU7FKHmlqvFByvbvHqOmOMor4xN +IIi5mTaV/C7gtAvk7mwsC3+BE++hAb1G97NVGNnZSqb3W8lGBLXr0dLA8roOlk3q +uhpm/r7XzttUbpB9gRh1G61BfR9NsmGgt6bo4bM+TawhrUPTfReJ09BH9Bv91aMd +UwPrVBvM6wRRbG8CAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYwFIIS +dnBuLm92YWx3b25kZXIuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQAFgWmBMmyoH9R5 +A1iJ5vlc+zjpNGRv8MLKf/wOo7moxnvid4cY0bHtAedODkgUhIUopBd/IAVUd6Sv +rIGsquG8b2+TbqFBmTheKbCgvEehQ8JVsGG/Zw+QUWLWRHsTRd8naZHc7BWFtMmW +LlxtBL9hT/X0DER5toJDUuhr3/f46y6vEB44F+ReUYy9skiQ4uA5Lbw0am9vSvg/ +Ra+XQID8Psoh5XwpBSAixnwjRZsdN9uhpUcntROZq3vbs/J1i54FCKJbDbOn0o0I +ouKaEHs5Kq1+BZVHRtvc3LkqZiWqG51giqD0WkloMNd5b/UAk595G6GwIjmAIGkv +C5e8SWQQPGTKmMMyoJnkZ81HDUNrUrUchHsdQAiuQLpgv+z6reiznc89ODBfizjM +DHsO4rP275iZVCq+jIMptD+B3mpPsAHCaJov/f4yc+uVsPhF3+LbXpqDAbqTfmIT +IUHRJJ5TsLJdlzsPUsoY8Fr+msC4FW+9TTqgjMSC2pQYW8VklJEVU839YdlSAqvQ +VQ4MAQ0JpWsCg0i0O4A9qPy6RbmHuYvpU4rigpZ6R5XYpLi3ANd0MXJwselbAWDv +VNl6a7xYzdQRZqAeYAsmbg02kbF804OFkU9zPf8MUARhb7aJ5FV+6SehEMV2gwVI +T/JPJbU9lIAVINMTNSAk47hHV0i7Jw== +-----END CERTIFICATE REQUEST----- diff --git a/dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.pem b/dehydrated/certs/vpn.ovalwonder.com/cert-1605553735.pem new file mode 100644 index 00000000..e69de29b diff --git a/dehydrated/certs/vpn.ovalwonder.com/privkey-1605553624.pem b/dehydrated/certs/vpn.ovalwonder.com/privkey-1605553624.pem new file mode 100644 index 00000000..5c3720f0 --- /dev/null +++ b/dehydrated/certs/vpn.ovalwonder.com/privkey-1605553624.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAud4TAu9pcpTVQE3/d4k7EOH/M0/yj3jRkEOPUdhzAdeQumyh +w/vuSXTM6WWbQvuWaglvkEI1eVQ51xyNQkHVU5htNk4+blXvdSwE/AsB6SDkip3L +XgynPchbetuQBgyqjHc5rlWhSYbnU/yh4W8PZdTrySO0Hb/RACeOHl2Y9WcLykCb +adQSlwx1wMtopNabde66ODUzM2IqgF80nDldpwYjEQ60i/3ySHc74YtTZjd7IQQ6 +5+MebMwshzxEs15EeM/O272bvXasz6QJmwDzzOZPyVBNg74+WW8Mzx5U+D9PJF+a +36Al5nn4OCITDQlx7En5EtEmbWw7gggecynowxjT/x+ZUkQI/slIvKnyhZNp7NB6 +Ay79LvfsBiV2fsGgi8C5f3VYVo5gAjcN+HpavW5bcSVON4U8YvtGgu51y1MOg7QV +cY7rk+s3gU2CYiUCBn7geQoITMEX+WSE061MFEtdOsXGzmsBFyKGYAXGmIB4lJgI +rxVTHXuxM/DkZXaWi4LJSEK5lSFMhtMtlic6Q3RewaLns5d7Hrnt7STTbB5YcP1P +p+di9nX4ihSXZKPp7LLlRwU5GIFY5p63ZIl3FmxEBOBabWyQLhOq6nDn7AieJOku +oTwFJsYM63taXNRnmu5oiz2JJMIQiLmV1i+XY/tNhEunnTL8KuW8XSwsib0CAwEA +AQKCAgAus5kNTMCvFKx8ityc2XNo65AnAXiOCiqF2CPjycIj/VkVLoR67QtTk7CF +GI2ph/OkUxigI7Kx+LLL1RW9RzNl3M/cLE7NhHQ1eckK1200eZpTJhDaYc2H3Zb2 +yMJocrhLsQ1iO4vaILZxSPIX5cL1sElKcdko/HB0XHv+L0BmsOyqdg9WyP2ezHet +6K4zdOT8/e32f4+M4qaRONrMQjHA7O7Us2A0KKu+/46hPlPHRDuA8UInz85uQeMS +W9dbRl1oCbcNSZgfQ/lp9uqe8t9PZbM4fx/q8VtTN279f76T3bxyBD+y3teHELCI +0i79QJlKaM/XpYvFRMOzCX01LJuaM/MeXwYjY0Fqt/u7PNAt6VVsrtjpocHE76Cm +oZRHJxRJkdWM0wGScOroqFZlO2RlI0wpuCE5OI3vqO+KtBxIJj9Oe3a6s66q8TCe +q4zXBq606gZf2zMWpAmsrosAdc/q66G2elO/62ScnGzsvcDbOAu25LwFEWKf5wTH +AIUNlKYnH3NWgZ21HiIhBhyF7NhGKzcReTqINgu3tp7dv0UHq7x4QG/pWl8fDK7i +JvS6ZHsrkBnjcTbGk5qvcVTw8jxojlklpo+uAt5aZHGBgzNOskm8MN8Qri1NS9jY +XDSSrvlbUcfKSoQsJThycuQvoHr6Y4BSUKDhgsF0XpVgyAGt1QKCAQEA6pZcuJ24 +mXfOAhoJwNOYuTDIDoSAT1eUhaHshqYn48tFIYpgluprn1BbAPl2uP+0oTZDeB5A +jChWfLyvVlb/y7ZUMM46k9PLgRyng4p8vY6doi6VMUjma8UMj74Tah4pkTotUDc4 +nWICRdlAONlnF1umiz5VbBXXiyYhZRZS5uNtrwfEqH3vHHsluvZevXugkyuVEA2K +Fm2QkdtfDGdFaBtryX9pOWbIRU6/WamTiC8cze9/xLEYpkrK+5VLa1WWtx+Qxwom +FABulS6aoG4N8g//xNDI1QGafiOtqXvOj45oM8QmjRyBzRnREYu45MZubRCg56ty +kJTasGwjQaH0SwKCAQEAytVEeDsxjAWV7mYKQaptCe3uO5Vlmu0e7OTABhbEmhde +T/ld8mZu2gWKBvFs+SgoqQ7GqZzUYtJI7K4t5Gfrp5CTdpLYPFG2yYjXs/5auTZx +ioNQuUB3lnE2rCS2ZLjnjBBFYOF+lyeXzrUYy0zpYuk9VC4dEjJi6GbpXAfPSCT7 +EmpovUFfqLPawXmFR0qFaXWDyJB7TKnIgwpDYMc03NJrf4VokoXl5zFXmOJydaP1 +W0qDMGQPTYCi656OmRCmY/LwUWI9wsyDpOrgmeFkPjEEAOrLZufCbRhzw7UwXHJu +1CbfMFTnFwgqWfDb+NzSsYhGW9Xzoy5xdglMcPplFwKCAQAfXBRvFZ6M3YgrncF6 +Bo9fCldkIXBpquKO7rOI2INyn0TRlAcPhaz3ci2INtEZMA28k113nEuysN3G9Q5X +c2/kkq40jA0mn+SPkP4Pxp6gVIVcHfAR05YCCCiCur0rrXaPFIDkPU2TNHvrTHya +XO28IKNl7+JJfa3/ywwh0FcqyHJsOJSglZ02aHwFv1Ow7urrYaMer0CreOAfr3zI +UrHjle7V0/OEGeph4YIRAWtYhDvMh9zDtYz/BfaWpUGcyqdIOa8H/KJUgC5IQR+o +nK2+k0b0z5hZaUp23Fwl0QgvBrGFYg5pRMtRWMcrGkuQQbqXV+a6sZ+yFkQZ24rn +Bjh7AoIBAFlcNgsmQQDoYRKjv/cIJ3vNaDy16AqmVw6VBQhptXoRu4pOWZZ2jHXf +JN1ENfdbOvaoPNvy7RsQe/JSFoPfSNIM/vqpXTzN31LQx/9TmxKoKsOUcNb80PLl +s+mJTxX25IQvkvFIxyW+2sHFxUOkAdqC2XMh0cr3id3LoRnbkvW83SRS3wwqJgPE +ISdF63LqIPbCQCn3hWrUDjO1LNQRT3fN+HA5DUYoWY5OjcIcWcL8Vhc/L6b9HkTN +3Hkj5L0IudWk7T1do8oTohfhJsyEoU5I9/OTfcM7bcv0juP1CnZgL/WlnoTDkv/x +p/7x/2eXmfd/C0hgbTNCPdh75kKL/kcCggEBAJHla/41rmnsLV/jxyJTB3vLODYk +tozfkUQVSBKWxkt3iu6Cs3lYCPhsUEfM+QS5SPNEgdnZR9RNCY1bfAKbJjpXMXLZ +4qUa6rrVnmour4jra6vkLZ/mHeSJwLJAZ4sKg7Hm3alCEjFQKJRH2SCVJ+wZqm73 +RFJwwO53/f1ohNxVYfetBrfnf4FGMgm2dbz420F+Rav6CbouWjnGJc0hBZY7dwY7 +SE/0/4Ui6Bt+qvJXtDnsahUqhDPizeWr/TxPW5/f7LLkBaq7QLxBB3vMrsZ/47it +d8ZUM7W9VnCsMyIvGWIXA1q7ygvjDGvoiQVDgXnri2c1x4N/q6PWDBOwgZI= +-----END RSA PRIVATE KEY----- diff --git a/dehydrated/certs/vpn.ovalwonder.com/privkey-1605553735.pem b/dehydrated/certs/vpn.ovalwonder.com/privkey-1605553735.pem new file mode 100644 index 00000000..9c0fd950 --- /dev/null +++ b/dehydrated/certs/vpn.ovalwonder.com/privkey-1605553735.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEAraIJ2GZfWtQeb9kfonWISygikKoPP1TFfkVGI7UV1nefR319 +cGel4eQHs23ifpA3OI/SEN40lqlA0Cp499I/3jg6oK8POTy+D6vlMGfbOqaNE3zK +AYxTIIufmrAq/Fwj6ffAByzGBqAcX84t1Bn6ZWG41UQ3pnrSbzPqxuqnjpkth6ip +Hmg5ae+moeADrk6ap7SdilG3c7IEdQgDcRDgFB7kfGnk8c0u7AhASsJKqPhxxQqM +JFS5BX1WJYy4X0yfUsJDTfO9ZL02uxUj84VU6XAkdo9ev6FmyZ85yMmdtZNIZJgs +1fe1lIj1HQpsEpx99PLL9Zh+SKgVJoe/uzimh8mCgoXwR4IOEFIfdtM5XIQaYjnO +gUg4+NC1R2SnhDc5zVdmERDM1RkuibFPqFrn/vH+0UujNx/NADuuY4TbiIgeMAwZ +9pPj8QztW3ita3TlcahaMNt0983c3M2dlQIeWHAa4nMOETCAV/2VkleUWe+E7usT +iBEOu96Yd3V/jB6cjXU7FKHmlqvFByvbvHqOmOMor4xNIIi5mTaV/C7gtAvk7mws +C3+BE++hAb1G97NVGNnZSqb3W8lGBLXr0dLA8roOlk3quhpm/r7XzttUbpB9gRh1 +G61BfR9NsmGgt6bo4bM+TawhrUPTfReJ09BH9Bv91aMdUwPrVBvM6wRRbG8CAwEA +AQKCAgAUxsjqzgUm9y7VL2PrqqiuZZUNPmwopdoj6+Iir653RUUX5to1sxFUYFbT +j5iEkHkrGXqHbi9Yv9PzlMF41f2yd4P8ajYmITCU63q3OhYvhHJpHIuHd+USheKJ +Pf9Gxze87VpbAW6IqGv8ws0VDi66JuFZE5qdHyFDETFMsBNwqr+Z9gKWkt4b4QNN +Z2LJXrp+ysv3GyQagfiqkFTpGJ3XioLIqFsu2+B7edlHmMwaP/BNJZ/zUPf6wi6m +u5nsPVzrKDepgjrtbP65kCQHJbMtY6/ZR/qMb6G/CoB9mDJ44bDN6K+kwslFhsXd +vbuE1pjz0IG7V43037f4LlIw8uxqLHdYVj9ZeQ0ROxeaVM6cNaiO5Q9KVihEhYZR +dYCqyU8Eune+yXjYd6zyie027kwuBPIO+6kRlT8ejDMiaavcotUx5IkGJGnl0EGP +4UjKnntXV9rP6AXh3mA+N91ZvasGW7kI/VOPfcdi1WN55H00/ZT3GQYCh4asSwWJ +EH+ZVIX9Lgzx/gE0za8PY6wwJ8YQJG5nDBwMmR3/qmynav78db2X95JKbG5G+SbU +GZR97AzTiKSu9Sgift8L8WEd+DpVCyFa6gfuu6DstfEFkjYdcND98zKtMGnmionu +RDCnSsbszUTrOBl1dTPMI+Y4fjx9RNuWNRWpaz1B5JRHMWCw4QKCAQEA5roqOgU4 +c9Lw+4LWF93aQ/dpoodpkFq2QVkj2EROKOl+lrvFnNOZ8iclYzF1g0bk8c95a0B5 ++uVQ+F1F7JTTWkuxPnQDboB27Ir8H8bG07aVHLo1VN0kaRQ8Tt6NoZaMiM03AeKA +PKXrwl81mUxokUWacHtZH4QqKJpgje7h7+dcNXpkpji7gLINrwV24lOYKkP67dW5 +k+yKFvA42htmte90WuSU8sZpnlroRAq9tRPgIOnJxcGtTyKd22yRm5xBRMHq2h07 +JhqtT2zNiFPHW6E6yrRKXNoRNc4i14c8aL16ejmdxzE5XEcevrU75M0J5TZ2WxE9 +Yk7gmSBTKlNOKQKCAQEAwKbj9sp9DiXk5if5cmX8uYzJh5opGm+BxFj5DQDw6kfA +5TY8AUWfKK4iVZGq7PFU/FSPgyaREEAol8/SjQmWNYgsFyJekMnX8UQCJs1QXVk9 +dhMHxd2O9j63V8hQE4d4HNxNzh/aS0/9NsM3EoipZLZlUu13TKVouBZf1O+Z69+j +5WNSdSTJgtPese5eiVZcojhbvkq4mGWdcNtvpDb9IvdQgV9sqt65e7fsaRblr9FU +OgF4l9qdNTUiSSDMWRWBKVrWCodI6LARv+27CFJXdSgM+S7RWAHdgF3pDCBJ1loq +Cke5MovbK7wd2dSlWsRASWx0WRePGwcILg2voM2I1wKCAQB2BC9pMhZoGDOvUoMT +/iSQs1LTEZSLg/rJfkD5dCbOgnB/xVgVGZ8a368eB8Rl+7NLhKZEl9xM21MJVxxX +IODixOjKWykOMqOh5o2D63bz/+ZRpWV2HQ9suC8I4IltZ8ZGi0Fhs2uImg33hB+0 +ZALwm7udYVp65m1yC1TsBI6I2byulgY5h7dQ4sJhDdh7d+rTY6ZMVQ/xfAI+LW3H +ElD9KphHjbgqXhbUKwe3Fg9nOd1guHS+tIxjd/9qpyPrhodUFiR8oIsKuIaBo9OV +sdS9J8Ecwg9vYxN+hAwKVmAt6w1ky2fK5YDDlJVDUwxpwf8XwT3U4wKU8Getq30e +nzHRAoIBAGQRC83vpX9IzZmC3/283cWfTDqkJ390tem/8TUA7SIzvQ0R258pg59E +u87IiAjk3ajnX1fXG3heavdX2lypwxzxKz2k+4unXAQUuC1hbcHfDZ6cCeiLyas8 +Lk1pXbaXIhuTjtJnFyMRXEwqoBt/YsVOPFkTwWjNbhRYgtR+0+uB0YbfzT/NqOHM +nRq83tvlQN59+aFg/HskJOAvCtE4Qsn7vhRE9ZPXdm69vQ1k+E8XovEyPGpcAlZV +0AY+BAattdY+OXlkhclfUwjnOcP7yTOwZvSzjcdxyJTZsqg6yT+Ou9F1KcwIewI/ +hx3TZ0Q7Nc0tiU2RgCKgx23sa/JRcCcCggEAVYRS1PHFB0FnKttcbGVVwnhvN4KV +Pr48xdBzap6UBvkRTI7WAvaXHG5bA4BurA/vc6XgAkxJKjoIbIcti7AncfNqOJgx +Jl5kd14P/p3laEwWBXfVN6iiSHXVgsXyhQKxXjlCd6miWw3z5eMNcSboqKx2XecQ +3GqgAScTXg7TM70K2JbuniE3bvxQd2EREe9BnTUmGmIj+YqMSsn9CS7p6QRwwFf5 +4gn2s3/gs2pHb499ZqQ15kSnR7vqJ99z28vAsaGXFnJIUdFLGbX96U0rDmXpubHm +cwbp+hm3hJ704ciw4936CqZb/8n2ie4SpoHelAqC92/vDvqxrGOg7B27PA== +-----END RSA PRIVATE KEY----- diff --git a/letsencrypt/live/rss.natalieandjoshua.com/cert.pem b/letsencrypt/live/rss.natalieandjoshua.com/cert.pem index ca071d8f..9c1a30e6 120000 --- a/letsencrypt/live/rss.natalieandjoshua.com/cert.pem +++ b/letsencrypt/live/rss.natalieandjoshua.com/cert.pem @@ -1 +1 @@ -../../archive/rss.natalieandjoshua.com/cert5.pem \ No newline at end of file +../../archive/rss.natalieandjoshua.com/cert6.pem \ No newline at end of file diff --git a/letsencrypt/live/rss.natalieandjoshua.com/chain.pem b/letsencrypt/live/rss.natalieandjoshua.com/chain.pem index 0ddc4dad..40e8e087 120000 --- a/letsencrypt/live/rss.natalieandjoshua.com/chain.pem +++ b/letsencrypt/live/rss.natalieandjoshua.com/chain.pem @@ -1 +1 @@ -../../archive/rss.natalieandjoshua.com/chain5.pem \ No newline at end of file +../../archive/rss.natalieandjoshua.com/chain6.pem \ No newline at end of file diff --git a/letsencrypt/live/rss.natalieandjoshua.com/fullchain.pem b/letsencrypt/live/rss.natalieandjoshua.com/fullchain.pem index 3c8c5257..0f4e0e4f 120000 --- a/letsencrypt/live/rss.natalieandjoshua.com/fullchain.pem +++ b/letsencrypt/live/rss.natalieandjoshua.com/fullchain.pem @@ -1 +1 @@ -../../archive/rss.natalieandjoshua.com/fullchain5.pem \ No newline at end of file +../../archive/rss.natalieandjoshua.com/fullchain6.pem \ No newline at end of file diff --git a/letsencrypt/live/rss.natalieandjoshua.com/privkey.pem b/letsencrypt/live/rss.natalieandjoshua.com/privkey.pem index 76b2c1e2..7277acc6 120000 --- a/letsencrypt/live/rss.natalieandjoshua.com/privkey.pem +++ b/letsencrypt/live/rss.natalieandjoshua.com/privkey.pem @@ -1 +1 @@ -../../archive/rss.natalieandjoshua.com/privkey5.pem \ No newline at end of file +../../archive/rss.natalieandjoshua.com/privkey6.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi.natalieandjoshua.com/cert.pem b/letsencrypt/live/wifi.natalieandjoshua.com/cert.pem index 39ba2585..33411d7d 120000 --- a/letsencrypt/live/wifi.natalieandjoshua.com/cert.pem +++ b/letsencrypt/live/wifi.natalieandjoshua.com/cert.pem @@ -1 +1 @@ -../../archive/wifi.natalieandjoshua.com/cert7.pem \ No newline at end of file +../../archive/wifi.natalieandjoshua.com/cert8.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi.natalieandjoshua.com/chain.pem b/letsencrypt/live/wifi.natalieandjoshua.com/chain.pem index c08c1424..047aff76 120000 --- a/letsencrypt/live/wifi.natalieandjoshua.com/chain.pem +++ b/letsencrypt/live/wifi.natalieandjoshua.com/chain.pem @@ -1 +1 @@ -../../archive/wifi.natalieandjoshua.com/chain7.pem \ No newline at end of file +../../archive/wifi.natalieandjoshua.com/chain8.