From: Christian Heller Date: Mon, 11 Sep 2023 01:07:41 +0000 (+0200) Subject: Add PlomTube mirror setup. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/decks/%7B%7Bdb.prefix%7D%7D/static/todo?a=commitdiff_plain;h=174acd1989d140882900b51dac88a54283e0333f;p=config Add PlomTube mirror setup. --- diff --git a/bookworm/etc_files/static_websites/etc/nginx/sites-available/status.plomlompom.com.nginx b/bookworm/etc_files/static_websites/etc/nginx/sites-available/status.plomlompom.com.nginx deleted file mode 100644 index 99c19d2..0000000 --- a/bookworm/etc_files/static_websites/etc/nginx/sites-available/status.plomlompom.com.nginx +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/status.plomlompom.com/; - - location = / { - return 301 /users/plomlompom.html; - } - - # re-direct to .html endings - location ~ ^/(notice|users)/([^\.]*)/?$ { - rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent; - } -} diff --git a/bookworm/etc_files/status.plomlompom.com/etc/nginx/sites-available/status.plomlompom.com.nginx b/bookworm/etc_files/status.plomlompom.com/etc/nginx/sites-available/status.plomlompom.com.nginx new file mode 100644 index 0000000..99c19d2 --- /dev/null +++ b/bookworm/etc_files/status.plomlompom.com/etc/nginx/sites-available/status.plomlompom.com.nginx @@ -0,0 +1,16 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/status.plomlompom.com/; + + location = / { + return 301 /users/plomlompom.html; + } + + # re-direct to .html endings + location ~ ^/(notice|users)/([^\.]*)/?$ { + rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent; + } +} diff --git a/bookworm/etc_files/tube.plomlompom.com/etc/nginx/sites-available/tube.plomlompom.com.nginx b/bookworm/etc_files/tube.plomlompom.com/etc/nginx/sites-available/tube.plomlompom.com.nginx new file mode 100644 index 0000000..57b084a --- /dev/null +++ b/bookworm/etc_files/tube.plomlompom.com/etc/nginx/sites-available/tube.plomlompom.com.nginx @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/tube.plomlompom.com/; + + # re-direct to .html endings + location ~ ^/videos/watch/([^\.]*)/?$ { + rewrite ^/videos/watch/([^\./]*)/?$ /videos/watch/$1.html permanent; + } +} diff --git a/bookworm/setup_scripts/setup_status.plomlompom.com.sh b/bookworm/setup_scripts/setup_status.plomlompom.com.sh index d5e6d18..730df3e 100755 --- a/bookworm/setup_scripts/setup_status.plomlompom.com.sh +++ b/bookworm/setup_scripts/setup_status.plomlompom.com.sh @@ -10,8 +10,8 @@ else domain="$1" fi # Install configs, set up firewall. -./install_for_target.sh static_websites -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" static_websites +./install_for_target.sh status.plomlompom.com +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" status.plomlompom.com nft -f /etc/nftables.conf # Set up letsencrypt certificate. TODO: Is it auto-renewed? diff --git a/bookworm/setup_scripts/setup_tube.plomlompom.com.sh b/bookworm/setup_scripts/setup_tube.plomlompom.com.sh new file mode 100755 index 0000000..efb0c06 --- /dev/null +++ b/bookworm/setup_scripts/setup_tube.plomlompom.com.sh @@ -0,0 +1,27 @@ +#!/bin/sh +set -e +. ./misc.sh + +expect_setup_finished_file setup_web_has_been_run setup_web.sh + +if [ -z "$1"]; then + domain="tube.plomlompom.com" +else + domain="$1" +fi +# Install configs, set up firewall. +./install_for_target.sh tube.plomlompom.com +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" tube.plomlompom.com +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Prepare NGINX for tube.plomlompom.com. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/tube.plomlompom.com.nginx +ln -s /etc/nginx/sites-available/tube.plomlompom.com.nginx /etc/nginx/sites-enabled/tube.plomlompom.com.nginx + +service nginx restart +