Compare commits
13 Commits
617236558e
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
1189ec810d | ||
|
|
a64c28761b | ||
|
|
00433e664f | ||
|
|
e50abcb9a2 | ||
|
|
1d4c57c737 | ||
|
|
58e40897a5 | ||
|
|
95758de781 | ||
|
|
f984184b39 | ||
|
|
37ce044181 | ||
|
|
12537896f2 | ||
|
|
ef00dde487 | ||
|
|
6ff0b1756d | ||
|
|
d39a1d86a9 |
12
CHANGELOG.md
12
CHANGELOG.md
@@ -1,23 +1,23 @@
|
||||
# Changelog
|
||||
|
||||
## 0.5.10 (2025-11-20)
|
||||
## 0.5.7 (2025-11-20)
|
||||
|
||||
* Bundle the Ente Families web app so `family.<domain>` serves the correct invite/management UI instead of the placeholder photos build.
|
||||
* Ship built-in billing plan JSON so Museum can resolve subscriptions (`family/add-member`, invite acceptance) on self-hosted installs without manual DB edits.
|
||||
|
||||
## 0.5.7 (2025-11-18)
|
||||
|
||||
* Inject the API origin into all served HTML so the Next.js bundles (including `accounts/passkeys`) read the self-hosted endpoint instead of defaulting to `https://api.ente.io`
|
||||
* Document the working Backblaze B2 CORS JSON that whitelists the wildcard origin + upload operations for desktop casts
|
||||
* Fix passkey enrollment on the accounts host by ensuring only the photos domain matches the `/api` proxy block.
|
||||
|
||||
## 0.5.6 (2025-11-18)
|
||||
|
||||
* Allow the accounts frontend origin in Museum’s `webauthn.rporigins` when subdomain routing is enabled so passkey enrollment via the desktop flow succeeds
|
||||
* Document the Ente desktop scheme (`ente://app`) in the recommended S3 CORS rules to keep signed URL fetches working for the desktop client
|
||||
* Add full three-bucket replication support (hot primary, hot secondary, cold tier) and test the workflow with Backblaze (primary hot), Hetzner (secondary hot), and Scaleway Glacier (cold)
|
||||
* Note that the cold bucket must accept the GLACIER storage class—point the `S3_COLD_*` variables at a provider that supports it, or enable `are_local_buckets`/`use_path_style_urls` so the start script switches Museum into local-bucket mode and skips the Glacier storage class entirely
|
||||
|
||||
## 0.5.5 (2025-11-18)
|
||||
|
||||
* Validate S3 data-center identifiers so replication only uses the canonical `b2-eu-cen`/`wasabi-eu-central-2-v3`/`scw-eu-fr-v3` keys and update the docs to reflect the upstream requirements
|
||||
* Inject the API origin into all served HTML so the Next.js bundles (including `accounts/passkeys`) read the self-hosted endpoint instead of defaulting to `https://api.ente.io`
|
||||
* Document the working Backblaze B2 CORS JSON that whitelists the wildcard origin + upload operations for desktop casts
|
||||
|
||||
## 0.5.4 (2025-11-18)
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
"contactEmail": "contact@ente.io",
|
||||
"website": "https://ente.io",
|
||||
"tagline": "Open source, end-to-end encrypted photo backup",
|
||||
"version": "0.5.10",
|
||||
"version": "0.5.6",
|
||||
"upstreamVersion": "git-main",
|
||||
"healthCheckPath": "/health",
|
||||
"httpPort": 3080,
|
||||
@@ -40,6 +40,27 @@
|
||||
"defaultValue": "albums",
|
||||
"aliasableDomain": true
|
||||
},
|
||||
"SHARE_DOMAIN": {
|
||||
"title": "Public locker hostname",
|
||||
"description": "Hostname for the Ente share/collaboration frontend (e.g. share)",
|
||||