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi.natalieandjoshua.com/fullchain.pem b/letsencrypt/live/wifi.natalieandjoshua.com/fullchain.pem index 626fae8c..bacc18f7 120000 --- a/letsencrypt/live/wifi.natalieandjoshua.com/fullchain.pem +++ b/letsencrypt/live/wifi.natalieandjoshua.com/fullchain.pem @@ -1 +1 @@ -../../archive/wifi.natalieandjoshua.com/fullchain7.pem \ No newline at end of file +../../archive/wifi.natalieandjoshua.com/fullchain8.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi.natalieandjoshua.com/privkey.pem b/letsencrypt/live/wifi.natalieandjoshua.com/privkey.pem index 245618f1..abbc173b 120000 --- a/letsencrypt/live/wifi.natalieandjoshua.com/privkey.pem +++ b/letsencrypt/live/wifi.natalieandjoshua.com/privkey.pem @@ -1 +1 @@ -../../archive/wifi.natalieandjoshua.com/privkey7.pem \ No newline at end of file +../../archive/wifi.natalieandjoshua.com/privkey8.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi2.natalieandjoshua.com/cert.pem b/letsencrypt/live/wifi2.natalieandjoshua.com/cert.pem index d078cd43..3af9e8a0 120000 --- a/letsencrypt/live/wifi2.natalieandjoshua.com/cert.pem +++ b/letsencrypt/live/wifi2.natalieandjoshua.com/cert.pem @@ -1 +1 @@ -../../archive/wifi2.natalieandjoshua.com/cert6.pem \ No newline at end of file +../../archive/wifi2.natalieandjoshua.com/cert7.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi2.natalieandjoshua.com/chain.pem b/letsencrypt/live/wifi2.natalieandjoshua.com/chain.pem index 4cff6323..49265c70 120000 --- a/letsencrypt/live/wifi2.natalieandjoshua.com/chain.pem +++ b/letsencrypt/live/wifi2.natalieandjoshua.com/chain.pem @@ -1 +1 @@ -../../archive/wifi2.natalieandjoshua.com/chain6.pem \ No newline at end of file +../../archive/wifi2.natalieandjoshua.com/chain7.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi2.natalieandjoshua.com/fullchain.pem b/letsencrypt/live/wifi2.natalieandjoshua.com/fullchain.pem index ed36a31a..e887be99 120000 --- a/letsencrypt/live/wifi2.natalieandjoshua.com/fullchain.pem +++ b/letsencrypt/live/wifi2.natalieandjoshua.com/fullchain.pem @@ -1 +1 @@ -../../archive/wifi2.natalieandjoshua.com/fullchain6.pem \ No newline at end of file +../../archive/wifi2.natalieandjoshua.com/fullchain7.pem \ No newline at end of file diff --git a/letsencrypt/live/wifi2.natalieandjoshua.com/privkey.pem b/letsencrypt/live/wifi2.natalieandjoshua.com/privkey.pem index 40b9af0b..e891cdb8 120000 --- a/letsencrypt/live/wifi2.natalieandjoshua.com/privkey.pem +++ b/letsencrypt/live/wifi2.natalieandjoshua.com/privkey.pem @@ -1 +1 @@ -../../archive/wifi2.natalieandjoshua.com/privkey6.pem \ No newline at end of file +../../archive/wifi2.natalieandjoshua.com/privkey7.pem \ No newline at end of file diff --git a/letsencrypt/renewal/pihole-f.natalieandjoshua.com.conf b/letsencrypt/renewal/pihole-f.natalieandjoshua.com.conf new file mode 100644 index 00000000..cb31f332 --- /dev/null +++ b/letsencrypt/renewal/pihole-f.natalieandjoshua.com.conf @@ -0,0 +1,16 @@ +# renew_before_expiry = 30 days +version = 0.31.0 +archive_dir = /etc/letsencrypt/archive/pihole-f.natalieandjoshua.com +cert = /etc/letsencrypt/live/pihole-f.natalieandjoshua.com/cert.pem +privkey = /etc/letsencrypt/live/pihole-f.natalieandjoshua.com/privkey.pem +chain = /etc/letsencrypt/live/pihole-f.natalieandjoshua.com/chain.pem +fullchain = /etc/letsencrypt/live/pihole-f.natalieandjoshua.com/fullchain.pem + +# Options used in the renewal process +[renewalparams] +account = 