greetings, fellow lain. have to say i'm glad to see you here.
i have a Debian server, freshly reinstalled, with nginx that i so-far host nothing with.
i also tried to follow this guide, but it's made for one-and-a-half Debian release older than what i have, which is forky/sid, so i'm currently running it on default configs, which means if you want a mailbox here you'll have to reach out to me beforehand. my pubnix can already be mailed though, and my gmail has gone nowhere. send sensitive stuff to either with GPG encryption.
· here's my GPG public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----fingerprint - 51DB E8DD A5E6 6DE9 FBDA 005F 1300 732C 2E7F 1726
mDMEaMBINRYJKwYBBAHaRw8BAQdA2UGZDdLjGfduBYnzIofjXZ483eLrHGCPqpRW
QA0lwb60UEtvbGkgSGlub2thbWkgKGZhbGxiYWNrIG1haWw6IGtvbGkuaGlub2th
bWlAZ21haWwuY29tKSA8a29saUBrb2xpLWRlYmlhbi1zdi55Z2c+iJMEExYKADsW
IQRR2+jdpeZt6fvaAF8TAHMsLn8XJgUCaMBINQIbAwULCQgHAgIiAgYVCgkICwIE
FgIDAQIeBwIXgAAKCRATAHMsLn8XJqpDAP9ugcActQKpviafwmpB2wr/9miZLPze
3fFMJbiCsOhKlwEA83y9V8szUVUqBm66FjJ+O4WPYW3XHiEPkd5sdJqg5QG4OARo
wEg1EgorBgEEAZdVAQUBAQdAosCBVFHPNOKZFW0hGwy6WSiQx21Je8ZDCjH1ER4l
tj0DAQgHiHgEGBYKACAWIQRR2+jdpeZt6fvaAF8TAHMsLn8XJgUCaMBINQIbDAAK
CRATAHMsLn8XJpF4AQCULcQJOhxJMZBOTezxcXTt5mLRSIfVSSR/vNSDsVIXWQEA
zMSgkjPqWWW/+yXtjH1wn5y8jLXRS0XMRaMp1u8vyAY=
=o6fR
-----END PGP PUBLIC KEY BLOCK-----
nginx also is set up to host TLS/SSL (as some wise people say SSL 3.0 is the same as TLS 1.0). mail daemon also is.
· here's my root certificate (second revision, changed some strings, same private/public key):
-----BEGIN CERTIFICATE-----
save as a
MIIKFzCCBf+gAwIBAgIULZ388BVZD54z/phdfgzYkXmmRPAwDQYJKoZIhvcNAQEL
BQAwgZkxCzAJBgNVBAYTAlhJMRIwEAYDVQQIDAl0aGUgV2lyZWQxIjAgBgNVBAcM
GXRoZSBwbGFjZSBvZiBsb25lbHkgbGFpbnMxFjAUBgNVBAoMDUtvbGkgSGlub2th
bWkxEjAQBgNVBAMMCUtvbGkncyBDQTEmMCQGCSqGSIb3DQEJARYXa29saUBrb2xp
LWRlYmlhbi1zdi55Z2cwIBcNMjUwOTExMTY1NTIwWhgPMjEyNTExMjYxNjU1MjBa
MIGZMQswCQYDVQQGEwJYSTESMBAGA1UECAwJdGhlIFdpcmVkMSIwIAYDVQQHDBl0
