diff options
| -rw-r--r-- | frontends/AGENTS.md | 11 | ||||
| -rw-r--r-- | frontends/etc/gogios.json.tpl | 4 | ||||
| -rw-r--r-- | frontends/etc/httpd.conf.tpl | 10 | ||||
| -rw-r--r-- | frontends/etc/relayd.conf.tpl | 10 |
4 files changed, 31 insertions, 4 deletions
diff --git a/frontends/AGENTS.md b/frontends/AGENTS.md index b62b2a3..23e90c2 100644 --- a/frontends/AGENTS.md +++ b/frontends/AGENTS.md @@ -252,6 +252,17 @@ Monitoring should match that split: - `lighttpd` is intentionally used on the Pi HTTP nodes because the hardware is low-RAM and the workload is static content only - Firewall changes on the Pis are conditional: check `firewall-cmd --state` first and skip `firewall-cmd` rules entirely if `firewalld` is not running +### Pi lighttpd Host-Based Virtual Hosting + +`relayd` cannot rewrite URL paths — it can only route based on Host header to different backend tables. To serve a subdirectory as the root for a domain, lighttpd on the Pis uses Host-based virtual hosting to remap the document root. + +Config: `/etc/lighttpd/lighttpd.conf` on pi0/pi1 (managed directly, not in a config repo). + +Current vhost mappings: +- `snonux.foo` / `www.snonux.foo` → `/var/www/html/snonux` + +The `Host` header is passed through by relayd unchanged, so lighttpd can match on it directly. + ## Configuration Testing Before deploying: diff --git a/frontends/etc/gogios.json.tpl b/frontends/etc/gogios.json.tpl index 76c9fab..7661275 100644 --- a/frontends/etc/gogios.json.tpl +++ b/frontends/etc/gogios.json.tpl @@ -81,10 +81,10 @@ }, <% } -%> <% for my $host (qw(pi0 pi1)) { -%> - "Check HTTP <%= $host %>.lan.buetow.org": { + "Check HTTP <%= $host %>.wg0.wan.buetow.org": { "Plugin": "<%= $plugin_dir %>/check_http", "RandomSpread": 10, - "Args": ["<%= $host %>.lan.buetow.org", "-4"] + "Args": ["<%= $host %>.wg0.wan.buetow.org", "-4"] }, <% } -%> <% for my $host (qw(pi2 pi3)) { -%> diff --git a/frontends/etc/httpd.conf.tpl b/frontends/etc/httpd.conf.tpl index 5f4a769..376692f 100644 --- a/frontends/etc/httpd.conf.tpl +++ b/frontends/etc/httpd.conf.tpl @@ -102,9 +102,15 @@ server "<%= $prefix %>blog.buetow.org" { server "<%= $prefix %>snonux.foo" { listen on * port 8080 - log style forwarded + log style forwarded location * { - block return 302 "https://foo.zone/about$REQUEST_URI" + <% if ($prefix eq 'www.') { -%> + block return 302 "https://snonux.foo$REQUEST_URI" + <% } else { -%> + # Same fallback as f3s.buetow.org when static Pis are unreachable (via f3s_static_proxy chain) + request rewrite "/index.html" + root "/htdocs/f3s_fallback" + <% } -%> } } diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl index 70fbeab..29f5875 100644 --- a/frontends/etc/relayd.conf.tpl +++ b/frontends/etc/relayd.conf.tpl @@ -78,6 +78,7 @@ http protocol "https" { # Explicitly route non-f3s hosts to localhost to prevent them from trying f3s backends <% for my $host (@$acme_hosts) { next if grep { $_ eq $host } @$f3s_hosts; + next if $host eq 'snonux.foo'; for my $prefix (@prefixes) { -%> match request header "Host" value "<%= $prefix.$host -%>" forward to <localhost> <% } } -%> @@ -102,6 +103,15 @@ http protocol "https" { } } -%> + # www.snonux.foo: redirect to snonux.foo via localhost httpd + match request header "Host" value "www.snonux.foo" forward to <localhost> + # snonux.foo: same relay hop as f3s.buetow.org (Pis then localhost f3s_fallback). relayd cannot rewrite + # URL paths; use https://snonux.foo/snonux/... or map Host on the static servers so / serves that tree. + <% for my $host (qw/snonux.foo/) { + for my $prefix ('', 'standby.') { -%> + match request header "Host" value "<%= $prefix.$host -%>" forward to <f3s_static_proxy> + <% } } -%> + # Add cache-control headers to f3s fallback pages (served from localhost when cluster is down) match response header set "Cache-Control" value "no-cache, no-store, must-revalidate" match response header set "Pragma" value "no-cache" |