privacy-in-design/gitea-migration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wire CADDY_DOMAIN into Caddyfile template for wildcard cert

Browse Source 
CADDY_DOMAIN was required/validated/prompted but never used — the
Caddyfile only referenced GITEA_DOMAIN, producing a single-domain
cert. Now the template uses *.CADDY_DOMAIN as the site address
(wildcard cert) with a host matcher routing GITEA_DOMAIN to Gitea.
This means the cert covers all subdomains under the base domain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
S
2026-03-01 12:18:53 -05:00
parent 61b46eb876
commit 01f11df417
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phase8_cutover.sh
View File

@@ -145,7 +145,7 @@ if ssh_exec UNRAID "test -f '${CADDY_DATA_PATH}/Caddyfile'" 2>/dev/null; then
else
TMPFILE=$(mktemp)
GITEA_CONTAINER_IP="${UNRAID_GITEA_IP}"
export GITEA_CONTAINER_IP GITEA_DOMAIN
export GITEA_CONTAINER_IP GITEA_DOMAIN CADDY_DOMAIN
# Build TLS block based on TLS_MODE
if [[ "$TLS_MODE" == "cloudflare" ]]; then
@@ -158,7 +158,7 @@ else
export TLS_BLOCK
render_template "${SCRIPT_DIR}/templates/Caddyfile.tpl" "$TMPFILE" \
"\${GITEA_DOMAIN} \${TLS_BLOCK} \${GITEA_CONTAINER_IP}"
"\${CADDY_DOMAIN} \${GITEA_DOMAIN} \${TLS_BLOCK} \${GITEA_CONTAINER_IP}"
scp_to UNRAID "$TMPFILE" "${CADDY_DATA_PATH}/Caddyfile"
rm -f "$TMPFILE"
log_success "Caddyfile deployed"