"containerPort": 3080,
|
||||
"defaultValue": "share",
|
||||
"aliasableDomain": true
|
||||
},
|
||||
"EMBED_DOMAIN": {
|
||||
"title": "Embed hostname",
|
||||
"description": "Hostname for the Ente embed frontend (e.g. embed)",
|
||||
"containerPort": 3080,
|
||||
"defaultValue": "embed",
|
||||
"aliasableDomain": true
|
||||
},
|
||||
"PAYMENTS_DOMAIN": {
|
||||
"title": "Payments hostname",
|
||||
"description": "Hostname for the Ente payments frontend (e.g. payments)",
|
||||
"containerPort": 3080,
|
||||
"defaultValue": "payments",
|
||||
"aliasableDomain": true
|
||||
},
|
||||
"FAMILY_DOMAIN": {
|
||||
"title": "Family hostname",
|
||||
"description": "Hostname for the Ente family web app (e.g. family)",
|
||||
|
||||
12
Dockerfile
12
Dockerfile
@@ -57,14 +57,17 @@ RUN apt-get update && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
RUN corepack enable
|
||||
RUN yarn install --network-timeout 1000000
|
||||
RUN mkdir -p /build/web/photos /build/web/accounts /build/web/auth /build/web/cast /build/web/albums /build/web/family
|
||||
RUN mkdir -p /build/web/photos /build/web/accounts /build/web/auth /build/web/cast /build/web/albums /build/web/family /build/web/share /build/web/embed /build/web/payments
|
||||
RUN set -e; \
|
||||
yarn build:photos; \
|
||||
yarn build:accounts; \
|
||||
yarn build:auth; \
|
||||
yarn build:cast
|
||||
yarn build:cast; \
|
||||
yarn build:share; \
|
||||
yarn build:embed; \
|
||||
yarn build:payments
|
||||
RUN if [ -d "apps" ]; then \
|
||||
for app in photos accounts auth cast; do \
|
||||
for app in photos accounts auth cast share embed payments; do \
|
||||
if [ -d "apps/${app}/out" ]; then \
|
||||
rm -rf "/build/web/${app}"; \
|
||||
mkdir -p "/build/web/${app}"; \
|
||||
@@ -132,6 +135,9 @@ COPY --from=web-builder /build/web/accounts /app/web/accounts
|
||||
COPY --from=web-builder /build/web/auth /app/web/auth
|
||||
COPY --from=web-builder /build/web/cast /app/web/cast
|
||||
COPY --from=web-builder /build/web/albums /app/web/albums
|
||||
COPY --from=web-builder /build/web/share /app/web/share
|
||||
COPY --from=web-builder /build/web/embed /app/web/embed
|
||||
COPY --from=web-builder /build/web/payments /app/web/payments
|
||||
COPY --from=families-builder /build/family /app/web/family
|
||||
|
||||
COPY start.sh /app/pkg/start.sh
|
||||
|
||||
264
start.sh
264
start.sh
@@ -107,6 +107,9 @@ AUTH_HOST="$(resolve_http_hostname "AUTH_DOMAIN" "auth.${APP_FQDN}")"
|
||||
CAST_HOST="$(resolve_http_hostname "CAST_DOMAIN" "cast.${APP_FQDN}")"
|
||||
ALBUMS_HOST="$(resolve_http_hostname "ALBUMS_DOMAIN" "albums.${APP_FQDN}")"
|
||||
FAMILY_HOST="$(resolve_http_hostname "FAMILY_DOMAIN" "family.${APP_FQDN}")"
|
||||
SHARE_HOST="$(resolve_http_hostname "SHARE_DOMAIN" "share.${APP_FQDN}")"
|
||||
EMBED_HOST="$(resolve_http_hostname "EMBED_DOMAIN" "embed.${APP_FQDN}")"
|
||||
PAYMENTS_HOST="$(resolve_http_hostname "PAYMENTS_DOMAIN" "payments.${APP_FQDN}")"
|
||||
|
||||
normalize_host() {
|
||||
local host="$1"
|
||||
@@ -126,10 +129,13 @@ AUTH_HOST="$(normalize_host "$AUTH_HOST")"
|
||||
CAST_HOST="$(normalize_host "$CAST_HOST")"
|
||||
ALBUMS_HOST="$(normalize_host "$ALBUMS_HOST")"
|
||||
FAMILY_HOST="$(normalize_host "$FAMILY_HOST")"
|
||||
SHARE_HOST="$(normalize_host "$SHARE_HOST")"
|
||||
EMBED_HOST="$(normalize_host "$EMBED_HOST")"
