diff --git a/firewall.service b/firewall.service
new file mode 100644
index 0000000000000000000000000000000000000000..1d1ae0ced6035a37466344b2fe642e1f03dace9d
--- /dev/null
+++ b/firewall.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Gameauth Firewall
+
+[Service]
+Type=oneshot
+ExecStart=/var/www/gameauth/firewall.sh start
+ExecStop=/var/www/gameauth/firewall.sh stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/firewall.sh b/firewall.sh
index 87dccf6755f5bd0fc43d79a604ac500e683704e0..1aeea67e405d167387ce8197f6c7a8b4cc5e0734 100755
--- a/firewall.sh
+++ b/firewall.sh
@@ -1,29 +1,60 @@
#!/bin/bash
+### BEGIN INIT INFO
+# Provides: games-firewall
+# Required-Start: $network $syslog $remote_fs
+# Required-Stop: $network $syslog $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Set firewall rules and clear games user table
+# Description: Sets default INPUT policy to DROP and adds default
+# rules for access from SUCS and for exposed services.
+# Sets default INPUT policy to accept when stopped.
+# The game server user table is purged when the firewall
+# is started or stopped in order to ensure it reflects the
+# current firewall state.
+### END INIT INFO
start(){
/sbin/iptables -F INPUT
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
- /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -s 137.44.10.0/24 -j ACCEPT
/sbin/iptables -A INPUT -p TCP --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p TCP --dport 443 -j ACCEPT
- /usr/local/src/gameauth/empty_users_table.py
+ /var/www/gameauth/gameauth-task.php
}
stop(){
/sbin/iptables -F INPUT
/sbin/iptables -P INPUT ACCEPT
- /usr/local/src/gameauth/empty_users_table.py
+ /var/www/gameauth/gameauth-task.php
}
case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- *)
- echo "Usage: $0 {start|stop}"
- exit 1
-esac
+ start)
+ echo -n "Starting firewall..."
+ start
+ echo "done."
+ ;;
+ stop)
+ echo -n "Stopping firewall..."
+ stop
+ echo "done."
+ ;;
+ restart)
+ echo -n "Restarting firewall..."
+ stop
+ start
+ echo "done."
+ ;;
+ force-reload)
+ echo -n "Restarting firewall..."
+ stop
+ start
+ echo "done."
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}"
+ echo "restart and force-reload are equivalent"
+ exit 1
+esac
\ No newline at end of file
diff --git a/gameauth-apache.conf b/gameauth-apache.conf
new file mode 100644
index 0000000000000000000000000000000000000000..1883d7aaa4e450a3f95195a8aa61f39e7865c3ba
--- /dev/null
+++ b/gameauth-apache.conf
@@ -0,0 +1,44 @@
+
+ ServerAdmin games@sucs.org
+ DocumentRoot /var/www/gameauth
+ ServerName games.sucs.org
+ ServerAlias www.games.sucs.org
+ CustomLog /var/log/apache2/gameauth_access.log combined
+ ErrorLog /var/log/apache2/gameauth_error.log
+ AddHandler application/x-httpd-php .php
+
+ RewriteEngine on
+ ReWriteCond %{SERVER_PORT} !^443$
+ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
+
+ Alias /dynmap /var/www/minecraft-dynmap
+ Alias /tekkit-dynmap /var/www/tekkit-dynmap/
+
+
+
+ ServerAdmin games@sucs.org
+ DocumentRoot /var/www/gameauth
+ ServerName games.sucs.org
+ ServerAlias www.games.sucs.org
+ CustomLog /var/log/apache2/gameauth_access.log combined
+ ErrorLog /var/log/apache2/gameauth_error.log
+ AddHandler application/x-httpd-php .php
+
+ SSLEngine on
+
+ SSLCipherSuite AES128+EECDH:AES128+EDH
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLHonorCipherOrder On
+ Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+ Header always set X-Frame-Options DENY
+ Header always set X-Content-Type-Options nosniff
+ SSLCompression off
+
+ SSLCertificateFile /etc/letsencrypt/live/games.sucs.org/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/games.sucs.org/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/games.sucs.org/chain.pem
+
+ Alias /dynmap /var/www/minecraft-dynmap
+ Alias /tekkit-dynmap /var/www/tekkit-dynmap/
+
+