4ed239f71d556bd527113d48faaa1c1b +authenticator = webroot +webroot_path = /var/www/letsencrypt, +server = https://acme-v02.api.letsencrypt.org/directory +[[webroot_map]] +pihole-f.natalieandjoshua.com = /var/www/letsencrypt diff --git a/letsencrypt/renewal/pihole-s.natalieandjoshua.com.conf b/letsencrypt/renewal/pihole-s.natalieandjoshua.com.conf new file mode 100644 index 00000000..62ef96f4 --- /dev/null +++ b/letsencrypt/renewal/pihole-s.natalieandjoshua.com.conf @@ -0,0 +1,15 @@ +# renew_before_expiry = 30 days +version = 0.31.0 +archive_dir = /etc/letsencrypt/archive/pihole-s.natalieandjoshua.com +cert = /etc/letsencrypt/live/pihole-s.natalieandjoshua.com/cert.pem +privkey = /etc/letsencrypt/live/pihole-s.natalieandjoshua.com/privkey.pem +chain = /etc/letsencrypt/live/pihole-s.natalieandjoshua.com/chain.pem +fullchain = /etc/letsencrypt/live/pihole-s.natalieandjoshua.com/fullchain.pem + +# Options used in the renewal process +[renewalparams] +account = 4ed239f71d556bd527113d48faaa1c1b +authenticator = webroot +server = https://acme-v02.api.letsencrypt.org/directory +[[webroot_map]] +pihole-s.natalieandjoshua.com = /var/www/letsencrypt diff --git a/letsencrypt/renewal/rss.natalieandjoshua.com.conf b/letsencrypt/renewal/rss.natalieandjoshua.com.conf index 9682713a..570b06d7 100644 --- a/letsencrypt/renewal/rss.natalieandjoshua.com.conf +++ b/letsencrypt/renewal/rss.natalieandjoshua.com.conf @@ -1,5 +1,5 @@ # renew_before_expiry = 30 days -version = 0.27.0 +version = 0.31.0 archive_dir = /etc/letsencrypt/archive/rss.natalieandjoshua.com cert = /etc/letsencrypt/live/rss.natalieandjoshua.com/cert.pem privkey = /etc/letsencrypt/live/rss.natalieandjoshua.com/privkey.pem @@ -8,6 +8,9 @@ fullchain = /etc/letsencrypt/live/rss.natalieandjoshua.com/fullchain.pem # Options used in the renewal process [renewalparams] -authenticator = standalone +authenticator = webroot account = 4ed239f71d556bd527113d48faaa1c1b server = https://acme-v02.api.letsencrypt.org/directory +webroot_path = /var/www/letsencrypt, +[[webroot_map]] +rss.natalieandjoshua.com = /var/www/letsencrypt diff --git a/letsencrypt/renewal/rush.natalieandjoshua.com.conf b/letsencrypt/renewal/rush.natalieandjoshua.com.conf new file mode 100644 index 00000000..bd232722 --- /dev/null +++ b/letsencrypt/renewal/rush.natalieandjoshua.com.conf @@ -0,0 +1,16 @@ +# renew_before_expiry = 30 days +version = 0.31.0 +archive_dir = /etc/letsencrypt/archive/rush.natalieandjoshua.com +cert = /etc/letsencrypt/live/rush.natalieandjoshua.com/cert.pem +privkey = /etc/letsencrypt/live/rush.natalieandjoshua.com/privkey.pem +chain = /etc/letsencrypt/live/rush.natalieandjoshua.com/chain.pem +fullchain = /etc/letsencrypt/live/rush.natalieandjoshua.com/fullchain.pem + +# Options used in the renewal process +[renewalparams] +account = 4ed239f71d556bd527113d48faaa1c1b +authenticator = webroot +webroot_path = /var/www/letsencrypt, +server = https://acme-v02.api.letsencrypt.org/directory +[[webroot_map]] +rush.natalieandjoshua.com = /var/www/letsencrypt diff --git a/letsencrypt/renewal/wifi.natalieandjoshua.com.conf b/letsencrypt/renewal/wifi.natalieandjoshua.com.conf index 2e5c521c..32fa3784 100644 --- a/letsencrypt/renewal/wifi.natalieandjoshua.com.conf +++ b/letsencrypt/renewal/wifi.natalieandjoshua.com.conf @@ -1,5 +1,5 @@ # renew_before_expiry = 30 days -version = 0.27.0 +version = 0.31.0 archive_dir = /etc/letsencrypt/archive/wifi.natalieandjoshua.com cert = /etc/letsencrypt/live/wifi.natalieandjoshua.com/cert.pem privkey = /etc/letsencrypt/live/wifi.natalieandjoshua.com/privkey.pem @@ -8,6 +8,9 @@ fullchain = /etc/letsencrypt/live/wifi.natalieandjoshua.com/fullchain.pem # Options used in the renewal process [renewalparams] -authenticator = standalone +authenticator = webroot account = 4ed239f71d556bd527113d48faaa1c1b server = https://acme-v02.api.letsencrypt.org/directory +webroot_path = /var/www/letsencrypt, +[[webroot_map]] +wifi.natalieandjoshua.com = /var/www/letsencrypt diff --git a/letsencrypt/renewal/wifi2.natalieandjoshua.com.conf b/letsencrypt/renewal/wifi2.natalieandjoshua.com.conf index 8a89cc4a..f2408189 100644 --- a/letsencrypt/renewal/wifi2.natalieandjoshua.com.conf +++ b/letsencrypt/renewal/wifi2.natalieandjoshua.com.conf @@ -1,5 +1,5 @@ # renew_before_expiry = 30 days -version = 0.27.0 +version = 0.31.0 archive_dir = /etc/letsencrypt/archive/wifi2.natalieandjoshua.com cert = /etc/letsencrypt/live/wifi2.natalieandjoshua.com/cert.pem privkey = /etc/letsencrypt/live/wifi2.natalieandjoshua.com/privkey.pem @@ -8,6 +8,9 @@ fullchain = /etc/letsencrypt/live/wifi2.natalieandjoshua.com/fullchain.pem # Options used in the renewal process [renewalparams] -authenticator = standalone +authenticator = webroot account = 4ed239f71d556bd527113d48faaa1c1b server = https://acme-v02.api.letsencrypt.org/directory +webroot_path = /var/www/letsencrypt, +[[webroot_map]] +wifi2.natalieandjoshua.com = /var/www/letsencrypt diff --git a/nginx/sites-enabled/default b/nginx/sites-enabled/default deleted file mode 120000 index ad35b834..00000000 --- a/nginx/sites-enabled/default +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/default \ No newline at end of file diff --git a/nginx/sites-enabled/default b/nginx/sites-enabled/default new file mode 100644 index 00000000..8127a8e6 --- /dev/null +++ b/nginx/sites-enabled/default @@ -0,0 +1,103 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + return 301 https://$host$request_uri; + } +location ~ /.well-known/ { + allow all; + # Set correct content type. According to this: + # https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29 + # Current specification requires "text/plain" or no content header at all. + # It seems that "text/plain" is a safe option. + default_type "text/plain"; + + # This directory must be the same as in /etc/letsencrypt/cli.ini + # as "webroot-path" parameter. Also don't forget to set "authenticator" parameter + # there to "webroot". + # Do NOT use alias, use root! Target directory is located here: + # /var/www/common/letsencrypt/.well-known/acme-challenge/ + root /var/www/letsencrypt; +} + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/nginx/sites-enabled/novnc b/nginx/sites-enabled/novnc deleted file mode 120000 index 4d7a6229..00000000 --- a/nginx/sites-enabled/novnc +++ /dev/null @@ -1 +0,0 @@ -../sites-available/novnc \ No newline at end of file diff --git a/nginx/sites-enabled/novnc b/nginx/sites-enabled/novnc new file mode 100644 index 00000000..3a1bcc0f --- /dev/null +++ b/nginx/sites-enabled/novnc @@ -0,0 +1,74 @@ +upstream vnc_proxy { + server mnemosyne.natalieandjoshua.com:6080; +} + +server { + listen 443; + server_name vpn.ovalwonder.com; + location /websockify { + proxy_http_version 1.1; + proxy_pass http://vnc_proxy/; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # VNC connection timeout + proxy_read_timeout 61s; + + # Disable cache + proxy_buffering off; + } + + location / { + proxy_pass http://vnc_proxy/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + +location /wetty { + proxy_pass http://127.0.0.1:9123/wetty; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 2073600; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; +} + +location ^~ /munin-cgi/munin-cgi-graph/ { + fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:/var/run/munin/fastcgi-graph.sock; + include fastcgi_params; +} +location /munin/static/ { + alias /etc/munin/static/; + +} + +location /squeeze { + proxy_pass http://pippen:9000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 2073600; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; +} +location /munin/ { + proxy_pass http://localhost:4948/; + +} + + ssl on; + ssl_certificate /etc/letsencrypt/live/vpn.ovalwonder.