|
||||
PAYMENTS_HOST="$(normalize_host "$PAYMENTS_HOST")"
|
||||
|
||||
USE_SUBDOMAIN_ROUTING=false
|
||||
if [ "$APP_FQDN" != "localhost" ]; then
|
||||
if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ]; then
|
||||
if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ] || [ "$SHARE_HOST" != "$APP_FQDN" ] || [ "$EMBED_HOST" != "$APP_FQDN" ] || [ "$PAYMENTS_HOST" != "$APP_FQDN" ]; then
|
||||
USE_SUBDOMAIN_ROUTING=true
|
||||
fi
|
||||
fi
|
||||
@@ -141,12 +147,18 @@ if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
|
||||
CAST_URL="https://${CAST_HOST}"
|
||||
FAMILY_URL="https://${FAMILY_HOST}"
|
||||
ALBUMS_URL="https://${ALBUMS_HOST}"
|
||||
SHARE_URL="https://${SHARE_HOST}"
|
||||
EMBED_URL="https://${EMBED_HOST}"
|
||||
PAYMENTS_URL="https://${PAYMENTS_HOST}"
|
||||
else
|
||||
ACCOUNTS_URL="${BASE_URL}/accounts"
|
||||
AUTH_URL="${BASE_URL}/auth"
|
||||
CAST_URL="${BASE_URL}/cast"
|
||||
FAMILY_URL="${BASE_URL}/family"
|
||||
ALBUMS_URL="${BASE_URL}/albums"
|
||||
SHARE_URL="${BASE_URL}/share"
|
||||
EMBED_URL="${BASE_URL}/embed"
|
||||
PAYMENTS_URL="${BASE_URL}/payments"
|
||||
fi
|
||||
|
||||
if [ "$APP_FQDN" != "localhost" ]; then
|
||||
@@ -155,13 +167,17 @@ else
|
||||
API_BASE="$BASE_URL"
|
||||
fi
|
||||
API_ORIGIN="${API_BASE}/api"
|
||||
if [[ "$PHOTOS_HOST" == *.*.* ]]; then
|
||||
RP_ID="${PHOTOS_HOST#*.}"
|
||||
else
|
||||
RP_ID="$PHOTOS_HOST"
|
||||
fi
|
||||
|
||||
log INFO "Application base URL: $BASE_URL"
|
||||
log INFO "Relying party ID: $RP_ID"
|
||||
log INFO "API origin: $API_ORIGIN"
|
||||
if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
|
||||
log INFO "Serving frontend hosts: photos=${PHOTOS_HOST}, accounts=${ACCOUNTS_HOST}, auth=${AUTH_HOST}, cast=${CAST_HOST}"
|
||||
log INFO "Serving frontend hosts: photos=${PHOTOS_HOST}, accounts=${ACCOUNTS_HOST}, auth=${AUTH_HOST}, cast=${CAST_HOST}, share=${SHARE_HOST}, embed=${EMBED_HOST}, payments=${PAYMENTS_HOST}"
|
||||
fi
|
||||
|
||||
S3_CONFIG_FILE="$CONFIG_DIR/s3.env"
|
||||
@@ -668,6 +684,151 @@ sync_dir "$APP_DIR/server/mail-templates" "$MUSEUM_RUNTIME_DIR/mail-templates"
|
||||
sync_dir "$APP_DIR/server/assets" "$MUSEUM_RUNTIME_DIR/assets"
|
||||
sync_dir "$APP_DIR/data" "$MUSEUM_RUNTIME_DIR/data"
|
||||
|
||||
customize_mail_templates() {
|
||||
local base_template="$MUSEUM_RUNTIME_DIR/mail-templates/base.html"
|
||||
if [ ! -f "$base_template" ]; then
|
||||
return
|
||||
fi
|
||||
cat > "$base_template" <<EOF_BASE_TEMPLATE
|
||||
{{define "base"}}
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<meta content="text/html; charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
|
||||
<style>
|
||||
body {
|
||||
background-color: #f0f1f3;
|
||||
font-family: "Helvetica Neue", "Segoe UI", Helvetica, sans-serif;
|
||||
font-size: 16px;
|
||||
line-height: 27px;
|
||||
margin: 0;
|
||||
color: #444;
|
||||
}
|
||||
|
||||
pre {
|
||||
background: #f4f4f4f4;
|
||||
padding: 2px;
|
||||
}
|
||||
|
||||
table {
|
||||
width: 100%;
|
||||
border: 1px solid #ddd;
|
||||
}
|
||||
|
||||
table td {
|
||||
border-color: #ddd;
|
||||
padding: 5px;
|
||||
}
|
||||
|
||||
.wrap {
|
||||
background-color: #fff;
|
||||
padding: 30px;
|
||||
max-width: 525px;
|
||||
margin: 0 auto;
|
||||
border-radius: 5px;
|
||||
}
|
||||
|
||||
.button {
|
