diff options
| author | Lain Iwakura <lain@lainmail.xyz> | 2025-12-30 02:51:33 +0300 |
|---|---|---|
| committer | Lain Iwakura <lain@lainmail.xyz> | 2025-12-30 02:51:33 +0300 |
| commit | be91068d9478c60c84ca3b0ce73dc50b810e8e13 (patch) | |
| tree | fe234f49fd22f382ad525a55a789293e26b5f5e7 | |
| parent | feat(git): new domain! (diff) | |
| download | infra-be91068d9478c60c84ca3b0ce73dc50b810e8e13.tar.gz infra-be91068d9478c60c84ca3b0ce73dc50b810e8e13.zip | |
feat(chat): new domain
| -rw-r--r-- | etc/acme-client.conf | 6 | ||||
| -rw-r--r-- | etc/httpd.conf | 5 | ||||
| -rw-r--r-- | etc/relayd.conf | 14 |
3 files changed, 17 insertions, 8 deletions
diff --git a/etc/acme-client.conf b/etc/acme-client.conf index 28d48c9..72432d1 100644 --- a/etc/acme-client.conf +++ b/etc/acme-client.conf @@ -21,3 +21,9 @@ domain git.iwakura.page { domain full chain certificate "/etc/ssl/git.iwakura.page.crt" sign with letsencrypt } + +domain chat.iwakura.page { + domain key "/etc/ssl/private/chat.iwakura.page.key" + domain full chain certificate "/etc/ssl/chat.iwakura.page.crt" + sign with letsencrypt +} diff --git a/etc/httpd.conf b/etc/httpd.conf index c8de2f4..3c5a94a 100644 --- a/etc/httpd.conf +++ b/etc/httpd.conf @@ -32,11 +32,12 @@ server "text.iwakura.page" { block return 301 "https://text.iwakura.page$REQUEST_URI" } -server "git.iwakura.page" { +server "chat.iwakura.page" { listen on * port 80 + listen on * port 7070 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } - block return 301 "https://git.iwakura.page$REQUEST_URI" + block return 301 "https://iwakura.page$REQUEST_URI" } diff --git a/etc/relayd.conf b/etc/relayd.conf index 46342c1..40f0298 100644 --- a/etc/relayd.conf +++ b/etc/relayd.conf @@ -1,7 +1,6 @@ ip4="193.26.157.243" table <www> { 127.0.0.1 } -table <wwwtext> { REPLACEME } -table <wwwgit> { REPLACEME } +table <home> { REPLACEME } log connection @@ -14,10 +13,12 @@ http protocol https { tls { keypair iwakura.page } tls { keypair text.iwakura.page } tls { keypair git.iwakura.page } + tls { keypair chat.iwakura.page } match request header "Host" value "iwakura.page" forward to <www> match request header "Host" value "www.iwakura.page" forward to <www> - match request header "Host" value "text.iwakura.page" forward to <wwwtext> - match request header "Host" value "git.iwakura.page" forward to <wwwgit> + match request header "Host" value "text.iwakura.page" forward to <home> + match request header "Host" value "git.iwakura.page" forward to <home> + match request header "Host" value "chat.iwakura.page" forward to <www> match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload" match response header append "Cache-Control" value "public, max-age=86400" match response header append "Content-Security-Policy" value "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none';" @@ -32,6 +33,7 @@ relay wwwtls { listen on $ip4 port 443 tls protocol https forward to <www> port 8080 check tcp - forward to <wwwtext> port 8834 check tcp - forward to <wwwgit> port 8855 check tcp + forward to <www> port 7070 check tcp + forward to <home> port 8834 check tcp + forward to <home> port 8855 check tcp } |