Improve handling of startup (pre-certs) and 404 on unknown domains
This commit is contained in:
parent
ba073262e7
commit
55354732ce
|
@ -11,6 +11,7 @@ CMD ["/bin/sh", "/entrypoint.sh"]
|
|||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
|
||||
tini nginx supervisor gettext-base libjs-bootstrap4 libjs-jquery \
|
||||
&& rm /etc/nginx/sites-enabled/default \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& apt-get autoremove -y \
|
||||
&& rm -rf /var/cache/*
|
||||
|
|
|
@ -4,6 +4,9 @@ CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
|
|||
|
||||
while sleep 10; do
|
||||
if test -f "$CERT_PATH"; then
|
||||
if test -f /etc/nginx/sites-enabled/startup; then
|
||||
rm /etc/nginx/sites-enabled/startup;
|
||||
fi
|
||||
/usr/local/bin/render-template.sh "/etc/nginx/templates/snikket-common" "/etc/nginx/snippets/snikket-common.conf"
|
||||
for proto in http https; do
|
||||
/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
|
||||
|
|
|
@ -8,6 +8,8 @@ if test -f "$CERT_PATH"; then
|
|||
for proto in http https; do
|
||||
/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
|
||||
done
|
||||
else
|
||||
/usr/local/bin/render-template.sh "/etc/nginx/templates/startup.template" "/etc/nginx/sites-enabled/startup";
|
||||
fi
|
||||
|
||||
exec supervisord -c /etc/supervisord/supervisord.conf
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
|
||||
<title>Snikket | Page not found</title>
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
|
||||
<link rel="stylesheet" href="/static/css/snikket.css">
|
||||
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
|
||||
<link rel="manifest" href="/site.webmanifest">
|
||||
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
|
||||
<meta name="msapplication-TileColor" content="#fbd308">
|
||||
<meta name="theme-color" content="#fbd308">
|
||||
</head>
|
||||
<body style="background-color: #eee">
|
||||
<div style="width: 80%; margin-top: 10%; margin-left: auto; margin-right: auto; background-color: #f8f8f8; padding: 3em;">
|
||||
<img src="/static/img/snikket-logo-text.svg" alt="Snikket" style="width: 60%">
|
||||
<h1>Oops! We couldn't find what you were looking for.</h1>
|
||||
<p>Check the address you entered, perhaps?</p>
|
||||
<code>404 Not Found</code>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,29 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
|
||||
<title>Snikket | Unknown domain</title>
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
|
||||
<link rel="stylesheet" href="/static/css/snikket.css">
|
||||
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
|
||||
<link rel="manifest" href="/site.webmanifest">
|
||||
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
|
||||
<meta name="msapplication-TileColor" content="#fbd308">
|
||||
<meta name="theme-color" content="#fbd308">
|
||||
</head>
|
||||
<body style="background-color: #eee">
|
||||
<div style="width: 80%; margin-top: 10%; margin-left: auto; margin-right: auto; background-color: #f8f8f8; padding: 3em;">
|
||||
<img src="/static/img/snikket-logo-text.svg" alt="Snikket" style="width: 60%">
|
||||
<h1>Oops! Site not found.</h1>
|
||||
<p>The web address you entered does not seem to match the domain of your Snikket installation.</p>
|
||||
<p>If this is unexpected, check your DNS settings and your Snikket configuration are both correct.</p>
|
||||
<code>404 Not Found</code>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,30 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
|
||||
<title>Snikket | Temporarily unavailable</title>
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
|
||||
<link rel="stylesheet" href="/static/css/snikket.css">
|
||||
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
|
||||
<link rel="manifest" href="/site.webmanifest">
|
||||
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
|
||||
<meta name="msapplication-TileColor" content="#fbd308">
|
||||
<meta name="theme-color" content="#fbd308">
|
||||
</head>
|
||||
<body style="background-color: #eee">
|
||||
<div style="width: 80%; margin-top: 10%; margin-left: auto; margin-right: auto; background-color: #f8f8f8; padding: 3em;">
|
||||
<img src="/static/img/snikket-logo-text.svg" alt="Snikket" style="width: 60%">
|
||||
<h1>Oops! A technical glitch.</h1>
|
||||
<p>There was a problem connecting to the Snikket service of this site.</p>
|
||||
<p>If you just started this service, please wait a moment and reload the page.</p>
|
||||
<p>If the problem continues, please check your Snikket configuration for problems.</p>
|
||||
<code>504 Gateway Timeout</code>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -14,3 +14,13 @@ server {
|
|||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Fail requests to unknown domains
|
||||
server {
|
||||
listen ${SNIKKET_TWEAK_HTTP_PORT};
|
||||
listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
|
||||
|
||||
error_page 404 /_errors/404_site.html;
|
||||
|
||||
return 404;
|
||||
}
|
||||
|
|
|
@ -32,6 +32,8 @@ server {
|
|||
|
||||
server_name share.${SNIKKET_DOMAIN};
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
location /upload/ {
|
||||
proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT};
|
||||
proxy_set_header Host $host;
|
||||
|
@ -39,3 +41,22 @@ server {
|
|||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
||||
|
||||
# Fail requests to unknown domains
|
||||
server {
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
ssl_certificate /snikket/letsencrypt/live/snikket.chat/fullchain.pem;
|
||||
ssl_certificate_key /snikket/letsencrypt/live/snikket.chat/privkey.pem;
|
||||
|
||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
||||
ssl_session_timeout 1440m;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
||||
|
||||
error_page 404 /_errors/404_site.html;
|
||||
|
||||
return 404;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
server {
|
||||
listen ${SNIKKET_TWEAK_HTTP_PORT};
|
||||
listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
|
||||
|
||||
server_name ${SNIKKET_DOMAIN};
|
||||
server_name groups.${SNIKKET_DOMAIN};
|
||||
server_name share.${SNIKKET_DOMAIN};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
alias /var/www/html/.well-known/acme-challenge;
|
||||
}
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
error_page 404 /_errors/404.html;
|
||||
}
|
||||
|
||||
# Fail requests to unknown domains
|
||||
server {
|
||||
listen ${SNIKKET_TWEAK_HTTP_PORT};
|
||||
listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
error_page 404 /_errors/404_site.html;
|
||||
|
||||
return 404;
|
||||
}
|
Loading…
Reference in New Issue