||||
background: #0055d4;
|
||||
border-radius: 3px;
|
||||
text-decoration: none !important;
|
||||
color: #fff !important;
|
||||
font-weight: bold;
|
||||
padding: 10px 30px;
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
.button:hover {
|
||||
background: #111;
|
||||
}
|
||||
|
||||
.footer {
|
||||
text-align: center;
|
||||
font-size: 12px;
|
||||
color: #888;
|
||||
padding: 16px;
|
||||
}
|
||||
|
||||
.gutter {
|
||||
padding: 30px;
|
||||
}
|
||||
|
||||
img {
|
||||
max-width: 100%;
|
||||
height: auto;
|
||||
}
|
||||
|
||||
a {
|
||||
color: #0055d4;
|
||||
}
|
||||
|
||||
a:hover {
|
||||
color: #111;
|
||||
}
|
||||
|
||||
@media screen and (max-width: 600px) {
|
||||
.wrap {
|
||||
max-width: auto;
|
||||
}
|
||||
.gutter {
|
||||
padding: 10px;
|
||||
}
|
||||
}
|
||||
</style>
|
||||
|
||||
<body>
|
||||
<div class="gutter" style="padding: 4px"> </div>
|
||||
<div class="wrap" style="background-color: #ffffff; padding: 2px 30px 30px 30px; max-width: 525px; margin: 0 auto; border-radius: 5px; font-size: 16px;">
|
||||
<main>
|
||||
{{block "content" .}} Default Content {{end}}
|
||||
</main>
|
||||
</div>
|
||||
<br />
|
||||
<div class="footer">
|
||||
<p style="margin-bottom: 4px;">
|
||||
<strong><a href="$BASE_URL" target="_blank" style="color: #555;">$BASE_URL</a></strong>
|
||||
</p>
|
||||
<p style="margin: 0;">
|
||||
This email was sent by a self-hosted instance of the open source Ente application.
|
||||
</p>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
{{end}}
|
||||
EOF_BASE_TEMPLATE
|
||||
chown cloudron:cloudron "$base_template"
|
||||
|
||||
python3 - "$MUSEUM_RUNTIME_DIR/mail-templates" "$BASE_URL" <<'PY'
|
||||
import re
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
template_dir = Path(sys.argv[1])
|
||||
base_url = sys.argv[2]
|
||||
|
||||
footer_html = f'''
|
||||
<div class="footer" style="text-align: center; font-size: 12px; color: #888; padding: 16px;">
|
||||
<p style="margin-bottom: 4px;">
|
||||
<strong><a href="{base_url}" target="_blank" style="color: #555;">{base_url}</a></strong>
|
||||
</p>
|
||||
<p style="margin: 0;">This email was sent by a self-hosted instance of the open source Ente application.</p>
|
||||
</div>
|
||||
</body>'''.lstrip()
|
||||
|
||||
pattern = re.compile(r'<div class="footer".*?</div>\s*</body>', re.DOTALL | re.IGNORECASE)
|
||||
|
||||
for html_path in template_dir.rglob("*.html"):
|
||||
original = html_path.read_text()
|
||||
updated = pattern.sub(footer_html, original)
|
||||
if updated != original:
|
||||
html_path.write_text(updated)
|
||||
# Ownership will be fixed later by the caller
|
||||
PY
|
||||
find "$MUSEUM_RUNTIME_DIR/mail-templates" -type f -name "*.html" -exec chown cloudron:cloudron {} +
|
||||
}
|
||||
|
||||
customize_mail_templates
|
||||
|
||||
if [ ! -x "$MUSEUM_BIN" ]; then
|
||||
log ERROR "Museum binary not found at $MUSEUM_BIN"
|
||||
exit 1
|
||||
@@ -687,7 +848,8 @@ http:
|
||||
|
||||
apps:
|
||||
public-albums: "$ALBUMS_URL"
|
||||
public-locker: "$PHOTOS_URL"
|
||||
embed-albums: "$EMBED_URL"
|
||||
public-locker: "$EMBED_URL"
|
||||
accounts: "$ACCOUNTS_URL"
|
||||
cast: "$CAST_URL"
|
||||
family: "$FAMILY_URL"
|
||||
@@ -802,7 +964,7 @@ chmod 600 "$MUSEUM_CONFIG"
|
||||
|
||||
log INFO "Preparing frontend assets"
|
||||
