fix(landing): https + correct subdomains, drop dead CA-cert step
The guest landing page advertised http:// service URLs (mixed-content on the https origin) and the wrong packwiz subdomain: - authUrl / authlibUrl: http -> https - packwizUrl: http://packwiz. -> https://pack. (correct vhost) - serverAddress: mc. -> apex (connect to ${BASE_DOMAIN}:25565) - remove caCertUrl + the "trust the local CA" join step (airgap-only, /ca.crt no longer exists) and its en/es/eu i18n strings + type. Also fix the stale http BaseURL example in plan/03-drasl.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -24,19 +24,15 @@ export const site = {
|
||||
dust: true,
|
||||
},
|
||||
|
||||
// Connect target shown to guests. No port needed — a dnsmasq SRV record
|
||||
// (_minecraft._tcp.mc.<domain>) points clients at 25565.
|
||||
serverAddress: `mc.${BASE_DOMAIN}`,
|
||||
// Connect target shown to guests. No port needed (defaults to 25565).
|
||||
serverAddress: `${BASE_DOMAIN}`,
|
||||
|
||||
// Drasl auth web UI + authlib-injector API root.
|
||||
authUrl: `http://auth.${BASE_DOMAIN}`,
|
||||
authlibUrl: `http://auth.${BASE_DOMAIN}/authlib-injector`,
|
||||
// Drasl auth web UI + authlib-injector API root (public HTTPS).
|
||||
authUrl: `https://auth.${BASE_DOMAIN}`,
|
||||
authlibUrl: `https://auth.${BASE_DOMAIN}/authlib-injector`,
|
||||
|
||||
// packwiz modpack entrypoint.
|
||||
packwizUrl: `http://packwiz.${BASE_DOMAIN}/pack.toml`,
|
||||
|
||||
// Caddy local CA root — guests import this to trust the offline asset mirror.
|
||||
caCertUrl: `http://${BASE_DOMAIN}/ca.crt`,
|
||||
// packwiz modpack entrypoint (public HTTPS, pack. subdomain).
|
||||
packwizUrl: `https://pack.${BASE_DOMAIN}/pack.toml`,
|
||||
|
||||
// Static server-list panel (Status section). No fake live count — see plan
|
||||
// 09-landing.md option B.
|
||||
|
||||
@@ -54,9 +54,6 @@ export interface UI {
|
||||
pb: string; // after it
|
||||
copy: string;
|
||||
registerPre: string;
|
||||
caPre: string;
|
||||
caLink: string;
|
||||
caPost: string;
|
||||
};
|
||||
s3: { kicker: string; h: string; p: string };
|
||||
s4: {
|
||||
@@ -137,9 +134,6 @@ export const ui: Record<Lang, UI> = {
|
||||
pb: "account using this URL, then log in with your Ulicraft credentials.",
|
||||
copy: "Copy",
|
||||
registerPre: "Need credentials? Register at",
|
||||
caPre: "Offline party? Download and trust the",
|
||||
caLink: "local CA certificate",
|
||||
caPost: "so the game-file mirror works over HTTPS.",
|
||||
},
|
||||
s3: {
|
||||
kicker: "Modpack",
|
||||
@@ -226,9 +220,6 @@ export const ui: Record<Lang, UI> = {
|
||||
pb: "con esta URL y luego inicia sesión con tus credenciales de Ulicraft.",
|
||||
copy: "Copiar",
|
||||
registerPre: "¿Sin credenciales? Regístrate en",
|
||||
caPre: "¿Fiesta sin internet? Descarga y confía en el",
|
||||
caLink: "certificado CA local",
|
||||
caPost: "para que el mirror de archivos funcione por HTTPS.",
|
||||
},
|
||||
s3: {
|
||||
kicker: "Modpack",
|
||||
@@ -315,9 +306,6 @@ export const ui: Record<Lang, UI> = {
|
||||
pb: "kontu bat URL honekin, eta gero hasi saioa zure Ulicraft kredentzialekin.",
|
||||
copy: "Kopiatu",
|
||||
registerPre: "Kredentzialik ez? Erregistratu hemen:",
|
||||
caPre: "Internetik gabeko festa? Deskargatu eta fidatu",
|
||||
caLink: "tokiko CA ziurtagiriaz",
|
||||
caPost: "fitxategi-mirrorrak HTTPS bidez ibil dadin.",
|
||||
},
|
||||
s3: {
|
||||
kicker: "Modpacka",
|
||||
|
||||
@@ -207,9 +207,6 @@ const dustBits = Array.from({ length: 16 }, (_, i) => {
|
||||
<p>
|
||||
{t.join.s2.registerPre} <a href={site.authUrl}>{site.authUrl}</a>.
|
||||
</p>
|
||||
<span class="hint">
|
||||
{t.join.s2.caPre} <a href={site.caCertUrl}>{t.join.s2.caLink}</a> {t.join.s2.caPost}
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@ Config is **TOML only** (no env var support). So `config.toml` is rendered from
|
||||
## config.toml.tmpl (key fields)
|
||||
|
||||
```toml
|
||||
BaseURL = "http://auth.${BASE_DOMAIN}"
|
||||
BaseURL = "https://auth.${BASE_DOMAIN}" # public scheme is HTTPS (nginx TLS)
|
||||
Domain = "auth.${BASE_DOMAIN}"
|
||||
ListenAddress = "0.0.0.0:25585" # internal; Caddy proxies
|
||||
DefaultAdminUsernames = ["admin"]
|
||||
|
||||
Reference in New Issue
Block a user