diff options
| author | Lain Iwakura <lain@lainmail.xyz> | 2025-12-29 04:56:43 +0300 |
|---|---|---|
| committer | Lain Iwakura <lain@lainmail.xyz> | 2025-12-29 04:56:43 +0300 |
| commit | e1380c365a3a9af71079014b95a432260df1a96c (patch) | |
| tree | 68440881e49a9adb3d44123bb5af3c5d22a1e051 | |
| parent | feat(all): init (diff) | |
| download | infra-e1380c365a3a9af71079014b95a432260df1a96c.tar.gz infra-e1380c365a3a9af71079014b95a432260df1a96c.zip | |
feat(etc): new domain
| -rw-r--r-- | etc/acme-client.conf | 6 | ||||
| -rw-r--r-- | etc/httpd.conf | 9 | ||||
| -rw-r--r-- | etc/relayd.conf | 14 |
3 files changed, 22 insertions, 7 deletions
diff --git a/etc/acme-client.conf b/etc/acme-client.conf index 913a2b2..7fce4f5 100644 --- a/etc/acme-client.conf +++ b/etc/acme-client.conf @@ -9,3 +9,9 @@ domain iwakura.page { domain full chain certificate "/etc/ssl/iwakura.page.crt" sign with letsencrypt } + +domain text.iwakura.page { + domain key "/etc/ssl/private/text.iwakura.page.key" + domain full chain certificate "/etc/ssl/text.iwakura.page.crt" + sign with letsencrypt +} diff --git a/etc/httpd.conf b/etc/httpd.conf index 8d7cbc6..669e27a 100644 --- a/etc/httpd.conf +++ b/etc/httpd.conf @@ -22,3 +22,12 @@ server "iwakura.page" { } block return 301 "https://iwakura.page$REQUEST_URI" } + +server "text.iwakura.page" { + listen on * port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + block return 301 "https://text.iwakura.page$REQUEST_URI" +} diff --git a/etc/relayd.conf b/etc/relayd.conf index 4348d63..bd3763d 100644 --- a/etc/relayd.conf +++ b/etc/relayd.conf @@ -1,5 +1,7 @@ ip4="193.26.157.243" table <www> { 127.0.0.1 } +table <wwwtext> { REPLACEME } + log connection http protocol https { @@ -7,13 +9,11 @@ http protocol https { match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match request header set "Connection" value "close" - tcp { sack, backlog 128 } tls { keypair iwakura.page } - match request header "Host" value "iwakura.page" forward to <www> match request header "Host" value "www.iwakura.page" forward to <www> - + match request header "Host" value "text.iwakura.page" forward to <wwwtext> match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload" match response header append "Cache-Control" value "public, max-age=86400" match response header append "Content-Security-Policy" value "default-src 'self'; script-src 'self'; object-src 'none';" @@ -21,12 +21,12 @@ http protocol https { match response header append "X-Frame-Options" value "SAMEORIGIN" match response header append "Referrer-Policy" value "no-referrer" match response header append "Permissions-Policy" value "interest-cohort=()" - match request header set "Accept-Encoding" value "gzip, deflate" } relay wwwtls { - listen on $ip4 port 443 tls - protocol https - forward to <www> port 8080 check icmp + listen on $ip4 port 443 tls + protocol https + forward to <www> port 8080 check icmp + forward to <wwwtext> port 8834 check icmp } |