diff --git a/Dockerfile b/Dockerfile
index 94caa75..93e4f19 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,6 +11,7 @@ CMD ["/bin/sh", "/entrypoint.sh"]
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
tini nginx supervisor gettext-base libjs-bootstrap4 libjs-jquery \
+ && rm /etc/nginx/sites-enabled/default \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y \
&& rm -rf /var/cache/*
diff --git a/cert-monitor.sh b/cert-monitor.sh
index 6d6797e..2aebd50 100755
--- a/cert-monitor.sh
+++ b/cert-monitor.sh
@@ -4,6 +4,9 @@ CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
while sleep 10; do
if test -f "$CERT_PATH"; then
+ if test -f /etc/nginx/sites-enabled/startup; then
+ rm /etc/nginx/sites-enabled/startup;
+ fi
/usr/local/bin/render-template.sh "/etc/nginx/templates/snikket-common" "/etc/nginx/snippets/snikket-common.conf"
for proto in http https; do
/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
diff --git a/entrypoint.sh b/entrypoint.sh
index fba80da..5e938f7 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -8,6 +8,8 @@ if test -f "$CERT_PATH"; then
for proto in http https; do
/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
done
+else
+ /usr/local/bin/render-template.sh "/etc/nginx/templates/startup.template" "/etc/nginx/sites-enabled/startup";
fi
exec supervisord -c /etc/supervisord/supervisord.conf
diff --git a/error-pages/404.html b/error-pages/404.html
new file mode 100644
index 0000000..ab99fda
--- /dev/null
+++ b/error-pages/404.html
@@ -0,0 +1,28 @@
+
+
+
+
+
+ Snikket | Page not found
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Oops! We couldn't find what you were looking for.
+
Check the address you entered, perhaps?
+
404 Not Found
+
+
+
diff --git a/error-pages/404_site.html b/error-pages/404_site.html
new file mode 100644
index 0000000..02f09e5
--- /dev/null
+++ b/error-pages/404_site.html
@@ -0,0 +1,29 @@
+
+
+
+
+
+ Snikket | Unknown domain
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Oops! Site not found.
+
The web address you entered does not seem to match the domain of your Snikket installation.
+
If this is unexpected, check your DNS settings and your Snikket configuration are both correct.
+
404 Not Found
+
+
+
diff --git a/error-pages/504.html b/error-pages/504.html
new file mode 100644
index 0000000..7612795
--- /dev/null
+++ b/error-pages/504.html
@@ -0,0 +1,30 @@
+
+
+
+
+
+ Snikket | Temporarily unavailable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Oops! A technical glitch.
+
There was a problem connecting to the Snikket service of this site.
+
If you just started this service, please wait a moment and reload the page.
+
If the problem continues, please check your Snikket configuration for problems.
+
504 Gateway Timeout
+
+
+
diff --git a/nginx/http.template b/nginx/http.template
index 4ecc479..a2172f0 100644
--- a/nginx/http.template
+++ b/nginx/http.template
@@ -14,3 +14,13 @@ server {
return 301 https://$host$request_uri;
}
}
+
+# Fail requests to unknown domains
+server {
+ listen ${SNIKKET_TWEAK_HTTP_PORT};
+ listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
+
+ error_page 404 /_errors/404_site.html;
+
+ return 404;
+}
diff --git a/nginx/https.template b/nginx/https.template
index 6e71e47..7af50e0 100644
--- a/nginx/https.template
+++ b/nginx/https.template
@@ -32,6 +32,8 @@ server {
server_name share.${SNIKKET_DOMAIN};
+ root /var/www/html;
+
location /upload/ {
proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT};
proxy_set_header Host $host;
@@ -39,3 +41,22 @@ server {
proxy_set_header X-Forwarded-Proto https;
}
}
+
+# Fail requests to unknown domains
+server {
+ listen 443 ssl default_server;
+ listen [::]:443 ssl default_server;
+
+ ssl_certificate /snikket/letsencrypt/live/snikket.chat/fullchain.pem;
+ ssl_certificate_key /snikket/letsencrypt/live/snikket.chat/privkey.pem;
+
+ ssl_session_cache shared:le_nginx_SSL:1m;
+ ssl_session_timeout 1440m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
+
+ error_page 404 /_errors/404_site.html;
+
+ return 404;
+}
diff --git a/nginx/startup.template b/nginx/startup.template
new file mode 100644
index 0000000..f55091a
--- /dev/null
+++ b/nginx/startup.template
@@ -0,0 +1,28 @@
+server {
+ listen ${SNIKKET_TWEAK_HTTP_PORT};
+ listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
+
+ server_name ${SNIKKET_DOMAIN};
+ server_name groups.${SNIKKET_DOMAIN};
+ server_name share.${SNIKKET_DOMAIN};
+
+ location /.well-known/acme-challenge {
+ alias /var/www/html/.well-known/acme-challenge;
+ }
+
+ root /var/www/html;
+
+ error_page 404 /_errors/404.html;
+}
+
+# Fail requests to unknown domains
+server {
+ listen ${SNIKKET_TWEAK_HTTP_PORT};
+ listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
+
+ root /var/www/html;
+
+ error_page 404 /_errors/404_site.html;
+
+ return 404;
+}