fix(drasl): use https BaseURL to match TLS ingress
Public scheme is HTTPS (host nginx terminates TLS in front of caddy). Drasl builds absolute URLs — texture URLs and the authlib-injector API location — from BaseURL, so an http:// value caused mixed-content blocking and broken login on the https origin. Point BaseURL at https://auth.${BASE_DOMAIN}. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -3,7 +3,10 @@
|
|||||||
# -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted.
|
# -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted.
|
||||||
# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port.
|
# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port.
|
||||||
|
|
||||||
BaseURL = "http://auth.${BASE_DOMAIN}"
|
# Public scheme is HTTPS — the host nginx terminates TLS in front of caddy.
|
||||||
|
# Drasl builds absolute URLs (textures, authlib-injector API location) from this;
|
||||||
|
# an http:// value triggers mixed-content + broken login on the https origin.
|
||||||
|
BaseURL = "https://auth.${BASE_DOMAIN}"
|
||||||
Domain = "auth.${BASE_DOMAIN}"
|
Domain = "auth.${BASE_DOMAIN}"
|
||||||
ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it
|
ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it
|
||||||
DefaultAdminUsernames = ["admin"]
|
DefaultAdminUsernames = ["admin"]
|
||||||
|
|||||||
Reference in New Issue
Block a user