feat(caddy): serve Caddy root CA at /ca.crt for guest trust
Air-gap mirror uses tls internal; guests must trust Caddy's local CA. Serve it at http://<domain>/ca.crt from a world-readable mount (the live pki dir is root-only 0600). build-stack --up mirror|full exports the CA after bring-up; landing page links it. Pre-creates the mount target to avoid a dir bind. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -18,6 +18,9 @@ export const site = {
|
||||
// packwiz modpack entrypoint.
|
||||
packwizUrl: `http://packwiz.${BASE_DOMAIN}/pack.toml`,
|
||||
|
||||
// Caddy local CA root — guests import this to trust the offline asset mirror.
|
||||
caCertUrl: `http://${BASE_DOMAIN}/ca.crt`,
|
||||
|
||||
// Launcher downloads. Stable filenames are symlinks created by
|
||||
// tooling/fetch-launcher.sh — keep these in sync with that script.
|
||||
launcher: {
|
||||
|
||||
@@ -50,6 +50,11 @@ const { launcher } = site;
|
||||
Need credentials? Register at <a href={site.authUrl}>{site.authUrl}</a>, then log in
|
||||
with that username and password.
|
||||
</p>
|
||||
<p class="note">
|
||||
Offline party? Download and trust the
|
||||
<a href={site.caCertUrl}>local CA certificate</a> so the game-file
|
||||
mirror works over HTTPS.
|
||||
</p>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
||||
Reference in New Issue
Block a user