configure staging.diday.org
This commit is contained in:
parent
bbfe9eba6f
commit
7ae5d8dd80
SSH key fingerprint:
SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g
3 changed files with 32 additions and 8 deletions
|
|
@ -6,7 +6,7 @@
|
||||||
appendHttpConfig = ''
|
appendHttpConfig = ''
|
||||||
access_log off;
|
access_log off;
|
||||||
|
|
||||||
# load the DI-Day redirect map from the webroot
|
# load the DID redirect map from the webroot
|
||||||
map $request_uri $did_redirect_target {
|
map $request_uri $did_redirect_target {
|
||||||
include /var/www/diday.org/nginx-redirects.conf;
|
include /var/www/diday.org/nginx-redirects.conf;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
spaceapid_config_ccchh_credentials: ENC[AES256_GCM,data:5IClrKKMO/AztQuGabrnoRFItYNeEmVWGeafomVO94pL1RKzL1sCxBxnmzvJFPb/8Y+6FXMh+Mim4DP8B2RaJMLpmqCv+76N/5+527SZ6gn9i2Klg6q0kD9RzJv40qHq/NYLCa24tpcZDt7eB0EOgqLsKUmtX2LrQjjnN3NzjAevJGKQ5ypnb7xygjft2KrpvlR1hMnZ0XpSLDTNR1AmImxE24JtDaJKzwXbptr2IZvm1UFkNslxdqHPjN+N8+MSSLhqHy/FdcY2ADvsTX1jtjnjkb+9E30QOeCiFPKSmWtSGiQ9sPcQna1yr717Vk0EiNSAWDQ2fMZyJUgBXG6w3wiZbxfJmxvshLPs5KguF9NHER+Seps1QiE0p16c0IS/0Y24UYrK2GyUIcSReGufjxUFGTJHFSsNANac34H/RTs7BkoZ,iv:8WzTRaXVeH5GKmigMVTLVBnhy6nXZnTZHLAYHcqDs2s=,tag:jTdgz0gmruMWWDBQ3h70vw==,type:str]
|
spaceapid_config_ccchh_credentials: ENC[AES256_GCM,data:5IClrKKMO/AztQuGabrnoRFItYNeEmVWGeafomVO94pL1RKzL1sCxBxnmzvJFPb/8Y+6FXMh+Mim4DP8B2RaJMLpmqCv+76N/5+527SZ6gn9i2Klg6q0kD9RzJv40qHq/NYLCa24tpcZDt7eB0EOgqLsKUmtX2LrQjjnN3NzjAevJGKQ5ypnb7xygjft2KrpvlR1hMnZ0XpSLDTNR1AmImxE24JtDaJKzwXbptr2IZvm1UFkNslxdqHPjN+N8+MSSLhqHy/FdcY2ADvsTX1jtjnjkb+9E30QOeCiFPKSmWtSGiQ9sPcQna1yr717Vk0EiNSAWDQ2fMZyJUgBXG6w3wiZbxfJmxvshLPs5KguF9NHER+Seps1QiE0p16c0IS/0Y24UYrK2GyUIcSReGufjxUFGTJHFSsNANac34H/RTs7BkoZ,iv:8WzTRaXVeH5GKmigMVTLVBnhy6nXZnTZHLAYHcqDs2s=,tag:jTdgz0gmruMWWDBQ3h70vw==,type:str]
|
||||||
staging.diday.org:
|
staging.diday.org:
|
||||||
lego.env: ENC[AES256_GCM,data:PCah9T6gKMADx47bhT5fTcylnKjC8ZDjZl4E4FJRa1zUmihLe8hj65w=,iv:IrIgBPHvaQx2bjrUapzmcsMoQ+Md4edsJQmL+ykJddE=,tag:SV8igeQ2/o7V3oJUdYMc2Q==,type:str]
|
lego.env: ENC[AES256_GCM,data:FHCHBrjapNGSAtUnDTMZfeAZJqZV65d8COBJF8lzZmNBiw0jXyrmJ6rnUbYmnPN54T+1e8V0dzkdqmYX708tpFWagOPPQ9Ko+D+lV5yJ4hj/lhunuPSetWC/5dGBfN6CbA==,iv:WZ8CWu40ToF2mbpSUR6pDdUa6jcWPIUsWhVaGGBwx1E=,tag:8CohD3CwcUm2LzAJ8Lfimg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
age:
|
age:
|
||||||
- recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
|
- recipient: age19h7xtfmt3py3ydgl8d8fgh8uakxqxjr74flrxev3pgmvvx94kvtq5d932d
|
||||||
|
|
@ -21,8 +21,8 @@ sops:
|
||||||
ZE9rN3R4aHRXR0dBc2oxcEYrL1lxZncKuVocF84+ge1gyzfNjIxhwNgd8+kJIpxh
|
ZE9rN3R4aHRXR0dBc2oxcEYrL1lxZncKuVocF84+ge1gyzfNjIxhwNgd8+kJIpxh
|