if [ -d "$WEB_SOURCE_DIR" ]; then
|
||||
for app in photos accounts auth cast albums family; do
|
||||
for app in photos accounts auth cast albums family share embed payments; do
|
||||
if [ -d "$WEB_SOURCE_DIR/$app" ]; then
|
||||
log INFO "Updating $app frontend assets"
|
||||
rm -rf "$WEB_RUNTIME_DIR/$app"
|
||||
@@ -904,6 +1066,9 @@ if [ -d "$WEB_RUNTIME_DIR" ]; then
|
||||
"https://web.ente.io|$PHOTOS_URL"
|
||||
"https://albums.ente.io|$ALBUMS_URL"
|
||||
"https://family.ente.io|$FAMILY_URL"
|
||||
"https://share.ente.io|$SHARE_URL"
|
||||
"https://embed.ente.io|$EMBED_URL"
|
||||
"https://payments.ente.io|$PAYMENTS_URL"
|
||||
"https://ente.io|$PHOTOS_URL"
|
||||
)
|
||||
OLD_IFS="$IFS"
|
||||
@@ -954,6 +1119,20 @@ chmod 700 "$DATA_DIR/home"
|
||||
|
||||
log INFO "Rendering Caddy configuration"
|
||||
if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
|
||||
PHOTOS_HOST_MATCHERS="$PHOTOS_HOST"
|
||||
if [ "$APP_FQDN" != "$PHOTOS_HOST" ]; then
|
||||
PHOTOS_HOST_MATCHERS="$PHOTOS_HOST_MATCHERS $APP_FQDN"
|
||||
fi
|
||||
if [ "$APP_FQDN" != "$PHOTOS_HOST" ]; then
|
||||
BASE_DOMAIN_REDIRECT="
|
||||
@base_app_host host ${APP_FQDN}
|
||||
handle @base_app_host {
|
||||
redir https://${PHOTOS_HOST}{uri}
|
||||
}
|
||||
"
|
||||
else
|
||||
BASE_DOMAIN_REDIRECT=""
|
||||
fi
|
||||
cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
{
|
||||
admin off
|
||||
@@ -989,6 +1168,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
respond 204
|
||||
}
|
||||
|
||||
${BASE_DOMAIN_REDIRECT}\
|
||||
handle_path /api/* {
|
||||
@api_cors_subdomain header Origin *
|
||||
header @api_cors_subdomain {
|
||||
@@ -1011,6 +1191,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
handle /health {
|
||||
rewrite * /ping
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1020,6 +1201,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
|
||||
handle /ping {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1028,12 +1210,22 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
|
||||
handle /public/* {
|
||||
reverse_proxy localhost:8080
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||||
}
|
||||
}
|
||||
|
||||
@user_api path_regexp user_api ^/users($|/.*)
|
||||
@user_api {
|
||||
host ${PHOTOS_HOST_MATCHERS}
|
||||
path_regexp user_api ^/users($|/.*)
|
||||
}
|
||||
handle @user_api {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1042,11 +1234,13 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
|
||||
@museum_api_get {
|
||||
host ${PHOTOS_HOST_MATCHERS}
|
||||
method GET HEAD
|
||||
path_regexp museum_api_get ^/(admin|authenticator|billing|cast|collections|custom-domain|diff|discount|email-hash|emails-from-hashes|emergency-contacts|family|file|file-link|files|fire|info|job|mail|metrics|multipart-upload-urls|offers|options|pass-info|passkeys|public-collection|push|queue|remote-store|storage-bonus|thumbnail|trash|unknown-api|upload-urls|user|user-entity|verify-password)(/|$)
|
||||
}
|
||||
handle @museum_api_get {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1055,11 +1249,13 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
|
||||
@write_methods {
|
||||
host ${PHOTOS_HOST_MATCHERS}
|
||||
not method GET
|
||||
not method HEAD
|
||||
}
|
||||
handle @write_methods {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1067,7 +1263,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