aGUgcGxhY2Ugb2YgbG9uZWx5IGxhaW5zMRYwFAYDVQQKDA1Lb2xpIEhpbm9rYW1p
MRIwEAYDVQQDDAlLb2xpJ3MgQ0ExJjAkBgkqhkiG9w0BCQEWF2tvbGlAa29saS1k
ZWJpYW4tc3YueWdnMIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKCBAEA13Sp
JECxKLkkBcmVirTVgCPWPO6i4yfqFEaBuZze6M0CYVYPWd5l6kd5PoysFxkLuPoe
YZ1rXwi6CEW1rjb+vJaykPfrSBArERV2C9CyMCVc/DJzOvygRcPCAjj9aiIQfg/U
cY5kwObTV/Rdx7HIMW1QPtc7/RRjI0r2Met9CLeeYqz1aLrIOEGsv9++gS4e0XlK
1Z2gJ/FwtOQNO4SOPVfx1Fk+fIYW9MKbgcxSMOKfZ2iGMVpjvY8PRgeDQrVS14vY
l0JDGm7j41fctO7ehYP7nQuJF2UGTaOViV5cAkFUJGxKXcQ4WGGzEsKX2GcUl97R
Te75Zdt9Nqkh9uQLua50l5oX+cgMzC9o9mSa56LKYc8U4jMZeGCvnuROWOAeywWw
7/HSqcEh3kJTKiEtWGbtwUcvyXgg8LdFnzNZaxls5n+vNC05V4A7K2x0y/dZNANl
A2C6nSlfuDFdaStllyTt/cNEe8pZgZk1GoQcwKfE9l0wJu38dy+CHgjrFEx7ReT5
5bAtq1SI2mhv4NHEtGxb/uIhYgMrhQGap1zTghSc6HHd9UwhoMsqrPaWzVuhQO0w
tVKG0mWcMCTy0wpdUdYp4X6tjwtxgGEKSQwSPDAflHA/ZmomSjxgCoOszmavCEzr
W/Z7JRVmpusu40tE/ujLl0eam9C6FM67zJ5/OtYPo7ZLR7GLOj21pay4CEccaMsy
DaXs5Ypj2n5v07eNyj31baDtCw27U5ZXU8s7p8cZ+ud6HBb6DpbhT7iavg7J4YdF
53eTl/u1fyMw0FORPYz6XAz810UbdkITnLpVWVD2lvzkHgsy4beI9BWMiIetR6XK
ekJY1ONOoTI2bRl9KVGzd+S95yD3iiOYj5Cr6jBuftwX8dk3YhGpfUPyl9EFRmqw
NHAwvhcg2dBd5E+My4d9sOhUIK7RK7ov2IjMYGrqilNPFRVgsBNAqq/DFsOX+aYE
3pJvhLODtPzvu/J6ICnACfO9gBoYKzO3uCxsQ0HwKNR6h7Ro9PrnGPe9lxZYKT4N
hP4PYHBhE03pJV9ZP7nDb5dKewpMDUqSE1dYhzEExWNfZkOllyxW773IpyUFOUbX
LHmCU3Gdb8oIntSzPUfPyhFnQgwE+vUBYoEs3dURZN6k4I8IFiu/lJV2DH8DfS/A
2PYSziLSQhZdu0wik2KlMzNbsiGHUHNpMRMa8ztYD7aXeATs5qRtKBoxCM5eCFiw
xxl8qNbhum/uaVEnmm4HV0P4sgT0J37LtWXEJ80F47ZkdJ6ZUUrML+TLxTRWpBpa
zlLeprdHX8LbiO9REsmMqmjF1ZEAD27o3JwpNpJ+mNr2j6rfIQzQDSNcjaiza8iK
DmJCCVBBpPc79hv0gQIDAQABo1MwUTAdBgNVHQ4EFgQUpjZ48KZEFlS1mxscc2dg
X/sxB3IwHwYDVR0jBBgwFoAUpjZ48KZEFlS1mxscc2dgX/sxB3IwDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCBAEAoP2Dp163I9f6S6ogSvlDqSnpYiop
r6gBx5aHwc5zblRAYZhiEMwEBdQFYkU6wkwvuz4oj/2s8L04xgdW2M42NDAXF7wq
wK8KLy2InBRGPchVlcHZEJWeA0sjfH+o78DMBOHC5XQSQk0anCAbiaHYLxCx/Yt6
CmWu8N8OPkUFs5xju+Z99cwK09SZP2c4pyCnAhpATbYTjHgcKOaqQ9kWfW5OgITL