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/vpn.ovalwonder.com/privkey.pem; + ssl_protocols TLSv1.2; + +} diff --git a/nginx/sites-enabled/pihole b/nginx/sites-enabled/pihole deleted file mode 120000 index 97b2e913..00000000 --- a/nginx/sites-enabled/pihole +++ /dev/null @@ -1 +0,0 @@ -../sites-available/pihole \ No newline at end of file diff --git a/nginx/sites-enabled/pihole b/nginx/sites-enabled/pihole new file mode 100644 index 00000000..c0a4e0b9 --- /dev/null +++ b/nginx/sites-enabled/pihole @@ -0,0 +1,72 @@ +server { + listen 443 ssl; + server_name pihole-s.natalieandjoshua.com; + root /var/www/html; + index index.php index.html index.htm; + ssl_certificate /etc/letsencrypt/live/pihole-s.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pihole-s.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2 TLSv1 TLSv1.1; + + error_log /var/log/nginx/pihole-s.error; + access_log /var/log/nginx/pihole-s.access; + + location / { + try_files $uri $uri/ =404; + } + + + autoindex off; + + index pihole/index.php index.php index.html index.htm; + + + location /*.js { + index pihole/index.js; + } + + location /admin { + root /var/www/html; + index index.php index.html index.htm; + } + + location ~ /\.ht { + deny all; + } + + location ~* \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_pass unix:/run/php/php7.3-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + } + +} + + +upstream pihole-f_proxy { + server frodo.natalieandjoshua.com:80; +} + +server { + listen 443; + server_name pihole-f.natalieandjoshua.com; + + location / { + proxy_pass http://pihole-f_proxy/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } + + + ssl on; + ssl_certificate /etc/letsencrypt/live/pihole-f.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/pihole-f.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2; + +} diff --git a/nginx/sites-enabled/rss b/nginx/sites-enabled/rss deleted file mode 120000 index 225a34ca..00000000 --- a/nginx/sites-enabled/rss +++ /dev/null @@ -1 +0,0 @@ -../sites-available/rss \ No newline at end of file diff --git a/nginx/sites-enabled/rss b/nginx/sites-enabled/rss new file mode 100644 index 00000000..98e0f6fd --- /dev/null +++ b/nginx/sites-enabled/rss @@ -0,0 +1,37 @@ +server { + listen 443 ssl; + server_name rss.natalieandjoshua.com; + root /var/www/html; + index index.php index.html index.htm; + ssl_certificate /etc/letsencrypt/live/rss.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/rss.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2 TLSv1 TLSv1.1; + + error_log /var/log/nginx/rss.error; + access_log /var/log/nginx/rss.access; + + location / { + try_files $uri $uri/ =404; + } + + + + index index.php index.html index.htm; + + + location ~ /\.ht { + deny all; + } + + location ~* \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_pass unix:/run/php/php7.3-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_buffer_size 16k; + fastcgi_buffers 4 16k; + } + +} diff --git a/nginx/sites-enabled/rush b/nginx/sites-enabled/rush deleted file mode 120000 index f9d25075..00000000 --- a/nginx/sites-enabled/rush +++ /dev/null @@ -1 +0,0 @@ -../sites-available/rush \ No newline at end of file diff --git a/nginx/sites-enabled/rush b/nginx/sites-enabled/rush new file mode 100644 index 00000000..49efd0ca --- /dev/null +++ b/nginx/sites-enabled/rush @@ -0,0 +1,33 @@ +server { + listen 443 ssl; + server_name rush.natalieandjoshua.com; + root /var/www/rush; + index index.php index.html index.htm; + ssl_certificate /etc/letsencrypt/live/rush.