apt update apt upgrade -y apt autoremove -y apt install nginx ufw fail2ban -y; apt install php-fpm php-cli php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath -y mkdir /etc/ssl/private; mkdir /var/www/account.urmic.org; cat > /etc/fail2ban/jail.d/account.conf<<EOL [account] enabled = true filter = nginx-http-auth action = iptables-multiport[name=NoAuthFailures, port="http,https"] logpath = /var/log/nginx/account_error.log maxretry = 5 bantime = 3600 findtime = 600 EOL cat > /etc/ssl/private/bundle.crt<<EOL -----BEGIN CERTIFICATE----- MIIGlzCCBP+gAwIBAgIRAKfsciVkCheKiiJ6JWprPmIwDQYJKoZIhvcNAQEMBQAw YDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE AxMuU2VjdGlnbyBQdWJsaWMgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBIERWIFIz NjAeFw0yNTA2MTQwMDAwMDBaFw0yNjA2MTQyMzU5NTlaMBgxFjAUBgNVBAMTDWNk bi51cm1pYy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJjz97 Q0FEsQmaczaP20p1sfVu8PMSR7exP/fD0AdaVg+3bOPxFpzWnHtCz/8nONemlmG3 792ENwhgIRUlRKq5zxSjHQva33AZjJxkROTwPZWa1R+1sb6IneRIY3Nvp/o6Vwi+ Ydv+xXph3JVK/AGL+M0+5NbDJr0WySZb+c9tjp9e8QviPq5cPcKQ2vxUcXgcgRrQ kEI/vZWqThgkTOdkovds6bZ/EB7VBIoRM8VYRXJjwjVUDpBgLV8SacLHi7RfEqvW lrd9nPCt1BYQrPYc5aI3vt93+81SdfjsNeUcNI8JOp09huqzYUe6YxL0MEULnAzC 5wbokg4C53i9nd+fAgMBAAGjggMSMIIDDjAfBgNVHSMEGDAWgBRowBIWGA6vzvaH pjJXo0ZRXcsHJzAdBgNVHQ4EFgQUEcG11BpxNF+JQV5UhtL5gdTeGyowDgYDVR0P AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYX aHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4 MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1 YmxpY1NlcnZlckF1dGhlbnRpY2F0aW9uQ0FEVlIzNi5jcnQwIwYIKwYBBQUHMAGG F2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFo AWYAdgCWl2S/VViXrfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZdsLUXYAAAE AwBHMEUCIQCcACsQTKLkAlsDvB4dMjIcLbGTcNMoLO0WqfBLsdzLBgIgLHi/p8ln 5M+iitGp8w0IkAkyHLHIeXm06zwvymmDX3IAdQAZhtTHKKpv/roDb3gqTQGRqs4t cjEPrs5dcEEtJUzH1AAAAZdsLUW8AAAEAwBGMEQCIBRvDR4MLOgSfX1R6I4gywme H3HR1zgSJ2cwX7Hp70w9AiAR3jY2cullIDsZa87/jEQY+Z8Uj9X0HFNBeM9DOCJL +AB1AA5XlLzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4hAAABl2wtRbgAAAQD AEYwRAIgTsvGnb93NiOa+Atg/gEj6vVuHdVwmK7E4BKnBfYmYpwCIDKN58QMd5XZ 7feKLhBHFXdosKiS/UAYuTfPpEoEbARBMD0GA1UdEQQ2MDSCDWNkbi51cm1pYy5v cmeCEWFjY291bnQudXJtaWMub3JnghBzdHJlYW0udXJtaWMub3JnMA0GCSqGSIb3 DQEBDAUAA4IBgQB+Myp/1oM3PdbzgYgihyYN6nsGAiX9Bri5xzJe+ey/70gYgzzs vJ7ZWzCXXanoRs8idIFJUUuj+runqY2zVbU6gHEflWAKmyIwiM9+XRSoF3SUb3yh vf2mS+FZzazu3IXD24G+FpUsNjMHiDv+Ck9awZfzckAGlRLH3EghpZ4g4ADNBdXN K4c92/g5yCIhu16go//1VC3OV9xWRDEix1xNoxIPMM8wTCCZY6Rq86DDBbKLeayx blboVuXaexIclTbLcrWZ0x/mkXMzRuFz2MMPKd+z6N6j4lOGsotPLqUbskoqgf+k