Split and renew SSL configs, adjust nginx vhost config

[etec-masterofsynapse]

Existing solutions

• Fixes issue Syntax Error #67
• Implements the change (Use the correct referrer-policy to remove the referrer #61 (comment)) talked about by @Findus23 in Use the correct referrer-policy to remove the referrer #61
• Somewhat solves Add TLS 1.3 and curve X25519 #53 since I updated the ssl configs provided
• Reprioritize the ACME challenge for LetsEncrypt mentioned in Tweak nginx config #52 (comment) // Tweak nginx config #52

Side comment from me on this: the .well-known allow can also be in the HTTPS section since the ACME LE server can follow the 301 HTTP redirect to the HTTPS target. And the cert is "always" still valid when the challenge happens, so the connection can happen without problems. [Answer to the last bullet point of https://github.com//pull/52#issuecomment-504139732]

New solutions

• Refresh the ssl.conf and splitting it into -intermediate and -modern for the admin to decide which one to use
• Include the certbot-managed ssl configs and dhparams since those should suffice as a baseline and are fairly current "all the time"
• Default comment the try_files fastcgi line since all newer nginx configs contain this statement in their snippet config. The line is still there, if it shouldn't be. (Reason being that nginx, if the user overlooks this line, fails the sanity check and restart with a "duplicate line" error)
• "Upgrade" php-fpm from 7.2 to 8.1 since some time has passed

[Findus23]

Many thanks for this great summary and the PR.
I have little time at the moment to look into it, but it should be better in a few weeks. If I haven't responded by then please ping me.

[etec-masterofsynapse]

Many thanks for this great summary and the PR. I have little time at the moment to look into it, but it should be better in a few weeks. If I haven't responded by then please ping me.

Will do.

[etec-masterofsynapse]

Many thanks for this great summary and the PR. I have little time at the moment to look into it, but it should be better in a few weeks. If I haven't responded by then please ping me.

@Findus23 It has been a few weeks, here is the requested ping.

[etec-masterofsynapse]

@Findus23 I am pinging you once again since another month has gone by and I haven't heard from you.

[Findus23]

The good news is that this is still on my todo-list, the bad news is that I am still traveling and it will still be a bit until I got enough time at once to go over all of this.