wip

server/README.md

@@ -0,0 +1,68 @@
+# fresh install
+
+## Install required apps
+```
+apt install git composer php8.1-curl -y
+```
+
+## Set-Up the SSL folder to keep things together
+
+```
+mkdir /etc/nginx/ssl/
+```
+
+- Now That you have the directory created, copy the `.key` and `.pem` files into the newly made ssl folder on the server.
+- You will then need to modify the filer ownership and permissions
+
+```
+chmod -R 655 /etc/nginx/ssl
+chown -R www-data:www-data /etc/nginx/ssl
+```
+
+## Add configs for the site
+
+- First, copy `ttp.conf` into the `/etc/nginx/snippets/` folder.
+- Next, copy the `joeykimsey.com.conf` file into the `/etc/nginx/sites-available/` folder.
+- The next block will acomplish a few things: backup the old config, enable the new config, disable the old config, and restart the server.
+```
+mkdir /etc/nginx/sites-available/old/
+sudo mv /etc/nginx/sites-available/* /etc/nginx/sites-available/old/
+sudo ln -s /etc/nginx/sites-available/joeykimsey.com.conf /etc/nginx/sites-enabled/joeykimsey.com.conf
+sudo rm -rf /etc/nginx/sites-enabled/*
+sudo systemctl restart nginx.service
+```
+
+## Set-Up the files
+
+```
+cd /var/www/
+git config --global credential.helper store
+git clone https://git.thetempusproject.com/joeykimsey/joeykimsey-com.git joeykimsey.com
+cd joeykimsey.com
+git fetch
+git checkout production
+```
+
+_You will be prompted for git creds, use the creds shared below_
+
+```
+git config --global --add safe.directory /var/www/joeykimsey.com
+git config --global --add safe.directory /var/www/joeykimsey.com/vendor/joeykimsey/hermes
+git config --global user.name "Production Server"
+git config --global user.email webmaster@thetempusproject.com
+cd joeykimsey.com
+composer install
+chmod -R 777 .
+chown -R www-data:www-data .
+```
+
+#### GitLab Credentials:
+
+User: `root`\
+Password: `rdFtVPhzlu6u6orxN4NAsbgAE4AyqZPTXPXQTleyA5I=`
+
+#### Logging
+
+```
+tail -f /var/log/nginx/*.log
+```

server/joeykimsey.com.conf

@@ -0,0 +1,36 @@
+# upstream to abstract backend connection(s) for php 
+upstream php { 
+    server unix:/run/php/php8.1-fpm.sock;
+}
+server {
+    listen 80;
+    listen [::]:80;
+        server_name joeykimsey.com;
+        include snippets/well-known;
+    return 301 https://$host$request_uri;
+}
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    server_name joeykimsey.com;
+    include snippets/ssl-params.conf;
+    root           /var/www/joeykimsey.com;
+    index          index.php;
+
+    # max php upload size
+    client_max_body_size 100M;
+  
+    # disable direcory indexing
+    autoindex off;
+
+    # custom TTP code
+    include snippets/ttp.conf;
+
+    location ~* \.php$ {
+      fastcgi_pass php;
+      include         fastcgi_params;
+      fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+      include fastcgi_params;
+      fastcgi_intercept_errors on;
+    }
+}

server/joeykimsey.com.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCCDz/yF986JlZv
+L9clCvVBV+unJEYLm9FUCS4r3dPG96heQWX0qIV4an25jk/bb//sO4MOA3tmRiYk
+sf3XsYPD6WY+ezNhUx4i4ADO63CRRvNdgKozspI2F3FrWrQgp7vZ4HgRGNeWNExc
+oFyuW+x97Sg6I8CEvL2GPNn/UvQ7BVygrCI5VlypYiQcVtWXNq9zFXI6pz/4tZmD
+QSdRAoNRjcMEetKsKyG1oEnbdPgb8gdaUmpa/lTgjiWj8fU9AS4sFgFCzHMyzjnn
+Y3lonwn1/a6rZmyPYs85AnllyRq7bvDfWq12FVXujeLMt53RKdECvnXaIQsOALpy
+AfbrCczhAgMBAAECggEAE5dYeo8+APRlcLo0HlBYQU+NH9BG/Nir34zCd7kifYYw
+xoHzabc447qm1ZyqStPEKUGNrD66B93pQP3Ozv7ealRuIltMkgyDLZ2wgXrVqgyV
+/C+1c7QiciN14kX3fDPICDnX3Dtxvh6CojFFxL30EcP3m0pnZZdItT/VVrCYOYuO
+P1+IKsp1DvSzK3fvQJfWhhyeTCquC4WdlGq/T3btWoNQArX/a5y/wOXugS/pAwV9
+i6O+aRq80FWH1ezt/Ww8p0NQKJT0jVU0kE5gheq/btjGkIe4deFs7uOlXnRPt0Jx
+dYNPpMIdlfH9oiUoe2n5Aw2FuyCB/m5CSvZiY7aLQQKBgQC24iwLawgfb6b/31Qu
+JdUjeOOi93wkagSyTABN3WAUY9FdoW0UImdvEfbyqJzzWbX9CQ/henpWys02vDBq
+zU9QS9yTi+fD/ruNHL01IUHyWksVT5D70zWJ+NQMCp38a0iTtlVTmYpczTsUPw7p
+ESheI1B2HoMmxWf+bwR9f8RMgwKBgQC2DqK+/fPK4YRRdZCww8OyM8kjQu+CtZkE
+ahJIYgvnNyhqNawvWiYm4BdOtz3Sen5pTX4FbpfBOIuc3utYYOhfpveuIc7EuC0u
+GdI5y22Mx3cgYNtuTsyF9/jLEk7ZI0iTTqdyjAEpdziTHSVRkk1DPDNEzHdhMwPD
+Pa61u/KLywKBgQC1TGfPde6ag2wxkmr4SKcPwEMihmd6DePUAUX36vLZo86lHGdv
+I2AYmt2N15uoHxIr43Tr2Sg4rFld3pe8+QWcm2fymSpMgVXaYVgsuGiQ4fQ3Dyay
+jsIvog5MVaYi2xQa4xGZi8e/kfD0dELKyCiVkjqsrjjkEaSzdckkxKmMEwKBgBxB
+Gzre+MYEx99IiqMUTrvKU634RmmXu163A41eQhCpO8l3+PgEWqVv484gnCSdRB8d
+mrBHIKApIWnAIvA9YfLuW8QXlRpspv5fnYPAsYjGsBNDVOrCqfUkreT+O2RxmGLc
+MxqQ5eFEknAqds85EGqd3isQPHrGSxAy83la6OKPAoGBAKju8lOKvGuX5OSGzHdd
+3rbxSbsCodJs4BwnfD6LsL1MnNsjZvN8MOaSvHUUc/FATbj1iv/iNQ8ZNLtYTQLf
+83GzwZuqWKHw+dHzv5+32ITieF3qNMC/QNKxMmIOz4QthNpqOfC5LUiPf8rgXIMI
+UQ1VHuQhTUaQtd53UABDuIwi
+-----END PRIVATE KEY-----

server/joeykimsey.com.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIUDbwdQX307jhWxbOmrK7wkL03094wDQYJKoZIhvcNAQEL
+BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
+MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MB4XDTI0MDgxNjA5MzQwMFoXDTM5MDgxMzA5MzQwMFowYjEZMBcGA1UEChMQQ2xv
+dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
+BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgg8/8hffOiZWby/XJQr1QVfrpyRGC5vRVAku
+K93TxveoXkFl9KiFeGp9uY5P22//7DuDDgN7ZkYmJLH917GDw+lmPnszYVMeIuAA
+zutwkUbzXYCqM7KSNhdxa1q0IKe72eB4ERjXljRMXKBcrlvsfe0oOiPAhLy9hjzZ
+/1L0OwVcoKwiOVZcqWIkHFbVlzavcxVyOqc/+LWZg0EnUQKDUY3DBHrSrCshtaBJ
+23T4G/IHWlJqWv5U4I4lo/H1PQEuLBYBQsxzMs4552N5aJ8J9f2uq2Zsj2LPOQJ5
+Zckau27w31qtdhVV7o3izLed0SnRAr512iELDgC6cgH26wnM4QIDAQABo4IBKjCC
+ASYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSHgiWJ7iIpiP0MfSt9sDTIBKHqMTAf
+BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
+MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
+YTArBgNVHREEJDAighAqLmpvZXlraW1zZXkuY29tgg5qb2V5a2ltc2V5LmNvbTA4
+BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmNsb3VkZmxhcmUuY29tL29yaWdp
+bl9jYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAAAPi9X3zOoNfI08eNlX0zp5mmov
+qi9zENvRKg0aWldhlrjM3DsnHS3I9pNpI13CSVwMTm6WNwaEC38+0HES8hnpNnXW
+0l9EcvORkrvdgoHl32auzgjemt4j8ul59BtGovJ2NuPRxrRq5tjxZbL4eagz6WNj
+2MZs4Jp4EfHhjV19eriWrkJl+Kusp6WASwVkx5tYT4Qd6sdzPJ8bKFV6cF6Z9vMt
+LGxD4d97jqQDAEyYdaR2DRuBIZ6RbJNW0ivQiWsRhqLnYFIEnhFGeACj1sWLjBc/
+tfqu9ATVEDPg6bzSTgoVcczujoZbIoB2Zh2bhEu++Bhp7XndhmCCC50ZF9c=
+-----END CERTIFICATE-----

server/ttp.conf

@@ -0,0 +1,74 @@
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-Content-Type-Options "nosniff";
+
+access_log /var/log/nginx/access.log;
+error_log /var/log/nginx/error.log;
+
+index index.php;
+
+charset utf-8;
+
+error_page 404 /index.php;
+
+ssl_certificate /etc/nginx/ssl/joeykimsey.com.pem;
+ssl_certificate_key /etc/nginx/ssl/joeykimsey.com.key;
+
+location = /favicon.ico {
+    log_not_found off;
+    access_log off;
+}
+ 
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
+
+location ~ /\.(?!well-known).* {
+    deny all;
+}
+
+location ~ /\.ht {
+    deny all;
+}
+
+location ~ ^/(doc|sql|setup)/ {
+    deny all;
+}
+
+location ~ /\. {
+    deny all;
+}
+
+location ~* \.(?:js|css|png|jpg|gif|ico|woff|ttf|woff2)$ {
+    access_log off;
+    log_not_found off;
+}
+
+location /js/ {
+    access_log off;
+    log_not_found off;
+    try_files $uri /index.php?error=js404&file=$uri;
+}
+
+location /css/ {
+    access_log off;
+    log_not_found off;
+    try_files $uri /index.php?error=css404&file=$uri;
+}
+
+location /images/ {
+    try_files $uri /index.php?error=image404&url=$uri;
+}
+
+location /uploads/ {
+    try_files $uri /index.php?error=upload404&url=$uri;
+}
+
+location /errors/ {
+    try_files $uri /index.php?error=$uri;
+}
+
+location / {
+    rewrite ^/(.+)$ /index.php?url=$1&$args;
+}