Mounting ./mirror/launcher at /srv/www/launcher failed: /srv/www is a read-only mount, so the nested mountpoint can't be created. Mount it at /srv/launcher and route /launcher/* via handle_path instead. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
41 lines
1.3 KiB
Caddyfile
41 lines
1.3 KiB
Caddyfile
# auto_https off would disable TLS entirely, breaking `tls internal` for the
|
|
# air-gap mirror vhosts. disable_redirects keeps the apex/auth/packwiz sites
|
|
# plaintext on :80 (they use explicit http://) while still allowing internal
|
|
# TLS on the mirror hosts below.
|
|
{
|
|
auto_https disable_redirects
|
|
}
|
|
|
|
http://{$BASE_DOMAIN} {
|
|
# Launcher downloads live in a sibling mount (not nested under /srv/www,
|
|
# which is a read-only mount → can't create a nested mountpoint).
|
|
# handle_path strips the /launcher prefix before serving /srv/launcher.
|
|
handle_path /launcher/* {
|
|
root * /srv/launcher
|
|
file_server browse
|
|
}
|
|
handle {
|
|
root * /srv/www
|
|
file_server
|
|
}
|
|
}
|
|
|
|
http://auth.{$BASE_DOMAIN} {
|
|
reverse_proxy drasl:25585
|
|
}
|
|
|
|
http://packwiz.{$BASE_DOMAIN} {
|
|
root * /srv/pack
|
|
file_server browse
|
|
}
|
|
|
|
# Full client air-gap mirror (see plan/11-full-airgap-mirror.md): byte-exact
|
|
# copies of the real upstream hosts served over HTTPS with Caddy's local CA.
|
|
# dnsmasq spoofs these hostnames -> our host; the {host} placeholder roots each
|
|
# hostname at its own mirror subtree. Guests import the Caddy root CA once.
|
|
meta.prismlauncher.org, piston-meta.mojang.com, piston-data.mojang.com, libraries.minecraft.net, maven.neoforged.net, resources.download.minecraft.net {
|
|
tls internal
|
|
root * /srv/mirror/{host}
|
|
file_server
|
|
}
|