forked from CCCHH/nix-infra
Deploy new website under hamburg.ccc.de
Make next.hamburg.ccc.de hamburg.ccc.de and add redirects to handle URLs of the old website deployment properly. Also redirect the old spaceapi endpoint to the new one. Add staging.hamburg.ccc.de for hosting upcoming changes (PRs). Also give it a robots.txt, since its contents don't need to show up in search engines. Add www.hamburg.ccc.de and let it redirect to hamburg.ccc.de.
This commit is contained in:
parent
485ed0fec2
commit
394f4fe562
4 changed files with 148 additions and 7 deletions
|
@ -5,7 +5,9 @@
|
|||
./branding-resources.hamburg.ccc.de.nix
|
||||
./c3cat.de.nix
|
||||
./element.hamburg.ccc.de.nix
|
||||
./next.hamburg.ccc.de.nix
|
||||
./hamburg.ccc.de.nix
|
||||
./spaceapi.hamburg.ccc.de.nix
|
||||
./staging.hamburg.ccc.de.nix
|
||||
./www.hamburg.ccc.de.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -0,0 +1,87 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-hamburg.ccc.de" = {
|
||||
enableACME = true;
|
||||
serverName = "hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"hamburg.ccc.de" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}
|
||||
];
|
||||
|
||||
root = "/var/www/hamburg.ccc.de/";
|
||||
|
||||
# Redirect the old spaceapi endpoint to the new one.
|
||||
locations."/dooris/status.json" = {
|
||||
return = "302 https://spaceapi.hamburg.ccc.de/";
|
||||
};
|
||||
|
||||
# Redirect pages starting with 4 digits for redirecting the old blog
|
||||
# article URLs.
|
||||
# We want to redirect /yyyy/mm/dd/slug to /blog/yyyy/mm/dd/slug, but we
|
||||
# just match the first 4 digits for simplicity.
|
||||
locations."~ \"^/[\\d]{4}\"" = {
|
||||
return = "302 https://$host/blog$request_uri";
|
||||
};
|
||||
|
||||
# Redirect pages, which previously lived on the old website, to their
|
||||
# successors in the wiki.
|
||||
locations."/club/satzung" = {
|
||||
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:satzung";
|
||||
};
|
||||
locations."/club/hausordnung" = {
|
||||
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:hausordnung";
|
||||
};
|
||||
locations."/club/vertrauenspersonen" = {
|
||||
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:vertrauenspersonen";
|
||||
};
|
||||
locations."/club/beitragsordnung" = {
|
||||
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:beitragsordnung";
|
||||
};
|
||||
locations."/club/mitgliedschaft" = {
|
||||
return = "302 https://wiki.hamburg.ccc.de/verein:offizielles:foemi-formular";
|
||||
};
|
||||
locations."/club/geschichte" = {
|
||||
return = "302 https://wiki.hamburg.ccc.de/club:geschichte";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
users.users.ccchh-website-deploy = {
|
||||
isNormalUser = true;
|
||||
group = "ccchh-website-deploy";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
|
||||
];
|
||||
};
|
||||
users.groups.ccchh-website-deploy = { };
|
||||
}
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-next.hamburg.ccc.de" = {
|
||||
"acme-staging.hamburg.ccc.de" = {
|
||||
enableACME = true;
|
||||
serverName = "next.hamburg.ccc.de";
|
||||
serverName = "staging.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
|
@ -14,9 +14,9 @@
|
|||
];
|
||||
};
|
||||
|
||||
"next.hamburg.ccc.de" = {
|
||||
"staging.hamburg.ccc.de" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "next.hamburg.ccc.de";
|
||||
useACMEHost = "staging.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
|
@ -27,7 +27,13 @@
|
|||
}
|
||||
];
|
||||
|
||||
root = "/var/www/next.hamburg.ccc.de/";
|
||||
root = "/var/www/staging.hamburg.ccc.de/";
|
||||
|
||||
# Disallow *, since this is staging and doesn't need to be in any search
|
||||
# results.
|
||||
locations."/robots.txt" = {
|
||||
return = "200 \"User-agent: *\\nDisallow: *\\n\"";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
|
@ -46,7 +52,7 @@
|
|||
isNormalUser = true;
|
||||
group = "ccchh-website-deploy";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb next.hamburg.ccc.de deployment key"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILX847OMjYC+he1nbV37rrdCQVGINFY43CwLjZDM9iyb ccchh website deployment key"
|
||||
];
|
||||
};
|
||||
users.groups.ccchh-website-deploy = { };
|
|
@ -0,0 +1,46 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-www.hamburg.ccc.de" = {
|
||||
enableACME = true;
|
||||
serverName = "www.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"www.hamburg.ccc.de" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "www.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
proxyProtocol = true;
|
||||
}
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
return = "302 https://hamburg.ccc.de$request_uri";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue