Deploy new website under hamburg.ccc.de

Make next.hamburg.ccc.de hamburg.ccc.de and add redirects to handle URLs
of the old website deployment properly.
Also redirect the old spaceapi endpoint to the new one.

Add staging.hamburg.ccc.de for hosting upcoming changes (PRs).
Also give it a robots.txt, since its contents don't need to show up in
search engines.

Add www.hamburg.ccc.de and let it redirect to hamburg.ccc.de.
This commit is contained in:
June 2024-01-22 23:08:38 +01:00
parent 485ed0fec2
commit 394f4fe562
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 148 additions and 7 deletions

View file

@ -5,7 +5,9 @@
./branding-resources.hamburg.ccc.de.nix
./c3cat.de.nix
./element.hamburg.ccc.de.nix
./next.hamburg.ccc.de.nix
./hamburg.ccc.de.nix
./spaceapi.hamburg.ccc.de.nix
./staging.hamburg.ccc.de.nix
./www.hamburg.ccc.de.nix
];
}

View file

@ -0,0 +1,87 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts = {
"acme-hamburg.ccc.de" = {
enableACME = true;
serverName = "hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "/var/www/hamburg.ccc.de/";
# Redirect the old spaceapi endpoint to the new one.
locations."/dooris/status.json" = {
return = "302 https://spaceapi.hamburg.ccc.de/";
};
# Redirect pages starting with 4 digits for redirecting the old blog
# article URLs.
# We want to redirect /yyyy/mm/dd/slug to /blog/yyyy/mm/dd/slug, but we
# just match the first 4 digits for simplicity.
locations."~ \"^/[\\d]{4}\"" = {
return = "302 https://$host/blog$request_uri";
};
# Redirect pages, which previously lived on the old website, to their
# successors in the wiki.
locations."/club/satzung" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:satzung";
};
locations."/club/hausordnung" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:hausordnung";
};
locations."/club/vertrauenspersonen" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:vertrauenspersonen";
};
locations."/club/beitragsordnung" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:beitragsordnung";
};
locations."/club/mitgliedschaft" = {
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:foemi-formular";
};
locations."/club/geschichte" = {
return = "302 https://wiki.hamburg.ccc.de/club:geschichte";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
users.users.ccchh-website-deploy = {
isNormalUser = true;
group = "ccchh-website-deploy";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
];
};
users.groups.ccchh-website-deploy = { };
}

View file

@ -2,9 +2,9 @@
{
services.nginx.virtualHosts = {
"acme-next.hamburg.ccc.de" = {
"acme-staging.hamburg.ccc.de" = {
enableACME = true;
serverName = "next.hamburg.ccc.de";
serverName = "staging.hamburg.ccc.de";
listen = [
{
@ -14,9 +14,9 @@
];
};
"next.hamburg.ccc.de" = {
"staging.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "next.hamburg.ccc.de";
useACMEHost = "staging.hamburg.ccc.de";
listen = [
{
@ -27,7 +27,13 @@
}
];
root = "/var/www/next.hamburg.ccc.de/";
root = "/var/www/staging.hamburg.ccc.de/";
# Disallow *, since this is staging and doesn't need to be in any search
# results.
locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
@ -46,7 +52,7 @@
isNormalUser = true;
group = "ccchh-website-deploy";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
];
};
users.groups.ccchh-website-deploy = { };

View file

@ -0,0 +1,46 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts = {
"acme-www.hamburg.ccc.de" = {
enableACME = true;
serverName = "www.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"www.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "www.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
return = "302 https://hamburg.ccc.de$request_uri";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
}