Add real configuration files

Author: Linus Lee

conf/nginx.conf

@@ -0,0 +1,30 @@
+server {
+	server_name fortress.thesephist.com;
+
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	root /var/www/html;
+	index index.html;
+	try_files $uri $uri/ =404;
+
+	location /.well-known/ {
+		try_files $uri $uri/ =404;
+	}
+	location / {
+		proxy_pass http://127.0.0.1:7280;
+		proxy_http_version 1.1;
+		proxy_set_header Host $host;
+	}
+
+	listen [::]:443 ssl ipv6only=on; # managed by Certbot
+	listen 443 ssl; # managed by Certbot
+	ssl_certificate /etc/letsencrypt/live/fortress.thesephist.com/fullchain.pem; # managed by Certbot
+	ssl_certificate_key /etc/letsencrypt/live/fortress.thesephist.com/privkey.pem; # managed by Certbot
+	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+	if ($scheme != "https") {
+		return 301 https://$host$request_uri;
+	}
+}

conf/sshd_config

@@ -0,0 +1,38 @@
+#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+PermitRootLogin no
+MaxAuthTries 5
+MaxSessions 10
+#PubkeyAuthentication yes
+UsePAM yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+X11Forwarding yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server