fix(drasl): use https BaseURL to match TLS ingress

Public scheme is HTTPS (host nginx terminates TLS in front of caddy). Drasl
builds absolute URLs — texture URLs and the authlib-injector API location —
from BaseURL, so an http:// value caused mixed-content blocking and broken
login on the https origin. Point BaseURL at https://auth.${BASE_DOMAIN}.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-09 02:53:35 +02:00
parent 46103495fb
commit 95c63e1ee0

View File

@@ -3,7 +3,10 @@
# -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted.
# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port.
BaseURL = "http://auth.${BASE_DOMAIN}"
# Public scheme is HTTPS — the host nginx terminates TLS in front of caddy.
# Drasl builds absolute URLs (textures, authlib-injector API location) from this;
# an http:// value triggers mixed-content + broken login on the https origin.
BaseURL = "https://auth.${BASE_DOMAIN}"
Domain = "auth.${BASE_DOMAIN}"
ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it
DefaultAdminUsernames = ["admin"]