BldQ2VdH1EctOwy/mhTH905fgktR5InLJiTuhQGCemARopOsDdmChkxuEAcXVLoR
lBYngTA4zi0prp6neuPYpF+cqpMVJKbcfsXTplZbEkwiE0PaCtjUMYD0YfVWERdb
GOQloHwpOYUTM+bNJlwxS33QuEJFFBmG2A1U2wz09+qbaz0FZL6kTLPGYQl81BQB
wZc1czbuJBNIndmPACqFoc45GiBM+NIVxXPPW5L6+egjq+bOhcY4MTW/mwqfJuEj
HVDe38Ess80Az/yjAmfbXrgjTI3WpFhECvajj9pfs77mbrYdJ5rhmLo/XaqUkfcQ
HKwQLOeefZToVnDKSRqAuCICnpZQBSaU7vO10kWDA+MpEH6g2Tp6UuDaKqWWDN88
Sm2qAmWNBAJ+BYCjNvu1Ozc5bcfRpc3rjzh3TFsfQ34zeo8WyFRHhw/9ufpz4P3l
6p2JLqHRiPp6Mfe4jprNbCenyZ9/Yb6CU3N3LoZ5Tyz7TmKd8Fz1v/B7rPrfkDww
/8oKHMY58s018Fv2MK7Unj712L6bKy0mTD2iyQleAiCueZSJDwds+47KjC+ipbZD
2oa/b0BnopaLxcbPLGBW3h5sK07TpN4M5iKwNPqI0KgOraIjVAdgNt5S1Bb4Z1oN
tmng9cQO+W+ZJbT3VMnexfKJwFNvQ0DXZsbODs5Cf2pWHVYm3Znomne/djs6l71H
sclQ+heDMmGFMXXPP7cGlQgdu71XuGLyuFe19WmfB7kuTLIccFcRMuqUgexX3qOS
sA8eBhzOsbXxqWqZ7wFwde3AI3yH2i54yQDu9jpTC+BgxIdDL5dj++MlSuN3upk+
n5lyjD5I7DYbQfHmlJIJz9Q4SBv0/X6Fewp5qDhZiwqMU+ZwDTQ4urZ6aCXkCdD6
6qX2xkKm62L1Anq13GUKE7rUP1mV11spaAluMfiLjbGF/ZH9d2xy7uCgINteRo51
nQjzuKJHg9yFMPFP8B/PGZ+9wY3G4wDJ9s5b6fQJEcNAUHYWuliAxehHlEN14ZNn
9lEVsbVnt+ISLKp1EiN6eE+iVz6F8IaBFM4P63BcS1C6AdBjwNaTDu9gV04E1HbC
l22DRVVxpHQTnc2d13bj/XhUjMO8KwuIIiAZ0jbmHawhtx4DR4IX1FV0PQ==
-----END CERTIFICATE-----
.pem file, openssl it to a Windows cert if needed and stuff into system-wide cert storage and Palemoon one - don't get tripped just like me, Palemoon has separate CA storage.
I'm an Yggdrasil host reachable on [201:1699:8ca:ff8a:8a61:6883:caa1:51e3], with pubkey 7a59bdcd401d5d67a5df0d57ab87221d4d44373d901ad4050c01e8170e28a2f2 in case you care.
Alternative Yggdrasil target is [200:4a:ba9:d180:acf0:ef8b:9536:e0a6], which is Reunion7/Cygwin instead of Debian. Same SSH pubkey as on Debian host.
SSH pubkey is ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMM0a3CydLfqMH/+n/A0Ac5VcSqE0T47gy+cAU40NO15/{from ~/.ssh/known_hosts}. Checking public key is necessary, as Yggdrasil is known to have address collisions. Not that you'd wish to ssh into my server.
Nginx is present to serve over http and https with my self-made certificate.