summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/acme-client.conf6
-rw-r--r--etc/httpd.conf9
-rw-r--r--etc/relayd.conf14
3 files changed, 22 insertions, 7 deletions
diff --git a/etc/acme-client.conf b/etc/acme-client.conf
index 913a2b2..7fce4f5 100644
--- a/etc/acme-client.conf
+++ b/etc/acme-client.conf
@@ -9,3 +9,9 @@ domain iwakura.page {
     domain full chain certificate "/etc/ssl/iwakura.page.crt"
     sign with letsencrypt
 }
+
+domain text.iwakura.page {
+    domain key "/etc/ssl/private/text.iwakura.page.key"
+    domain full chain certificate "/etc/ssl/text.iwakura.page.crt"
+    sign with letsencrypt
+}
diff --git a/etc/httpd.conf b/etc/httpd.conf
index 8d7cbc6..669e27a 100644
--- a/etc/httpd.conf
+++ b/etc/httpd.conf
@@ -22,3 +22,12 @@ server "iwakura.page" {
     }
     block return 301 "https://iwakura.page$REQUEST_URI"
 }
+
+server "text.iwakura.page" {
+    listen on * port 80
+    location "/.well-known/acme-challenge/*" {
+        root "/acme"
+        request strip 2
+    }
+    block return 301 "https://text.iwakura.page$REQUEST_URI"
+}
diff --git a/etc/relayd.conf b/etc/relayd.conf
index 4348d63..bd3763d 100644
--- a/etc/relayd.conf
+++ b/etc/relayd.conf
@@ -1,5 +1,7 @@
 ip4="193.26.157.243"
 table <www> { 127.0.0.1 }
+table <wwwtext> { REPLACEME }
+
 log connection
 
 http protocol https {
@@ -7,13 +9,11 @@ http protocol https {
     match request header append "X-Forwarded-By" \
         value "$SERVER_ADDR:$SERVER_PORT"
     match request header set "Connection" value "close"
-    
     tcp { sack, backlog 128 }
     tls { keypair iwakura.page }
-
     match request header "Host" value "iwakura.page" forward to <www>
     match request header "Host" value "www.iwakura.page" forward to <www>
-
+    match request header "Host" value "text.iwakura.page" forward to <wwwtext>
     match response header append "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
     match response header append "Cache-Control" value "public, max-age=86400"
     match response header append "Content-Security-Policy" value "default-src 'self'; script-src 'self'; object-src 'none';"
@@ -21,12 +21,12 @@ http protocol https {
     match response header append "X-Frame-Options" value "SAMEORIGIN"
     match response header append "Referrer-Policy" value "no-referrer"
     match response header append "Permissions-Policy" value "interest-cohort=()"
-    
     match request header set "Accept-Encoding" value "gzip, deflate"
 }
 
 relay wwwtls {
-        listen on $ip4 port 443 tls
-        protocol https
-        forward to <www> port 8080 check icmp
+    listen on $ip4 port 443 tls
+    protocol https
+    forward to <www> port 8080 check icmp
+    forward to <wwwtext> port 8834 check icmp
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-12-30 06:32:03 +0000