configure staging.diday.org

2026-02-27 21:21:39 +01:00 · 2026-02-27 21:21:39 +01:00 · 7ae5d8dd80
commit 7ae5d8dd80
parent bbfe9eba6f
3 changed files with 32 additions and 8 deletions
--- a/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix
+++ b/config/hosts/public-web-static/virtualHosts/staging.diday.org.nix
@ -7,15 +7,16 @@ let
 in
 {
  security.acme.certs."${domain}" = {
-    domain = "*.diday.org";
+    domain = "staging.diday.org";
+    extraDomainNames = [ "*.staging.diday.org" ];
    group = "nginx";
-    server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+    dnsResolver = "45.54.76.1:53";
    dnsProvider = "desec";
    environmentFile = config.sops.secrets."staging.diday.org/lego.env".path;
  };

  services.nginx.virtualHosts = {
-    "${domain}" = {
+    "*.${domain}" = {
      useACMEHost = "${domain}";
      forceSSL = true;

@ -41,10 +42,33 @@ in
        # Then tell the realip_module to get the addreses from the proxy protocol
        # header.
        real_ip_header proxy_protocol;
+        port_in_redirect off;

        error_page 404 /404.html;

-        port_in_redirect off;
+        location / {
+          if ($host ~* "^(pr\d+)\.staging\.diday\.org$") {
+            root /var/www/staging.diday.org/$1/;
+          }
+
+          index index.html;
+          try_files $uri $uri/ =404;
+
+          # deny access to the redirects config file
+          location = /nginx-redirects.conf {
+            deny all;
+            return 404;
+          }
+
+          # dynamically redirect the user to the language they prefer
+          location = / {
+            set $lang "de";
+            if ($http_accept_language ~* "^en") {
+              set $lang "en";
+            }
+            return 302 /$lang/;
+          }
+        }
      '';
    };
  };