kxUizk1OlHEsoHakTFxguIWlnHH3r1NnOEb3dOukMsH+IyLOv4M8t1ADQ5E26vLQ 883ZK5ON9xFR8Vq6jVc6CNRbtFqBInhQHpzazJZ7h+6xpYfgCMUuwzKOllxErS6R yLWcYzt2qt9cpab8C/DuUqdj5LQLdmSBnO529GERt2HHqE7fcAISA7ycCPCGb/Mi ef0pPfxF87jbdzo= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT 79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs 8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGTDCCBDSgAwIBAgIQOXpmzCdWNi4NqofKbqvjsTANBgkqhkiG9w0BAQwFADBf MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBgMQswCQYDVQQGEwJHQjEY MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFB1Ymxp YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0EgRFYgUjM2MIIBojANBgkqhkiG9w0B AQEFAAOCAY8AMIIBigKCAYEAljZf2HIz7+SPUPQCQObZYcrxLTHYdf1ZtMRe7Yeq RPSwygz16qJ9cAWtWNTcuICc++p8Dct7zNGxCpqmEtqifO7NvuB5dEVexXn9RFFH 12Hm+NtPRQgXIFjx6MSJcNWuVO3XGE57L1mHlcQYj+g4hny90aFh2SCZCDEVkAja EMMfYPKuCjHuuF+bzHFb/9gV8P9+ekcHENF2nR1efGWSKwnfG5RawlkaQDpRtZTm M64TIsv/r7cyFO4nSjs1jLdXYdz5q3a4L0NoabZfbdxVb+CUEHfB0bpulZQtH1Rv 38e/lIdP7OTTIlZh6OYL6NhxP8So0/sht/4J9mqIGxRFc0/pC8suja+wcIUna0HB pXKfXTKpzgis+zmXDL06ASJf5E4A2/m+Hp6b84sfPAwQ766rI65mh50S0Di9E3Pn 2WcaJc+PILsBmYpgtmgWTR9eV9otfKRUBfzHUHcVgarub/XluEpRlTtZudU5xbFN xx/DgMrXLUAPaI60fZ6wA+PTAgMBAAGjggGBMIIBfTAfBgNVHSMEGDAWgBRWc1hk lfmSGrASKgRieaFAFYghSTAdBgNVHQ4EFgQUaMASFhgOr872h6YyV6NGUV3LBycw DgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEw VAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv UHVibGljU2VydmVyQXV0aGVudGljYXRpb25Sb290UjQ2LmNybDCBhAYIKwYBBQUH AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp Z29QdWJsaWNTZXJ2ZXJBdXRoZW50aWNhdGlvblJvb3RSNDYucDdjMCMGCCsGAQUF BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEA YtOC9Fy+TqECFw40IospI92kLGgoSZGPOSQXMBqmsGWZUQ7rux7cj1du6d9rD6C8 ze1B2eQjkrGkIL/OF1s7vSmgYVafsRoZd/IHUrkoQvX8FZwUsmPu7amgBfaY3g+d q1x0jNGKb6I6Bzdl6LgMD9qxp+3i7GQOnd9J8LFSietY6Z4jUBzVoOoz8iAU84OF h2HhAuiPw1ai0VnY38RTI+8kepGWVfGxfBWzwH9uIjeooIeaosVFvE8cmYUB4TSH 5dUyD0jHct2+8ceKEtIoFU/FfHq/mDaVnvcDCZXtIgitdMFQdMZaVehmObyhRdDD 4NQCs0gaI9AAgFj4L9QtkARzhQLNyRf87Kln+YU0lgCGr9HLg3rGO8q+Y4ppLsOd unQZ6ZxPNGIfOApbPVf5hCe58EZwiWdHIMn9lPP6+F404y8NNugbQixBber+x536 WrZhFZLjEkhp7fFXf9r32rNPfb74X/U90Bdy4lzp3+X1ukh1BuMxA/EEhDoTOS3l 7ABvc7BYSQubQ2490OcdkIzUh3ZwDrakMVrbaTxUM2p24N6dB+ns2zptWCva6jzW r8IWKIMxzxLPv5Kt3ePKcUdvkBU/smqujSczTzzSjIoR5QqQA6lN1ZRSnuHIWCvh JEltkYnTAH41QJ6SAWO66GrrUESwN/cgZzL4JLEqz1Y= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGlTCCBH2gAwIBAgIRANJ/u8HeNZ5SFq1hSVhgmcQwDQYJKoZIhvcNAQEMBQAw gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIx MDMyMjAwMDAwMFoXDTM4MDExODIzNTk1OVowXzELMAkGA1UEBhMCR0IxGDAWBgNV