feat(nginx): serve launcher downloads from apex vhost

Port the /launcher/* static route from caddy's 10-static.caddy to the
nginx apex server (alias -> ./mirror/launcher, autoindex). /ca.crt is
omitted — LE certs are publicly trusted, no guest CA import needed.
The 20-mirror.caddy upstream spoofs stay caddy/air-gap-only.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-08 01:08:43 +02:00
parent 843347ad00
commit 5cec2993d7

View File

@@ -24,7 +24,9 @@ server {
return 301 https://$host$request_uri;
}
# Apex — static landing page.
# Apex — static landing page (./www) + launcher downloads (./mirror/launcher).
# /ca.crt from the caddy path is intentionally omitted: LE certs are publicly
# trusted, so guests need no CA import.
server {
listen 443 ssl;
listen [::]:443 ssl;
@@ -34,9 +36,17 @@ server {
ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem;
ssl_certificate_key ${APP_DIR}/certs/${BASE_DOMAIN}/key.pem;
root ${APP_DIR}/www;
index index.html;
location / { try_files $uri $uri/ =404; }
# Launcher downloads (populated by tooling/fetch-launcher.sh -> ./mirror/launcher).
location /launcher/ {
alias ${APP_DIR}/mirror/launcher/;
autoindex on;
}
location / {
root ${APP_DIR}/www;
index index.html;
try_files $uri $uri/ =404;
}
}
# Pack — packwiz metadata (./pack) + custom jars (./custom at /custom/).