wip

server/README.md

@@ -0,0 +1,67 @@
+# fresh install
+
+## Install required apps
+```
+apt install git composer php8.1-curl -y
+```
+
+## Set-Up the SSL folder to keep things together
+
+```
+mkdir /etc/nginx/ssl/
+```
+
+- Now That you have the directory created, copy the `.key` and `.pem` files into the newly made ssl folder on the server.
+- You will then need to modify the filer ownership and permissions
+
+```
+chmod -R 655 /etc/nginx/ssl
+chown -R www-data:www-data /etc/nginx/ssl
+```
+
+## Add configs for the site
+
+- First, copy `ttp.conf` into the `/etc/nginx/snippets/` folder.
+- Next, copy the `tabletopelite.com.conf` file into the `/etc/nginx/sites-available/` folder.
+- The next block will acomplish a few things: backup the old config, enable the new config, disable the old config, and restart the server.
+```
+mkdir /etc/nginx/sites-available/old/
+sudo mv /etc/nginx/sites-available/* /etc/nginx/sites-available/old/
+sudo ln -s /etc/nginx/sites-available/tabletopelite.com.conf /etc/nginx/sites-enabled/tabletopelite.com.conf
+sudo rm -rf /etc/nginx/sites-enabled/*
+sudo systemctl restart nginx.service
+```
+
+## Set-Up the files
+
+```
+cd /var/www/
+git config --global credential.helper store
+git clone https://git.thetempusproject.com/tabletopelite/tabletopelite.com.git tabletopelite.com
+git fetch
+git checkout production
+```
+
+_You will be prompted for git creds, use the creds shared below_
+
+```
+git config --global --add safe.directory /var/www/tabletopelite.com
+git config --global --add safe.directory /var/www/tabletopelite.com/vendor/tabletopelite/hermes
+git config --global user.name "Production Server"
+git config --global user.email webmaster@tabletopelite.com
+cd tabletopelite.com
+composer install
+chmod -R 777 .
+chown -R www-data:www-data .
+```
+
+#### GitLab Credentials:
+
+User: `root`\
+Password: `rdFtVPhzlu6u6orxN4NAsbgAE4AyqZPTXPXQTleyA5I=`
+
+#### Logging
+
+```
+tail -f /var/log/nginx/*.log
+```

server/tabletopelite.com.conf

@@ -0,0 +1,36 @@
+# upstream to abstract backend connection(s) for php 
+upstream php { 
+    server unix:/run/php/php8.1-fpm.sock;
+}
+server {
+    listen 80;
+    listen [::]:80;
+        server_name tabletopelite.com;
+        include snippets/well-known;
+    return 301 https://$host$request_uri;
+}
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    server_name tabletopelite.com;
+    include snippets/ssl-params.conf;
+    root           /var/www/tabletopelite.com;
+    index          index.php;
+
+    # max php upload size
+    client_max_body_size 100M;
+  
+    # disable direcory indexing
+    autoindex off;
+
+    # custom TTP code
+    include snippets/ttp.conf;
+
+    location ~* \.php$ {
+      fastcgi_pass php;
+      include         fastcgi_params;
+      fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+      include fastcgi_params;
+      fastcgi_intercept_errors on;
+    }
+}

server/tabletopelite.com.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDjrOt2qp1aP2ai
+X+eg+kw4viSrZGj6QdZQG8DEnr5ILF4JgngJOZeVeOSWI9zSQW/rkyv2lR1brNft
+3fpCdnJNLjLhGqpDqf8NAoADy9Qa8vXsPAR/8aQ5FmEVP5flGTmzY/9wPyZpPW0u
+pffwCdP7v7kxXxEwXDY6q4UzvyUpocdbrQqqX/YvuC+aKrPSk7TDg/WdSgpq2XQh
+5tRtbtbeXn8BYzgZeSEtw6wVVN3ZDWzizg0qB+Jn1P9GABqAY8aKFZmds1gNrfre
+sOqfe8Tjiak/HHPsJCQ6NLN0n0woZmM359DppnSRl9tX3xkHfBD7JOg44YJb0S3K
+cDcfad0DAgMBAAECggEAI3LdBpDyBwcwF8AO9IWEMKGKXBU6MxzlHXv0u6hrwBkI
+WzqxLd6Ft4QnMylKTIJbxrYXdkEpXQjAZgzV1ltS2KmEyn+4WuixCXmGLREjaT7D
+A5EksjcRdsIBQ6mvIMCYt1Guh++NL32c7lJxFDKzitMDJqjCqGDzIJdsGe58/soi
+aanRRZwg1THcMqEW9fVyqWgyt9eTPRsCysIVSElxfyoBBKZXgSHqOPGhpcO8Wn86
+KIKourtXQq90J2ATv9oB9fVMQVA/kg7YZfL0YHX8mnEacvnjbbYkB1c6EoqTBFOh
+Nh7bGiIXAJK8Hd6VU20aKygoHabj5eDzJGEHn4EBIQKBgQD2vrv4OHtx8Hcdz5n3
+atPekd/E5x34alC0V7djQBvAHYcvRf/soiHI12fb8NBaRt3KMOu61zKlYlfmhmzo
+6MeP9fmDFnCtxJLAwbJfp1Q7jz7dLYZXzyfGngjhCN58koBMGOjlMxo7GU276jhq
+9NJ68xFgk0rCgJvPUijZ/SredQKBgQDsNxPr0sxe4fV4CdsOt+vGkU5ir7EpRFD0
+oZ7u3BIdqZJdUDolchZVJ5kQSIJ0KTpBqQhS/btl0G8tP+ugYi2t5h3WvSMh2ScB
+y5/aD+D2M4jK9nuObNPHi6Gzd8d+1EB4N/tgsxsZMJgUX9XD/++XoXUXToHwAZ9Q
+4401lNVOlwKBgQDJhiJTqx33gyRmbqYbk16Ti6StVu39dCeSA4o+P5/qmrNMgulx
+RUI+nN+wnNAuy25dsvL02Mn+lYGhP+03lNdY1tcAn5VL9x682/ZpdWqwcmAvmPz+
+Pq0H5Q7vbKT6LVUn0bh1afVki1gXwEZv5KD71gY9UE9g6FVZUIsY71LR+QKBgQDI
+gPPy76q0O17ONqdvteR3V23OzM03dxq0m9+5Zqol7YMkm+3PTSjxvTvqm3HIQhqG
+E4HSWDfSc3t7UE+kgtG9U6AuX7tLhvTaTEpyoZnVweaySUiVm4CkV7y5BsoauPXE
+VdiVu1IcLqhYWwSrazqnXdBzKRuYavgdhBmfyqbJHwKBgQDjFuEBgPZhqYYX4oVN
+iWq0srFqFIjg2LILKh/RDs9qx6Nv7HNeDBtYa/kDcCoKDvsI4R0zDcX0OerYLHv+
+iGDkMIEJ4gm36iINryWpmHE4MXx5HhLsq9UqypMAEbPPvhbsrO2ZirFxklyhQ8Nw
+yclilDs5JOxNYgAysjoWR2YO4w==
+-----END PRIVATE KEY-----