}
|
||||
|
||||
@photos_host host ${PHOTOS_HOST}
|
||||
@photos_host host ${PHOTOS_HOST_MATCHERS}
|
||||
handle @photos_host {
|
||||
root * $WEB_RUNTIME_DIR/photos
|
||||
try_files {path} {path}/index.html {path}.html index.html
|
||||
@@ -1109,6 +1305,27 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
file_server
|
||||
}
|
||||
|
||||
@share_host host ${SHARE_HOST}
|
||||
handle @share_host {
|
||||
root * $WEB_RUNTIME_DIR/share
|
||||
try_files {path} {path}/index.html {path}.html index.html
|
||||
file_server
|
||||
}
|
||||
|
||||
@embed_host host ${EMBED_HOST}
|
||||
handle @embed_host {
|
||||
root * $WEB_RUNTIME_DIR/embed
|
||||
try_files {path} {path}/index.html {path}.html index.html
|
||||
file_server
|
||||
}
|
||||
|
||||
@payments_host host ${PAYMENTS_HOST}
|
||||
handle @payments_host {
|
||||
root * $WEB_RUNTIME_DIR/payments
|
||||
try_files {path} {path}/index.html {path}.html index.html
|
||||
file_server
|
||||
}
|
||||
|
||||
handle {
|
||||
respond "Not Found" 404
|
||||
}
|
||||
@@ -1172,6 +1389,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
handle /health {
|
||||
rewrite * /ping
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1181,6 +1399,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
|
||||
handle /ping {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1189,12 +1408,19 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
|
||||
handle /public/* {
|
||||
reverse_proxy localhost:8080
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||||
}
|
||||
}
|
||||
|
||||
@user_api_path path_regexp user_api_path ^/users($|/.*)
|
||||
handle @user_api_path {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1208,6 +1434,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
handle @museum_api_get_path {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1221,6 +1448,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
}
|
||||
handle @write_methods_path {
|
||||
reverse_proxy localhost:8080 {
|
||||
trusted_proxies private_ranges
|
||||
header_up Host {http.request.host}
|
||||
header_up X-Real-IP {http.request.header.X-Forwarded-For}
|
||||
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
|
||||
@@ -1230,7 +1458,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
|
||||
handle /_next/* {
|
||||
root * $WEB_RUNTIME_DIR
|
||||
try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path}
|
||||
try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path} share{path} embed{path} payments{path}
|
||||
file_server
|
||||
}
|
||||
|
||||
@@ -1269,6 +1497,24 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
|
||||
file_server
|
||||
}
|
||||
|
||||
handle /share/* {
|
||||
root * $WEB_RUNTIME_DIR
|
||||
try_files {path} {path}/index.html /share/index.html
|
||||
file_server
|
||||
}
|
||||
|
||||
handle /embed/* {
|
||||
root * $WEB_RUNTIME_DIR
|
||||
try_files {path} {path}/index.html /embed/index.html
|
||||
file_server
|
||||
}
|
||||
|
||||
handle /payments/* {
|
||||
root * $WEB_RUNTIME_DIR
|
||||
try_files {path} {path}/index.html /payments/index.html
|
||||
file_server
|
||||
}
|
||||
|
||||
handle /photos/* {
|
||||
root * $WEB_RUNTIME_DIR
|
||||
try_files {path} {path}/index.html /photos/index.html
|
||||
|
||||
Reference in New Issue
Block a user