From 0736f83b07728b5d8bd83693d61e0f513b849335 Mon Sep 17 00:00:00 2001
From: Martin Mahner <martin@mahner.org>
Date: Tue, 3 Nov 2015 15:49:28 +0000
Subject: [PATCH 1/3] Increased paste size to 10M

---
 server/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/nginx.conf b/server/nginx.conf
index d9fd99e..69bb357 100644
--- a/server/nginx.conf
+++ b/server/nginx.conf
@@ -70,7 +70,7 @@ server {
     error_log /srv/dpaste.de/var/nginx.error.log;
 
     keepalive_timeout 5;
-    client_max_body_size 2M;
+    client_max_body_size 10M;
 
     location ~ /(favicon.ico|robots.txt) {
         access_log off;

From 240ccb1cdd0cf6ebd2d8ef2811bd47019238c614 Mon Sep 17 00:00:00 2001
From: Martin Mahner <martin@mahner.org>
Date: Tue, 8 Dec 2015 15:12:55 +0000
Subject: [PATCH 2/3] Updated SSL conf using letsencrypt

---
 server/nginx.conf | 37 +++++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/server/nginx.conf b/server/nginx.conf
index 69bb357..5b5ff52 100644
--- a/server/nginx.conf
+++ b/server/nginx.conf
@@ -14,7 +14,6 @@ log_format combined_port '$remote_addr - $remote_user [$time_local] '
 # -----------------------------------------------------------------------------
 server {
     listen 80;
-    listen [::]:80;
     
     server_name     dpaste.de 
                 www.dpaste.de
@@ -24,6 +23,11 @@ server {
     location / {
         rewrite ^ https://$server_name$request_uri? permanent;
     }
+
+    location /.well-known/acme-challenge/ {
+        alias /var/www/challenges/;
+        try_files $uri =404;
+    }
 }
 
 # -----------------------------------------------------------------------------
@@ -32,12 +36,21 @@ server {
 
 server {
     listen 443 ssl spdy;
-    listen [::]:443 ssl spdy;
 
     server_name dpaste.org www.dpaste.org;
 
-    ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt;
-    ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key;
+    ssl on;
+    ssl_certificate /srv/dpaste.de/etc/ssl/dpaste_org_chained.pem;
+    ssl_certificate_key /srv/dpaste.de/etc/ssl/dpaste_org.key;
+    ssl_dhparam /etc/ssl/dhparam.pem;
+
+    # SSL modern config for modern browsers Pete told me
+    ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
     add_header Strict-Transport-Security max-age=25200;
 
     # Redirect to dpaste.de
@@ -48,16 +61,20 @@ server {
 
 server {
     listen 443 ssl spdy;
-    listen [::]:443 ssl spdy;
 
     server_name dpaste.de www.dpaste.de;
 
-    ssl_certificate /srv/dpaste.de/var/ssl_2015/ssl-unified.crt;
-    ssl_certificate_key /srv/dpaste.de/var/ssl_2015/ssl.key;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers AES256+EECDH:AES256+EDH;
-    ssl_session_cache  builtin:1000  shared:SSL:5m;
+    ssl on;
+    ssl_certificate /srv/dpaste.de/etc/ssl/dpaste_de_chained.pem;
+    ssl_certificate_key /srv/dpaste.de/etc/ssl/dpaste_de.key;
+    ssl_dhparam /etc/ssl/dhparam.pem;
+
+    # SSL modern config for modern browsers Pete told me
     ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     add_header Strict-Transport-Security max-age=25200;
     

From 429ef239f91e881bef3e22c5c71093bf97b807a5 Mon Sep 17 00:00:00 2001
From: Henk Kraal <h.kraal@tiw.nl>
Date: Thu, 10 Dec 2015 13:56:23 +0100
Subject: [PATCH 3/3] conent should be content

---
 docs/api.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/api.rst b/docs/api.rst
index 0e6e57b..c7d3996 100644
--- a/docs/api.rst
+++ b/docs/api.rst
@@ -44,7 +44,7 @@ Can also be set via GET. The format of the API response. Choices are:
     {
         "url": "https://dpaste.de/xsWd",
         "lexer": "python",
-        "conent": "The text body of the snippet."
+        "content": "The text body of the snippet."
     }
 
 
@@ -74,7 +74,7 @@ filename! Example::
         "url": "https://dpaste.de/xsWd",
         "lexer": "",
         "filename": "python",
-        "conent": "The text body of the snippet."
+        "content": "The text body of the snippet."
     }
 
 This will create a ``python`` highlighted snippet. However in this example::
@@ -83,7 +83,7 @@ This will create a ``python`` highlighted snippet. However in this example::
         "url": "https://dpaste.de/xsWd",
         "lexer": "php",
         "filename": "python",
-        "conent": "The text body of the snippet."
+        "content": "The text body of the snippet."
     }
 
 Since the lexer is set too, we will create a ``php`` highlighted snippet.