mastodon: split local domain and web domain

single-dockerfile
Trammell Hudson 3 years ago
parent 459a89f350
commit 054aae8be1
  1. 3
      mastodon/setup
  2. 6
      nginx/nginx/templates/000-default.conf.template

@ -27,7 +27,8 @@ OIDC_CLIENT_SECRET="$(openssl rand -hex 32)"
mkdir -p "$(dirname "$SECRETS")" mkdir -p "$(dirname "$SECRETS")"
cat <<EOF > "$SECRETS" cat <<EOF > "$SECRETS"
# DO NOT CHECK IN # DO NOT CHECK IN
LOCAL_DOMAIN=$MASTODON_HOSTNAME WEB_DOMAIN=$MASTODON_HOSTNAME
LOCAL_DOMAIN=$DOMAIN_NAME
OIDC_DISPLAY_NAME=$REALM OIDC_DISPLAY_NAME=$REALM
OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME/realms/$REALM
OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME/auth/auth/openid_connect/callback

@ -30,10 +30,16 @@ server {
root /var/www; root /var/www;
} }
# delegated Matrix server
location /.well-known/matrix { location /.well-known/matrix {
proxy_pass https://${MATRIX_HOSTNAME}; proxy_pass https://${MATRIX_HOSTNAME};
} }
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 301 https://${MASTODON_HOSTNAME}$request_uri;
}
listen 443 ssl default_server; listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;

Loading…
Cancel
Save