Julius Thyssen jult
🏠
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| protocols = imap pop3 | |
| auth_mechanisms = plain login | |
| auth_cache_size = 24 M | |
| auth_cache_ttl = 18 hours | |
| disable_plaintext_auth = no | |
| listen = *,[::] | |
| log_timestamp = "%Y-%m-%d %H:%M:%S " | |
| log_path = /var/log/dovecot.log | |
| login_greeting = encrypted ready. | |
| postmaster_address = julius@encrypted.net |
jult
/ install_core_for_deb9.sh
Last active
March 31, 2018 14:04
Base install over debian 9 x64 minimal server, with certbot, webmin, csf&lfd and fail2ban
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## Filesystem ext4 | |
| ## Run as root | |
| # Check if user has root privileges | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "You must run the script as root or using sudo" | |
| exit 1 | |
| fi |
jult
/ install_ispcfg_for_deb9.sh
Last active
August 14, 2018 14:51
— forked from jniltinho/install_ispconfig_nginx_debian.sh
ISPconfig 3.x install with NGINX 1.13.x + PHP 7.1 on Debian 9 x64 (Stretch) server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## Install ISPConfig + NGINX + PHP 7.1 on Debian 9 x64 (Stretch) | |
| ## Filesystem ext4 | |
| ## Run as root | |
| ## Based on: https://www.howtoforge.com/tutorial/perfect-server-debian-jessie-nginx-bind-dovecot-ispconfig-3.1/ | |
| ## and: https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/ | |
| ## ! For Postfix config see https://www.howtoforge.com/tutorial/perfect-server-debian-9-stretch-apache-bind-dovecot-ispconfig-3-1/ | |
| # Check if user has root privileges |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo never > /sys/kernel/mm/transparent_hugepage/enabled | |
| echo noop > /sys/block/vda/queue/scheduler | |
| echo 0 > /sys/block/vda/queue/rotational | |
| echo 0 > /sys/block/vda/queue/rq_affinity | |
| echo 9000 > /proc/sys/vm/dirty_expire_centisecs | |
| echo 9000 > /proc/sys/vm/dirty_writeback_centisecs | |
| ethtool --offload ens3 tx-checksum-ip-generic off |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # version 2026 may 23 | |
| ssl_certificate /etc/letsencrypt/live/my.domain.net/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/my.domain.net/privkey.pem; | |
| ssl_trusted_certificate /etc/letsencrypt/live/my.domain.net/chain.pem; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
| ssl_prefer_server_ciphers off; | |
| # Regenerate without -dsaparam: openssl dhparam -out /etc/ssl/dh4096.pem 4096 |
jult
/ .stglobalignore
Last active
April 11, 2026 17:52
syncthing ignore file(s) .stglobalignore and .stignore
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // .stglobalignore | |
| // These prevent SyncThing from trying to sync data that's locked, constantly changing, going to be thrown out, unimportant, etc. | |
| // Lots of conflicts/issues disappeared using these ignores, but do check to prevent major disappointment! | |
| // *.log and *cache* are in there, just so you know.. but firefox' startupCache and offlineCache will be synced. | |
| // Ignores are case sensitive. | |
| // Put both .stignore and this .stglobalignore in the root of your sync folder(s) (where .stfolder resides) | |
| $RECYCLE.BIN | |
| $WINDOWS.~BT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this is most of my /etc/postfix/main.cf file: | |
| inet_protocols = all | |
| inet_interfaces = all | |
| recipient_delimiter = + | |
| smtpd_banner = Blah ESMTP | |
| empty_address_recipient = admin |
jult
/ update-blocklist.sh
Last active
March 7, 2020 15:41
iptables blocklist script (using ipset hash..)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IP_TMP=/tmp/ip.tmp | |
| IP_BLACKLIST=/etc/ip-blacklist.conf | |
| IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp | |
| IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional | |
| list="chinese nigerian russian lacnic exploited-servers" | |
| BLACKLISTS=( | |
| "http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs | |
| # "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes, who would refuse those accessing your server? | |
| # "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # fonts only: | |
| location ~* \.(eot|ttf|woff|woff2)$ { | |
| add_header Access-Control-Allow-Origin *; | |
| } | |
| # all crossed, just remove the POST Methods if you don't want writes on the resource: | |
| location ~* { | |
| if ($request_method = 'OPTIONS') { | |
| add_header 'Access-Control-Allow-Origin' '*'; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| WP_OWNER=lamedude # <-- wordpress owner (usually also ftp-username) | |
| WP_GROUP=psaserv # <-- wordpress group | |
| WP_ROOT=/var/www/vhosts/somesite.tld/httpdocs # <-- wordpress root directory, note it's the docroot here, not wp default | |
| WS_GROUP=psacln # <-- webserver group | |
| # reset to safe defaults | |
| find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \; | |
| find ${WP_ROOT} -type d -exec chmod 2755 {} \; |