vegard
66ebe58ff8
Tre hovedkomponenter:
1. custom_domain.rs — ny modul i maskinrommet:
- GET /internal/verify-domain?domain= — Caddy on-demand TLS callback.
Returnerer 200 hvis domenet er registrert i en publishing-trait, 404 ellers.
- DNS-validering (validate_dns): sjekker at domenet peker til serverens IP
via system DNS resolver. Kalles ved oppdatering av publishing-trait.
- Domene-basert serving: /custom-domain/index, /custom-domain/{article_id},
/custom-domain/feed.xml — Caddy rewriter custom domain-forespørsler hit,
Host-header brukes til å finne samlingen.
- Re-rendering: rerender_collection_articles() enqueuer render-jobber
for alle artikler + forside når custom_domain endres.
2. Caddy on-demand TLS (Caddyfile):
- Catch-all :443-blokk med on_demand ask-callback til maskinrommet.
- Rewrite-regler: / → /custom-domain/index, /feed.xml → /custom-domain/feed.xml,
/* → /custom-domain/{uri}. Host-header bevares for domene-oppslag.
3. intentions.rs — utvidet update_node:
- DNS-validering ved setting av custom_domain i publishing-trait.
- Detekterer endring i custom_domain og trigger re-rendering av
alle artikler (canonical URL endres).
Eksisterende kode (publishing.rs, rss.rs) bruker allerede custom_domain
for base_url/canonical_url — ingen endringer nødvendig der.
Ref: docs/concepts/publisering.md § "Custom domain-mekanisme"
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
110 lines
3.1 KiB
Caddyfile
110 lines
3.1 KiB
Caddyfile
# Synops — Caddyfile
|
|
#
|
|
# Eneste tjeneste med eksponerte porter (80/443).
|
|
# Alt annet rutes internt via Docker-nettverket sidelinja-net.
|
|
# Auto-TLS via Let's Encrypt for alle domener.
|
|
|
|
# === Felles favicon-snippet ===
|
|
(favicon) {
|
|
handle /favicon.ico {
|
|
root * /srv/static
|
|
file_server
|
|
}
|
|
handle /apple-touch-icon.png {
|
|
root * /srv/static
|
|
file_server
|
|
}
|
|
handle /icon-*.png {
|
|
root * /srv/static
|
|
file_server
|
|
}
|
|
}
|
|
|
|
# === SSO ===
|
|
auth.sidelinja.org {
|
|
reverse_proxy authentik-server:9000
|
|
}
|
|
|
|
# === Sidelinja (hovedapplikasjon) ===
|
|
sidelinja.org {
|
|
import favicon
|
|
|
|
# SpacetimeDB (WebSocket)
|
|
handle_path /spacetime/* {
|
|
reverse_proxy spacetimedb:3000
|
|
}
|
|
|
|
# Podcast media (statiske filer med byte-range support)
|
|
handle_path /media/* {
|
|
root * /srv/media
|
|
file_server {
|
|
browse
|
|
}
|
|
}
|
|
|
|
# SvelteKit (frontend + SSR API)
|
|
# Aktiveres når SvelteKit-containeren er klar (fase 3)
|
|
# reverse_proxy sveltekit:3000
|
|
|
|
header Content-Type text/html
|
|
respond `<!DOCTYPE html><html><head><meta charset="utf-8"><title>sidelinja.org</title><link rel="icon" href="/favicon.ico" sizes="32x32"><link rel="icon" href="/icon-192.png" type="image/png" sizes="192x192"><link rel="apple-touch-icon" href="/apple-touch-icon.png"></head><body><p>sidelinja.org — underveis!</p></body></html>` 200
|
|
}
|
|
|
|
# === Maskinrommet API ===
|
|
api.sidelinja.org {
|
|
reverse_proxy host.docker.internal:3100
|
|
}
|
|
|
|
# === Forgejo (Git) ===
|
|
git.sidelinja.org {
|
|
reverse_proxy forgejo:3000
|
|
}
|
|
|
|
# === Synops (plattformdomene) ===
|
|
# Subdomener (api.synops.no, auth.synops.no osv.) legges til individuelt
|
|
# etter behov — HTTP-challenge fungerer per subdomain uten DNS-plugin.
|
|
synops.no {
|
|
import favicon
|
|
|
|
header Content-Type text/html
|
|
respond `<!DOCTYPE html><html><head><meta charset="utf-8"><title>synops.no</title><link rel="icon" href="/favicon.ico" sizes="32x32"><link rel="icon" href="/icon-192.png" type="image/png" sizes="192x192"><link rel="apple-touch-icon" href="/apple-touch-icon.png"></head><body><p>synops.no — underveis!</p></body></html>` 200
|
|
}
|
|
|
|
# === Vegard.info ===
|
|
vegard.info {
|
|
import favicon
|
|
|
|
header Content-Type text/html
|
|
respond `<!DOCTYPE html><html><head><meta charset="utf-8"><title>vegard.info</title><link rel="icon" href="/favicon.ico" sizes="32x32"><link rel="icon" href="/icon-192.png" type="image/png" sizes="192x192"><link rel="apple-touch-icon" href="/apple-touch-icon.png"></head><body><p>vegard.info — underveis!</p></body></html>` 200
|
|
}
|
|
|
|
# === Custom domains for publiseringssamlinger ===
|
|
# On-demand TLS: Caddy henter sertifikat kun for domener som maskinrommet
|
|
# bekrefter via /internal/verify-domain. Forespørsler rutes til
|
|
# maskinrommets /custom-domain/-ruter med Host-headeren bevart.
|
|
# Ref: docs/concepts/publisering.md § "Custom domain-mekanisme"
|
|
:443 {
|
|
tls {
|
|
on_demand {
|
|
ask http://host.docker.internal:3100/internal/verify-domain
|
|
}
|
|
}
|
|
|
|
# RSS/Atom feed
|
|
handle /feed.xml {
|
|
rewrite * /custom-domain/feed.xml
|
|
reverse_proxy host.docker.internal:3100
|
|
}
|
|
|
|
# Forside
|
|
handle / {
|
|
rewrite * /custom-domain/index
|
|
reverse_proxy host.docker.internal:3100
|
|
}
|
|
|
|
# Artikler (alt annet)
|
|
handle {
|
|
rewrite * /custom-domain{uri}
|
|
reverse_proxy host.docker.internal:3100
|
|
}
|
|
}
|