||||||
yREbS2mrQ2zvSMtw9OoA0KJSpoHZfIiCwn2uYkQDPiGB/721JmA12Q==
|
yREbS2mrQ2zvSMtw9OoA0KJSpoHZfIiCwn2uYkQDPiGB/721JmA12Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2026-02-27T19:45:05Z"
|
lastmodified: "2026-02-27T20:40:06Z"
|
||||||
mac: ENC[AES256_GCM,data:7tjKwRlcOHEg+CU5BP20gzjLK2YFTDtoHmQlsQsiy4JjRNIeVDWtzTnwsMwQ9KuDaGaJqL8Tgmu7nUZyDPS44G58by19oLIRRFj1emaNUigJQGCqNM5zKA9wF7OZKpnK0y3adu7ydNrtoBvw//9vWPZ0WMUwJXHNsyKMOHs36Yo=,iv:kIaDPhrbDMogNAgOVYvyDeAgc/FmzwHANoB+O9WGuV0=,tag:J3jejVDNGLquiiBkNiHbtQ==,type:str]
|
mac: ENC[AES256_GCM,data:Nsburro0nSV8CLZsxLaFrwsE5EIz8qQOlclNynbRT03XkfaPN2Pup8UWg9QL34KGcGUweqtytxZvLWjwfJYEsIkLqi4ZfrpXpEfBowq5aNbWHzDJDW5QqZKaUPmMQxiPVm1EhXmyvfVdFEueOhfFLbuNUSvNWaFk/7l2utTeLrs=,iv:dSJDVYGdaunvRqj+EkPGy3qxR9suV0s2Mm26silX24M=,tag:hqA+4FpP2PwatRMnZUcUqw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2026-02-17T22:22:02Z"
|
- created_at: "2026-02-17T22:22:02Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
|
||||||
|
|
@ -7,15 +7,16 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
security.acme.certs."${domain}" = {
|
security.acme.certs."${domain}" = {
|
||||||
domain = "*.diday.org";
|
domain = "staging.diday.org";
|
||||||
|
extraDomainNames = [ "*.staging.diday.org" ];
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
dnsResolver = "45.54.76.1:53";
|
||||||
dnsProvider = "desec";
|
dnsProvider = "desec";
|
||||||
environmentFile = config.sops.secrets."staging.diday.org/lego.env".path;
|
environmentFile = config.sops.secrets."staging.diday.org/lego.env".path;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"${domain}" = {
|
"*.${domain}" = {
|
||||||
useACMEHost = "${domain}";
|
useACMEHost = "${domain}";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
|
|
@ -41,10 +42,33 @@ in
|
||||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
# header.
|
# header.
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
|
port_in_redirect off;
|
||||||
|
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
|
|
||||||
port_in_redirect off;
|
location / {
|
||||||
|
if ($host ~* "^(pr\d+)\.staging\.diday\.org$") {
|
||||||
|
root /var/www/staging.diday.org/$1/;
|
||||||
|
}
|
||||||
|
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
|
||||||
|
# deny access to the redirects config file
|
||||||
|
location = /nginx-redirects.conf {
|
||||||
|
deny all;
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
|
||||||
|
# dynamically redirect the user to the language they prefer
|
||||||
|
location = / {
|
||||||
|
set $lang "de";
|
||||||
|
if ($http_accept_language ~* "^en") {
|
||||||
|
set $lang "en";
|
||||||
|
}
|
||||||
|
return 302 /$lang/;
|
||||||
|
}
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue