caddy: add redirect from old domain
This commit is contained in:
@@ -41,6 +41,9 @@ let
|
|||||||
hugo --minify -d $out;
|
hugo --minify -d $out;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
newDomain = service_configs.https.domain;
|
||||||
|
oldDomain = service_configs.https.old_domain;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
@@ -52,29 +55,52 @@ in
|
|||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
email = "titaniumtown@proton.me";
|
email = "titaniumtown@proton.me";
|
||||||
|
|
||||||
|
# Enable on-demand TLS for old domain redirects
|
||||||
|
# Certs are issued dynamically when subdomains are accessed
|
||||||
|
globalConfig = ''
|
||||||
|
on_demand_tls {
|
||||||
|
ask http://localhost:9123/check
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Internal endpoint to validate on-demand TLS requests
|
||||||
|
# Only allows certs for *.${oldDomain}
|
||||||
|
extraConfig = ''
|
||||||
|
http://localhost:9123 {
|
||||||
|
@allowed expression {query.domain}.endsWith(".${oldDomain}") || {query.domain} == "${oldDomain}" || {query.domain} == "www.${oldDomain}"
|
||||||
|
respond @allowed 200
|
||||||
|
respond 403
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
${service_configs.https.domain} = {
|
${newDomain} = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
root * ${hugoWebsite}
|
root * ${hugoWebsite}
|
||||||
file_server browse
|
file_server browse
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serverAliases = [ "www.${service_configs.https.domain}" ];
|
serverAliases = [ "www.${newDomain}" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Redirect old domain (bare) to new domain
|
# Redirect old domain (bare + www) to new domain
|
||||||
${service_configs.https.old_domain} = {
|
${oldDomain} = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
redir https://${service_configs.https.domain}{uri} permanent
|
redir https://${newDomain}{uri} permanent
|
||||||
'';
|
'';
|
||||||
serverAliases = [ "www.${service_configs.https.old_domain}" ];
|
serverAliases = [ "www.${oldDomain}" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Redirect old domain (wildcard subdomains) to new domain
|
# Wildcard redirect for all old domain subdomains
|
||||||
"*.${service_configs.https.old_domain}" = {
|
# Uses on-demand TLS - certs issued automatically on first request
|
||||||
|
"*.${oldDomain}" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# {labels.2} extracts the subdomain from *.gardling.com
|
tls {
|
||||||
redir https://{labels.2}.${service_configs.https.domain}{uri} permanent
|
on_demand
|
||||||
|
}
|
||||||
|
# {labels.2} extracts subdomain from *.gardling.com
|
||||||
|
redir https://{labels.2}.${newDomain}{uri} permanent
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user