01f11df417
CADDY_DOMAIN was required/validated/prompted but never used — the Caddyfile only referenced GITEA_DOMAIN, producing a single-domain cert. Now the template uses *.CADDY_DOMAIN as the site address (wildcard cert) with a host matcher routing GITEA_DOMAIN to Gitea. This means the cert covers all subdomains under the base domain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
19 lines
497 B
Smarty
19 lines
497 B
Smarty
# Caddyfile — rendered by phase8_cutover.sh
|
|
# TLS_BLOCK is replaced by the phase script based on TLS_MODE:
|
|
# cloudflare → dns cloudflare {env.CF_API_TOKEN}
|
|
# existing → tls /path/to/cert /path/to/key
|
|
# Wildcard cert covers *.CADDY_DOMAIN; @gitea routes GITEA_DOMAIN to Gitea.
|
|
|
|
*.${CADDY_DOMAIN} {
|
|
${TLS_BLOCK}
|
|
|
|
@gitea host ${GITEA_DOMAIN}
|
|
handle @gitea {
|
|
reverse_proxy ${GITEA_CONTAINER_IP}:3000
|
|
}
|
|
|
|
handle {
|
|
respond "Service not configured" 404
|
|
}
|
|
}
|