firewall.service

+[Unit]
+Description=Gameauth Firewall
+
+[Service]
+Type=oneshot
+ExecStart=/var/www/gameauth/firewall.sh start
+ExecStop=/var/www/gameauth/firewall.sh stop
+
+[Install]
+WantedBy=multi-user.target

firewall.sh

 #!/bin/bash
+### BEGIN INIT INFO
+# Provides:          games-firewall
+# Required-Start:    $network $syslog $remote_fs
+# Required-Stop:     $network $syslog $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Set firewall rules and clear games user table
+# Description:       Sets default INPUT policy to DROP and adds default
+#                    rules for access from SUCS and for exposed services.
+#                    Sets default INPUT policy to accept when stopped.
+#                    The game server user table is purged when the firewall
+#                    is started or stopped in order to ensure it reflects the
+#                    current firewall state.
+### END INIT INFO
 
 start(){
 	/sbin/iptables -F INPUT
 	/sbin/iptables -P INPUT DROP
 	/sbin/iptables -A INPUT -i lo -j ACCEPT
-	/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+	/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 	/sbin/iptables -A INPUT -s 137.44.10.0/24 -j ACCEPT
 	/sbin/iptables -A INPUT -p TCP --dport 80 -j ACCEPT
 	/sbin/iptables -A INPUT -p TCP --dport 443 -j ACCEPT
-	/usr/local/src/gameauth/empty_users_table.py
+	/var/www/gameauth/gameauth-task.php
 }
 stop(){
 	/sbin/iptables -F INPUT
 	/sbin/iptables -P INPUT ACCEPT
-	/usr/local/src/gameauth/empty_users_table.py
+	/var/www/gameauth/gameauth-task.php
 }
 
 case "$1" in
-    start)
-          start
-	  ;;
-    stop)
-          stop
-	  ;;
-    *)
-    	  echo "Usage: $0 {start|stop}"
-	  exit 1
-esac
+	start)
+		echo -n "Starting firewall..."
+		start
+		echo "done."
+		;;
+	stop)
+		echo -n "Stopping firewall..."
+		stop
+		echo "done."
+		;;
+	restart)
+		echo -n "Restarting firewall..."
+		stop
+		start
+		echo "done."
+		;;
+	force-reload)
+		echo -n "Restarting firewall..."
+		stop
+		start
+		echo "done."
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload}"
+		echo "restart and force-reload are equivalent"
+		exit 1
+esac
\ No newline at end of file

gameauth-apache.conf

+<VirtualHost *:80>
+	ServerAdmin games@sucs.org
+	DocumentRoot /var/www/gameauth
+	ServerName games.sucs.org
+	ServerAlias www.games.sucs.org
+	CustomLog /var/log/apache2/gameauth_access.log combined
+	ErrorLog /var/log/apache2/gameauth_error.log
+	AddHandler application/x-httpd-php .php
+
+	RewriteEngine on
+        ReWriteCond %{SERVER_PORT} !^443$
+        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
+
+	Alias /dynmap /var/www/minecraft-dynmap
+	Alias /tekkit-dynmap /var/www/tekkit-dynmap/
+
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin games@sucs.org
+        DocumentRoot /var/www/gameauth
+        ServerName games.sucs.org
+        ServerAlias www.games.sucs.org
+        CustomLog /var/log/apache2/gameauth_access.log combined
+        ErrorLog /var/log/apache2/gameauth_error.log
+        AddHandler application/x-httpd-php .php
+
+        SSLEngine on
+
+        SSLCipherSuite AES128+EECDH:AES128+EDH
+        SSLProtocol All -SSLv2 -SSLv3
+        SSLHonorCipherOrder On
+        Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+        Header always set X-Frame-Options DENY
+        Header always set X-Content-Type-Options nosniff
+        SSLCompression off
+
+	SSLCertificateFile /etc/letsencrypt/live/games.sucs.org/fullchain.pem
+	SSLCertificateKeyFile /etc/letsencrypt/live/games.sucs.org/privkey.pem
+	SSLCertificateChainFile /etc/letsencrypt/live/games.sucs.org/chain.pem
+
+	Alias /dynmap /var/www/minecraft-dynmap
+	Alias /tekkit-dynmap /var/www/tekkit-dynmap/
+
+</VirtualHost>