Files
ulicraft-server-v1/drasl/config/config.toml.tmpl
Oier Bravo Urtasun 95c63e1ee0 fix(drasl): use https BaseURL to match TLS ingress
Public scheme is HTTPS (host nginx terminates TLS in front of caddy). Drasl
builds absolute URLs — texture URLs and the authlib-injector API location —
from BaseURL, so an http:// value caused mixed-content blocking and broken
login on the https origin. Point BaseURL at https://auth.${BASE_DOMAIN}.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-09 02:53:35 +02:00

26 lines
1.2 KiB
Cheetah

# Drasl config — password-login mode (NO Keycloak/OIDC for now).
# TOML only (drasl has no env support). Rendered by tooling/render-config.sh
# -> drasl/config/config.toml (gitignored). Only ${BASE_DOMAIN} is substituted.
# Reached only via Caddy at auth.${BASE_DOMAIN}; drasl has no published host port.
# Public scheme is HTTPS — the host nginx terminates TLS in front of caddy.
# Drasl builds absolute URLs (textures, authlib-injector API location) from this;
# an http:// value triggers mixed-content + broken login on the https origin.
BaseURL = "https://auth.${BASE_DOMAIN}"
Domain = "auth.${BASE_DOMAIN}"
ListenAddress = "0.0.0.0:25585" # internal; Caddy reverse-proxies to it
DefaultAdminUsernames = ["admin"]
# Password login: admin + guests register a username/password on the web UI.
AllowPasswordLogin = true
# 1.21+ secure-profile fix: MUST pair with server ENFORCE_SECURE_PROFILE=FALSE.
# Both or neither — mixed auth breaks on MC 1.21+ with SignPublicKeys = true.
SignPublicKeys = false
# Free-text owner label shown in the web UI (a string, not a table).
ApplicationOwner = "Ulicraft"
# OIDC block intentionally omitted for now (no Keycloak).
# [[RegistrationOIDC]] <- future task