fix(landing): https + correct subdomains, drop dead CA-cert step

The guest landing page advertised http:// service URLs (mixed-content on the
https origin) and the wrong packwiz subdomain:
- authUrl / authlibUrl: http -> https
- packwizUrl: http://packwiz. -> https://pack.  (correct vhost)
- serverAddress: mc. -> apex (connect to ${BASE_DOMAIN}:25565)
- remove caCertUrl + the "trust the local CA" join step (airgap-only, /ca.crt
  no longer exists) and its en/es/eu i18n strings + type.

Also fix the stale http BaseURL example in plan/03-drasl.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-09 02:56:59 +02:00
parent 95c63e1ee0
commit cfd60131fb
4 changed files with 8 additions and 27 deletions

View File

@@ -24,19 +24,15 @@ export const site = {
dust: true,
},
// Connect target shown to guests. No port needed — a dnsmasq SRV record
// (_minecraft._tcp.mc.<domain>) points clients at 25565.
serverAddress: `mc.${BASE_DOMAIN}`,
// Connect target shown to guests. No port needed (defaults to 25565).
serverAddress: `${BASE_DOMAIN}`,
// Drasl auth web UI + authlib-injector API root.
authUrl: `http://auth.${BASE_DOMAIN}`,
authlibUrl: `http://auth.${BASE_DOMAIN}/authlib-injector`,
// Drasl auth web UI + authlib-injector API root (public HTTPS).
authUrl: `https://auth.${BASE_DOMAIN}`,
authlibUrl: `https://auth.${BASE_DOMAIN}/authlib-injector`,
// packwiz modpack entrypoint.
packwizUrl: `http://packwiz.${BASE_DOMAIN}/pack.toml`,
// Caddy local CA root — guests import this to trust the offline asset mirror.
caCertUrl: `http://${BASE_DOMAIN}/ca.crt`,
// packwiz modpack entrypoint (public HTTPS, pack. subdomain).
packwizUrl: `https://pack.${BASE_DOMAIN}/pack.toml`,
// Static server-list panel (Status section). No fake live count — see plan
// 09-landing.md option B.

View File

@@ -54,9 +54,6 @@ export interface UI {
pb: string; // after it
copy: string;
registerPre: string;
caPre: string;
caLink: string;
caPost: string;
};
s3: { kicker: string; h: string; p: string };
s4: {
@@ -137,9 +134,6 @@ export const ui: Record<Lang, UI> = {
pb: "account using this URL, then log in with your Ulicraft credentials.",
copy: "Copy",
registerPre: "Need credentials? Register at",
caPre: "Offline party? Download and trust the",
caLink: "local CA certificate",
caPost: "so the game-file mirror works over HTTPS.",
},
s3: {
kicker: "Modpack",
@@ -226,9 +220,6 @@ export const ui: Record<Lang, UI> = {
pb: "con esta URL y luego inicia sesión con tus credenciales de Ulicraft.",
copy: "Copiar",
registerPre: "¿Sin credenciales? Regístrate en",
caPre: "¿Fiesta sin internet? Descarga y confía en el",
caLink: "certificado CA local",
caPost: "para que el mirror de archivos funcione por HTTPS.",
},
s3: {
kicker: "Modpack",
@@ -315,9 +306,6 @@ export const ui: Record<Lang, UI> = {
pb: "kontu bat URL honekin, eta gero hasi saioa zure Ulicraft kredentzialekin.",
copy: "Kopiatu",
registerPre: "Kredentzialik ez? Erregistratu hemen:",
caPre: "Internetik gabeko festa? Deskargatu eta fidatu",
caLink: "tokiko CA ziurtagiriaz",
caPost: "fitxategi-mirrorrak HTTPS bidez ibil dadin.",
},
s3: {
kicker: "Modpacka",

View File

@@ -207,9 +207,6 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
<p>
{t.join.s2.registerPre} <a href={site.authUrl}>{site.authUrl}</a>.
</p>
<span class="hint">
{t.join.s2.caPre} <a href={site.caCertUrl}>{t.join.s2.caLink}</a> {t.join.s2.caPost}
</span>
</div>
</div>

View File

@@ -16,7 +16,7 @@ Config is **TOML only** (no env var support). So `config.toml` is rendered from
## config.toml.tmpl (key fields)
```toml
BaseURL = "http://auth.${BASE_DOMAIN}"
BaseURL = "https://auth.${BASE_DOMAIN}" # public scheme is HTTPS (nginx TLS)
Domain = "auth.${BASE_DOMAIN}"
ListenAddress = "0.0.0.0:25585" # internal; Caddy proxies
DefaultAdminUsernames = ["admin"]