From 193ccedbee7ab0bd2d67f120cc6a41407548f9b0 Mon Sep 17 00:00:00 2001 From: June Date: Tue, 27 Jan 2026 15:36:23 +0100 Subject: [PATCH] public-web-static: setup cpu.ccc.de with redirects from aliases --- .../virtualHosts/cpu.ccc.de.nix | 41 +++++++++++++++++-- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix index d0d01f3..a6c67f8 100644 --- a/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix @@ -1,13 +1,17 @@ { ... }: let - # For now under cpuccc.hamburg.ccc.de. - domain = "cpuccc.hamburg.ccc.de"; - # dataDir = "/var/www/${domain}"; - dataDir = "/var/www/cpu.ccc.de"; + domain = "cpu.ccc.de"; + dataDir = "/var/www/${domain}"; deployUser = "cpuccc-website-deploy"; in { + security.acme.certs."cpu.ccc.de".extraDomainNames = [ + "cpuccc.hamburg.ccc.de" + "lokal.ccc.de" + "local.ccc.de" + ]; + services.nginx.virtualHosts = { "acme-${domain}" = { enableACME = true; @@ -70,6 +74,35 @@ in ''; }; }; + + "cpuccc.hamburg.ccc.de" = { + forceSSL = true; + useACMEHost = "cpu.ccc.de"; + serverAliases = [ + "lokal.ccc.de" + "local.ccc.de" + ]; + + listen = [{ + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + }]; + + locations."/".return = "302 https://cpu.ccc.de"; + + extraConfig = '' + # Make use of the ngx_http_realip_module to set the $remote_addr and + # $remote_port to the client address and client port, when using proxy + # protocol. + # First set our proxy protocol proxy as trusted. + set_real_ip_from 172.31.17.140; + # Then tell the realip_module to get the addreses from the proxy protocol + # header. + real_ip_header proxy_protocol; + ''; + }; }; systemd.tmpfiles.rules = [