From: INOPIAE Date: Tue, 9 Jun 2020 08:04:25 +0000 (+0200) Subject: add: information to rewrite url on gigi pages to external URL X-Git-Url: https://code.wpia.club/?p=infra.git;a=commitdiff_plain;h=9d3627864cbecfaa0d770d5854acb8e695c9a86e add: information to rewrite url on gigi pages to external URL Change-Id: I7599ff2a469a47fa8830a48508be309dcf3156f5 --- diff --git a/bootstrap-user b/bootstrap-user index 76935bd..d1e6f8e 100755 --- a/bootstrap-user +++ b/bootstrap-user @@ -238,7 +238,7 @@ mccurl "account/domains/$domain" > $folder/domainStatus echo "Issuing certificate for web" -if issue mccurl "profile=server-orga&CN=&SANs=dns%3Awww.$domainName%2Cdns%3Astatic.$domainName%2Cdns%3Aapi.$domainName%2Cdns%3Asecure.$domainName"; then +if issue mccurl "profile=server-orga&CN=&SANs=dns%3Awww.$domainName%2Cdns%3Astatic.$domainName%2Cdns%3Aapi.$domainName%2Cdns%3Asecure.$domainName%2Cdns%3Alink.$domainName"; then cp $folder/cert.crt modules/gigi/files/gigi.crt setfacl -m user:puppet:r $folder/priv cp --preserve=all $folder/priv modules/gigi/files/gigi.key diff --git a/manager/admin-manage-certificates b/manager/admin-manage-certificates index 1a42f9d..c73ac5e 100755 --- a/manager/admin-manage-certificates +++ b/manager/admin-manage-certificates @@ -79,7 +79,7 @@ while true; do options="profile=server-orga&CN=&SANs=quiz.$domain" case ${line#ISSUE } in "modules/gigi/files/gigi") - options="profile=server-orga&CN=&SANs=www.$domain%0Asecure.$domain%0Astatic.$domain%0Aapi.$domain%0A" + options="profile=server-orga&CN=&SANs=www.$domain%0Asecure.$domain%0Astatic.$domain%0Aapi.$domain%0Alink.$domain%0A" ;; "modules/pootle/files/web") options="profile=server-orga&CN=&SANs=pootle.$domain" diff --git a/modules/gigi/templates/nginx.epp b/modules/gigi/templates/nginx.epp index a6ec425..b6275c2 100644 --- a/modules/gigi/templates/nginx.epp +++ b/modules/gigi/templates/nginx.epp @@ -61,3 +61,45 @@ server { root /data/challenge; } } + +# `map` can only be used at the http level +map $uri $redir_dest { + default ""; + /policy "https://policy.wpia.club"; + /policy/dataPrivacy "https://policy.wpia.club/data_protection_policy.html"; + /policy/ToS "https://policy.wpia.club/terms_of_service.pdf"; + /policy/CPS "https://policy.wpia.club/cp.pdf"; + /policy/verification "https://policy.wpia.club/verification_policy.html"; + /policy/raagent "https://policy.wpia.club/policies/ra_agent_verification_policy.html"; + /policy/organisation "https://policy.wpia.club/policies/organisation_verification_policy.html"; + /policy/ttp "https://policy.wpia.club/policies/ttp_verification_policy.html"; + /policy/nucleus "https://policy.wpia.club/policies/nucleus_verification_policy.html"; + /kb/acceptableDocuments "https://documents.wpia.club/kb/acceptableDocuments.html"; + /kb/agentQualifyingChallenge "https://documents.wpia.club/agent-qualifying-challenge.html"; + /kb/gigi "https://documents.wpia.club/gigi-user-documentation.html"; + /kb/CSR "https://documents.wpia.club/index.html#how-to-other-documents"; + /kb/names "https://policy.wpia.club/handbooks/names_handbook.html"; + /kb/lostPassword "https://documents.wpia.club/index.html#how-to-password"; + /kb/goodPassword "https://documents.wpia.club/index.html#how-to-password"; + /kb/knownPasswordHash "https://documents.wpia.club/index.html#how-to-password"; + /kb/verificationHandbook "https://documents.wpia.club/kb/verificationHandbook"; + /kb/truststores "https://documents.wpia.club/index.html#how-to-other-documents"; + /ttp/user "https://documents.wpia.club"; + /ttp/country "https://documents.wpia.club"; + /blog "https://wpia.club"; + /imprint "https://documents.wpia.club/imprint.html"; + /isocode "https://www.iso.org/iso/home/standards/country_codes/iso-3166-1_decoding_table.htm"; +} + +server { + listen 0.0.0.0:443 ssl; + server_name link.<%=$systemDomain%>; + ssl_certificate /etc/ssl/private/gigi.crt; + ssl_certificate_key /etc/ssl/private/gigi.key; + + if ($redir_dest = "") { + return 404; + } + + return 302 $redir_dest; +}