privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wire CADDY_DOMAIN into Caddyfile template for wildcard cert

Browse Source 
CADDY_DOMAIN was required/validated/prompted but never used — the
Caddyfile only referenced GITEA_DOMAIN, producing a single-domain
cert. Now the template uses *.CADDY_DOMAIN as the site address
(wildcard cert) with a host matcher routing GITEA_DOMAIN to Gitea.
This means the cert covers all subdomains under the base domain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
S
2026-03-01 12:18:53 -05:00
parent 61b46eb876
commit 01f11df417
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env.example
View File

@@ -121,7 +121,7 @@ GITHUB_MIRROR_INTERVAL=8h # How often Gitea pushes to GitHub (offsite ba
# TLS / REVERSE PROXY (Caddy — dedicated container per host)
# -----------------------------------------------------------------------------
TLS_MODE=cloudflare # TLS mode: "cloudflare" (DNS-01 via CF API) or "existing" (manual certs)
CADDY_DOMAIN= # Wildcard base domain (e.g. privacyindesign.com)
CADDY_DOMAIN= # Wildcard cert base domain (e.g. privacyindesign.com → cert for *.privacyindesign.com)
CADDY_DATA_PATH= # Absolute path on host for Caddy data (e.g. /mnt/nvme/caddy)
CLOUDFLARE_API_TOKEN= # Cloudflare API token with Zone:DNS:Edit (only if TLS_MODE=cloudflare)
SSL_CERT_PATH= # Absolute path to SSL cert (only if TLS_MODE=existing)