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/rush.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2 TLSv1 TLSv1.1; + + location ~ ^.*/(?P[^/]+\.(mp3))$ { + add_header Content-Disposition 'attachment; filename="$request_basename"'; + } + error_log /var/log/nginx/rush.error; + access_log /var/log/nginx/rush.access; + + location / { + try_files $uri $uri/ /index.php; + } + +} +server { + listen 443 ssl; + server_name 5f3b42dd7a0ab1cb.natalieandjoshua.com; + return 301 https://rush.natalieandjoshua.com$request_uri; + ssl_certificate /etc/letsencrypt/live/5f3b42dd7a0ab1cb.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/5f3b42dd7a0ab1cb.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2 TLSv1 TLSv1.1; + + error_log /var/log/nginx/rush.error; + access_log /var/log/nginx/rush.access; + + +} diff --git a/nginx/sites-enabled/wifi b/nginx/sites-enabled/wifi deleted file mode 120000 index 4a2c548a..00000000 --- a/nginx/sites-enabled/wifi +++ /dev/null @@ -1 +0,0 @@ -../sites-available/wifi \ No newline at end of file diff --git a/nginx/sites-enabled/wifi b/nginx/sites-enabled/wifi new file mode 100644 index 00000000..149d0255 --- /dev/null +++ b/nginx/sites-enabled/wifi @@ -0,0 +1,23 @@ +upstream wifi_proxy { + server frodo.natalieandjoshua.com:80; +} + +server { + listen 443; + server_name wifi.natalieandjoshua.com; + + location / { + proxy_pass http://wifi_proxy/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } + + + ssl on; + ssl_certificate /etc/letsencrypt/live/wifi.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wifi.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2; + +} diff --git a/nginx/sites-enabled/wifi2 b/nginx/sites-enabled/wifi2 deleted file mode 120000 index 4111418e..00000000 --- a/nginx/sites-enabled/wifi2 +++ /dev/null @@ -1 +0,0 @@ -../sites-available/wifi2 \ No newline at end of file diff --git a/nginx/sites-enabled/wifi2 b/nginx/sites-enabled/wifi2 new file mode 100644 index 00000000..f636a323 --- /dev/null +++ b/nginx/sites-enabled/wifi2 @@ -0,0 +1,25 @@ +upstream wifi2_proxy { + server 10.42.42.47:80; +# server ori.natalieandjoshua.com:80; +# server thorin.natalieandjoshua.com:80; +} + +server { + listen 443; + server_name wifi2.natalieandjoshua.com; + + location / { + proxy_pass http://10.42.42.47:80/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } + + + ssl on; + ssl_certificate /etc/letsencrypt/live/wifi2.natalieandjoshua.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wifi2.natalieandjoshua.com/privkey.pem; + ssl_protocols TLSv1.2; + +} diff --git a/pihole/gravity.db b/pihole/gravity.db index 56c2c608..83e2c814 100644 Binary files a/pihole/gravity.db and b/pihole/gravity.db differ diff --git a/pihole/setupVars.conf b/pihole/setupVars.conf index 0b3d0019..02c0753b 100644 --- a/pihole/setupVars.conf +++ b/pihole/setupVars.conf @@ -6,7 +6,6 @@ DNS_BOGUS_PRIV=false DNSSEC=false CONDITIONAL_FORWARDING=false HOSTRECORD=vpn.ovalwonder.com,10.3.14.92 -BLOCKING_ENABLED=true PIHOLE_INTERFACE=eth0 IPV4_ADDRESS=10.3.14.92/10 IPV6_ADDRESS= @@ -16,3 +15,4 @@ QUERY_LOGGING=true INSTALL_WEB_SERVER=false INSTALL_WEB_INTERFACE=true LIGHTTPD_ENABLED=false +BLOCKING_ENABLED=true