BAoTD1NlY3RpZ28gTGltaXRlZDE2MDQGA1UEAxMtU2VjdGlnbyBQdWJsaWMgU2Vy dmVyIEF1dGhlbnRpY2F0aW9uIFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEAk77VNlJ12AEjoBxHQknuY7a3If3EldVIKyZ8FFMQ2nn9K7ct pNQs+uoy3UnCub0PSD17WphUr55dMXRPB/xQId2kz2hPGxJjbSWZTCqZ80gwYfqB fB6nCErcPiscHxhMcao1jK34bug7StnllALWiYQTqm3ITzPMUJY3kjPcX4jnn1TZ SPCYQ9Zm/Z8XOEPFAVEL1+MjDxRdWxTnS77d9MjaAzfR1jmhIVEwg7Bt1zBOlluR 8HAkq79FgWRDDb0hOi886Z4NyyC1QifM2m+b7mQwkDnNk2WBITG1I1AzNyLjOO34 MTDMRf5i+dFdMnlCh99qzFYZQE3Oqrv5tXZJlPEn+JGlg+UGs2MOgNzgElWApjtm tDmHLcjw0NEU6eQNTQ72XVdyxTscR1ad4tX7gWGMzE2AkDRbt9cUddzYBEifwMEo iLTpHMqnsfFWt3tJTFnlIBWohAIp+jiUaZpJBo/NH3kUFxIMg3reH7GX7vmXeCik yESS6X0mBaZYcpt5E9gRX67FOGI0aLKGMI74kGGeMmz1BzbNokxu7Io27fLmmRVE cMN8vJw5wLTha/eDJSNX2RKA5UnwdQ/vjescm1QotCE8/HwK/+97a3X/ix2gGQWr +vgrgULoOLq7+6r9PeDzyt9Ol5cp7fMYVumllqy9w5CYsuD5otSmR0N8bc8CAwEA AaOCASAwggEcMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1Ud DgQWBBRWc1hklfmSGrASKgRieaFAFYghSTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T AQH/BAUwAwEB/zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYDVR0g BAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRy dXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDA1 BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVz dC5jb20wDQYJKoZIhvcNAQEMBQADggIBADpvBIlq7bMU0cFDT/9P9+BsgCkRgQs0 S6Bf7vJSlWMHwby0VGvxCS0hrbi0K2BINZbEbsVsgpQq04431yyoVn3Hldorgq24 RldRDOOipEZDTFB9wC9HYt1thHF00XeG2C8KC1plwoEzKAIhPvefI/C3cT0CfTXJ uFjUbKIgSwjNjw6YHtLgoy/hd5+JLUlLco/gzFX/qWbT7tEquOMYpsNKWZj8TLqP q6zMiG4Na6feEZte6YPXGrMWlTWN341vDedc+yxQqSug79HJUQcOZs7KyDWztmae QxsPE49UV/8XwrfZtZaYyrs4FpD94Z4Q8dzXGL8+qEJjxgcza7W6PROaClubavd1 VKPm8+aCW77u7SxpR2TFGL6kPdxsKyFijpcunR5V79sUyROfNdzjrAcFWZXK8sbb 9FlnwuVG677JLv+ZVTX5AxLvW5OB4zt5uS+zB62wJ/Wv+jXGAttSAcJec4iFgCWH Rvdi/jJoSzRLa3nEzx6pFIzclSCnh0u1xCeLcUBypSiPga8W+6PkuoyQq8U9qs9E oxG5NvrvlyshwUS9yvcZRGw7Ljlx4jJH/BhIPR8kIBCQj1vna9TziZOrw1Of8hDU bHKFG9Pm8Dp2vbjz/2JH39qvxshPKVllGfq+5klPm7yZRUYTiCMAbqwNdL/nsqF2 Rnnyp58XRStJ -----END CERTIFICATE----- EOL cat > /etc/ssl/private/server.key<<EOL -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJjz97Q0FEsQma czaP20p1sfVu8PMSR7exP/fD0AdaVg+3bOPxFpzWnHtCz/8nONemlmG3792ENwhg IRUlRKq5zxSjHQva33AZjJxkROTwPZWa1R+1sb6IneRIY3Nvp/o6Vwi+Ydv+xXph 3JVK/AGL+M0+5NbDJr0WySZb+c9tjp9e8QviPq5cPcKQ2vxUcXgcgRrQkEI/vZWq ThgkTOdkovds6bZ/EB7VBIoRM8VYRXJjwjVUDpBgLV8SacLHi7RfEqvWlrd9nPCt 1BYQrPYc5aI3vt93+81SdfjsNeUcNI8JOp09huqzYUe6YxL0MEULnAzC5wbokg4C 53i9nd+fAgMBAAECggEAF7LFgn8mWea829GHDUP5zbvGQSyIT9Jp2SfNwFKhwq/S ujzN0idX+m28ml7tP5XR2S7eP2uu7mAwFmldXJvlvOIJqaH9JldWDVL4gluNVWfQ QrujNlA3OEXkNNSommy0IY7hIs1LuflLCd2PGhlmLyhqLWZnj9tqqRaucWr+RgGk 47453Cw0eoklhujPSw3dQnV5tQp6ATzOxmCTp7o7rgU6JXC3FUFSqbgCtPMO0kj7 p7cAtM5hAFhViNRospmUiYhv0pilvlaIRKs1mc0O76ppnX1fLQqUSYBRylhAjeVN C1RENbRwe+jnQ6zfpv6OBuqIDpsvZW25TqN3ke1/hQKBgQDvI8HSxX3JUcOWAjqo 19XC4TEtWpGtaMHTCm897HmZdb6vRrJBMNPR66oT9zOAmkneql1YGT9IbBcPG2uQ AhWBu4Epid7hBjyLfD0Xy83iCfkc8tGcVTcKau7oF+qoOa0nkP7FJaxx5C+XKUcv HWiMezIgukJ+IOEUO68FteUb/QKBgQDXxTSm0W9LPlnQD/gLdrj3jPuzor1hND8n GfQUsnSOMdbWa9tQOs2e41FPlK9UB6lJHYXfthB0VPzRVG9BX1/vDz69FjM7v0dT Ml8NpqQ3SGsCBmKItSyKBh9ZstH+Z3FDVdZt9pNaDMKWDWAE//yHOpjEcacTZjpD EqCt/OfGywKBgBWKI/gnH7hVbAeD9eKlZjSicfqC0OJMsEChDPoH5cAD0gQZmw6y JjIfRvd7aaEoxISQ1c2MoJ2WVtFeh+a1uVgxGmYya+fa1vM9YodVLRsyCMUpveWV 61o93Xz8Qn+ailUpAzmgthKgGgVEi4vb20HkCtTV0g1oSr22zoH2K0fFAoGBANJW hQgl3Bd+lbD1EDmkp5Vy0x9/gpvSgcnNTBotCOBhB2yJQgdI+49rS6WHbQ8+VLFY 3VuCsTGmc7pgVABnSC7ULrXHgXQ59/7LeMvm6eiWaPJVZRKdguieJUucvYcCMfCR KfKST3yWOc5rBXJ6VSNCZRADNvr7Scp+yzIw+4TXAoGAA9/CSnYr1/ifU1NjDOQ3 hDQRnrMAG/JH8/UBdwsyt+hRhlInxAl6gA85IAyGtUF0WKCsNuyCHUH7zlkAUrhL 1d756qZ7URF4GbvGAQctzst6RbgUBAJTocm4AZg6+GLh8FzAt1ynJkZ7a4TtEy4u /t5OaZy7FsC5O6LpMGFK318= -----END PRIVATE KEY----- EOL cat > /etc/nginx/sites-available/account.urmic.org<<EOL server { listen 80; listen [::]:80; server_name account.urmic.org; return 301 https://\$host\$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name account.urmic.org; root /var/www/account.urmic.org; index index.php index.html index.htm; ssl_certificate /etc/ssl/private/bundle.crt; ssl_certificate_key /etc/ssl/private/server.key; # SSL settings ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Security Headers add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; add_header X-XSS-Protection "1; mode=block"; # Limit Request Methods if (\$request_method !~ ^(GET|HEAD|POST)$) { return 444; } # Apply rate limiting (defined in nginx.conf) limit_req zone=cdnlimit burst=25 nodelay; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.2-fpm.sock; # Adjust PHP version if different } # Deny access to hidden files location ~ /\.(?!well-known).* { deny all; } # Block common bots and scanners if (\$http_user_agent ~* (wget|curl|bot|scanner|spider|python|libwww-perl)) { return 403; } access_log /var/log/nginx/account_access.log; error_log /var/log/nginx/account_error.log; } EOL ln -s /etc/nginx/sites-available/account.urmic.org /etc/nginx/sites-enabled/ cat > /var/www/account.urmic.org/index.php<<EOL <?php phpinfo(); EOL systemctl restart nginx; systemctl enable fail2ban systemctl restart fail2ban ufw default allow outgoing ufw default deny incoming ufw allow 80 ufw allow 443