server/tabletopelite.com.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIErjCCA5agAwIBAgIUAYMRpN+9iKLSF6AfWFDLpb6BRawwDQYJKoZIhvcNAQEL
+BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
+MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MB4XDTI0MDgxNjA5MzkwMFoXDTM5MDgxMzA5MzkwMFowYjEZMBcGA1UEChMQQ2xv
+dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
+BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46zrdqqdWj9mol/noPpMOL4kq2Ro+kHWUBvA
+xJ6+SCxeCYJ4CTmXlXjkliPc0kFv65Mr9pUdW6zX7d36QnZyTS4y4RqqQ6n/DQKA
+A8vUGvL17DwEf/GkORZhFT+X5Rk5s2P/cD8maT1tLqX38AnT+7+5MV8RMFw2OquF
+M78lKaHHW60Kql/2L7gvmiqz0pO0w4P1nUoKatl0IebUbW7W3l5/AWM4GXkhLcOs
+FVTd2Q1s4s4NKgfiZ9T/RgAagGPGihWZnbNYDa363rDqn3vE44mpPxxz7CQkOjSz
+dJ9MKGZjN+fQ6aZ0kZfbV98ZB3wQ+yToOOGCW9EtynA3H2ndAwIDAQABo4IBMDCC
+ASwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTW4vKXg4SbtGpF+7kcJ+UmpElZ5jAf
+BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
+MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
+YTAxBgNVHREEKjAoghMqLnRhYmxldG9wZWxpdGUuY29tghF0YWJsZXRvcGVsaXRl
+LmNvbTA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmNsb3VkZmxhcmUuY29t
+L29yaWdpbl9jYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAIusxUSTtM8xuxUvmj0D
+dlRZah0mlAyOZIowHbOMbY+b0KlauXPG5da2dXyo4M6QBTRDZAYvGKnItAOM3jwT
+5tezpuDRnMDt/ANqJzVw85AjonSkS9jVm/EXOxWhBEdyDewTCAn+F7meFg34l5L9
+bGH11OiNEmRNYtNSrh/mKZ5YDKwzVP7DbzWrd6iEu4FmnSzX0DbMr5fDaiFlF8OJ
+J7ZMhsWD5pFAZqeqcAytcpPSLxkrDInv9xqzyB4YJ7MfGOddchsLMdGCRDpvHybg
+X3LP1B6SXDsqz4FDw9C49c8ay9cRwATgEwaynpv9fTqyyNV07b/ZQ8YOhlGEqVpt
+STQ=
+-----END CERTIFICATE-----

server/ttp.conf

@@ -0,0 +1,74 @@
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-Content-Type-Options "nosniff";
+
+access_log /var/log/nginx/access.log;
+error_log /var/log/nginx/error.log;
+
+index index.php;
+
+charset utf-8;
+
+error_page 404 /index.php;
+
+ssl_certificate /etc/nginx/ssl/tabletopelite.com.pem;
+ssl_certificate_key /etc/nginx/ssl/tabletopelite.com.key;
+
+location = /favicon.ico {
+    log_not_found off;
+    access_log off;
+}
+ 
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
+
+location ~ /\.(?!well-known).* {
+    deny all;
+}
+
+location ~ /\.ht {
+    deny all;
+}
+
+location ~ ^/(doc|sql|setup)/ {
+    deny all;
+}
+
+location ~ /\. {
+    deny all;
+}
+
+location ~* \.(?:js|css|png|jpg|gif|ico|woff|ttf|woff2)$ {
+    access_log off;
+    log_not_found off;
+}
+
+location /js/ {
+    access_log off;
+    log_not_found off;
+    try_files $uri /index.php?error=js404&file=$uri;
+}
+
+location /css/ {
+    access_log off;
+    log_not_found off;
+    try_files $uri /index.php?error=css404&file=$uri;
+}
+
+location /images/ {
+    try_files $uri /index.php?error=image404&url=$uri;
+}
+
+location /uploads/ {
+    try_files $uri /index.php?error=upload404&url=$uri;
+}
+
+location /errors/ {
+    try_files $uri /index.php?error=$uri;
+}
+
+location / {
+    rewrite ^/(.+)$ /index.php?url=$1&$args;
+}