From 98906db4bfbe9c1273dd4b22bc8c467da60072b5 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 22 Jan 2024 22:35:38 +0100
Subject: [PATCH 1/3] Configure reverse proxy for hamburg.ccc.de, staging and
 www

This replaces next, since the new website is now live.
---
 .../configs/public-reverse-proxy/nginx/acme_challenge.conf    | 4 +++-
 .../chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf
index f550057..1403e46 100644
--- a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf
+++ b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/acme_challenge.conf
@@ -12,7 +12,9 @@ map $host $upstream_acme_challenge_host {
     matrix.hamburg.ccc.de 172.31.17.150:31820;
     element.hamburg.ccc.de 172.31.17.151:31820;
     branding-resources.hamburg.ccc.de 172.31.17.151:31820;
-    next.hamburg.ccc.de 172.31.17.151:31820;
+    www.hamburg.ccc.de 172.31.17.151:31820;
+    hamburg.ccc.de 172.31.17.151:31820;
+    staging.hamburg.ccc.de 172.31.17.151:31820;
     spaceapi.hamburg.ccc.de 172.31.17.151:31820;
     zammad.hamburg.ccc.de 172.31.17.152:31820;
     c3cat.de 172.31.17.151:31820;
diff --git a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
index a2191d7..c3c05ed 100644
--- a/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
+++ b/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
@@ -31,7 +31,9 @@ stream {
         matrix.hamburg.ccc.de 172.31.17.150:8443;
         element.hamburg.ccc.de 172.31.17.151:8443;
         branding-resources.hamburg.ccc.de 172.31.17.151:8443;
-        next.hamburg.ccc.de 172.31.17.151:8443;
+        www.hamburg.ccc.de 172.31.17.151:8443;
+        hamburg.ccc.de 172.31.17.151:8443;
+        staging.hamburg.ccc.de 172.31.17.151:8443;
         spaceapi.hamburg.ccc.de 172.31.17.151:8443;
         zammad.hamburg.ccc.de 172.31.17.152:8443;
         c3cat.de 172.31.17.151:8443;

From 6787c7c0d76805a3635c20f8b1ec22ccfd33b6a5 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 22 Jan 2024 22:37:10 +0100
Subject: [PATCH 2/3] Use $request_uri instead of $uri, since $uri allows for
 injection

Thanks NixOS for pointing that out! :3
Also see here for an explanation:
https://reversebrain.github.io/2021/03/29/The-story-of-Nginx-and-uri-variable/
---
 .../configs/wiki/nginx/wiki.hamburg.ccc.de.conf        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
index 814a553..fd4e10c 100644
--- a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
+++ b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
@@ -46,7 +46,7 @@ server {
         expires 365d;
     }
 
-    location / { try_files $uri $uri/ @dokuwiki; }
+    location / { try_files $request_uri $request_uri/ @dokuwiki; }
 
     location @dokuwiki {
         # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
@@ -57,7 +57,7 @@ server {
     }
 
     location ~ \.php$ {
-        try_files $uri $uri/ /doku.php;
+        try_files $request_uri $request_uri/ /doku.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param REDIRECT_STATUS 200;
@@ -72,14 +72,14 @@ server {
     }
 
     location /ChaosVPN {
-        return 302 https://oldwiki.hamburg.ccc.de$uri;
+        return 302 https://oldwiki.hamburg.ccc.de$request_uri;
     }
 
     location ~ /EH(07|09|11) {
-        return 302 https://oldwiki.hamburg.ccc.de$uri;
+        return 302 https://oldwiki.hamburg.ccc.de$request_uri;
     }
 
     location /Easter {
-        return 302 https://oldwiki.hamburg.ccc.de$uri;
+        return 302 https://oldwiki.hamburg.ccc.de$request_uri;
     }
 }

From 81c8bfe16b311d5bf4635947fa02dfb65aea7f91 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Mon, 22 Jan 2024 22:41:12 +0100
Subject: [PATCH 3/3] Actually keep using $uri for DokuWiki stuff since
 otherwise it breaks

To be investigated if the $uri issue also applies for try_files.
---
 .../chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
index fd4e10c..ccdd224 100644
--- a/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
+++ b/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
@@ -46,7 +46,7 @@ server {
         expires 365d;
     }
 
-    location / { try_files $request_uri $request_uri/ @dokuwiki; }
+    location / { try_files $uri $uri/ @dokuwiki; }
 
     location @dokuwiki {
         # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
@@ -57,7 +57,7 @@ server {
     }
 
     location ~ \.php$ {
-        try_files $request_uri $request_uri/ /doku.php;
+        try_files $uri $uri/ /doku.php;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param REDIRECT_STATUS 200;