feat(ingress): public distribution.${BASE_DOMAIN} static vhost

Serve a static site at distribution.${BASE_DOMAIN} whose web root lives in
another repo (DISTRIBUTION_WEB_ROOT, bind-mounted read-only into caddy):
  - caddy/conf.d/30-distribution.caddy  file_server vhost
  - docker-compose.distribution.yml     mount snippet + external web root
  - issue-letsencrypt.sh / .env.example add distribution to LE_SUBDOMAINS
  - ulicraft-caddy.conf.tmpl            TLS-front block proxying to caddy

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-09 00:30:27 +02:00
parent 3486546fb3
commit ab3d2c201b
5 changed files with 52 additions and 6 deletions

View File

@@ -17,7 +17,7 @@
# OVH_CK OVH consumer key (obtained on first run — see below)
# OVH_END_POINT OVH API endpoint (e.g. ovh-eu)
# optional:
# LE_SUBDOMAINS space-separated (default: "auth pack")
# LE_SUBDOMAINS space-separated (default: "auth pack distribution")
# LE_STAGING=1 use the LE staging CA (untrusted, for dry runs)
#
# First-time OVH consumer key: set OVH_AK/OVH_AS/OVH_END_POINT, leave OVH_CK
@@ -53,7 +53,7 @@ ACME="${ACME_SH:-$HOME/.acme.sh/acme.sh}"
then re-run (or set ACME_SH=/path/to/acme.sh)."
CERT_DIR="${CERT_DIR:-certs}"
read -r -a SUBDOMAINS <<< "${LE_SUBDOMAINS:-auth pack}"
read -r -a SUBDOMAINS <<< "${LE_SUBDOMAINS:-auth pack distribution}"
if [ "${LE_STAGING:-0}" = "1" ]; then
SERVER="letsencrypt_test"; warn "STAGING mode — certs will NOT be trusted by browsers"