Yves Gugger
800379b581
Some checks failed
CI / Frontend Lint & Type Check (push) Has been cancelled
CI / Frontend Build (push) Has been cancelled
CI / Backend Lint (push) Has been cancelled
CI / Backend Tests (push) Has been cancelled
CI / Docker Build (push) Has been cancelled
CI / Security Scan (push) Has been cancelled
Deploy / Build & Push Images (push) Has been cancelled
Deploy / Deploy to Server (push) Has been cancelled
Deploy / Notify (push) Has been cancelled
- Updated yield_dns.py to support A-record verification (simplest method!) - A-record pointing to 46.235.147.194 is now the primary verification method - Added Nginx catch-all config for yield domains - DNS schema updated with method and actual_a fields - CoreDNS installed but Port 53 blocked by hosting provider
99 lines
3.0 KiB
Bash
99 lines
3.0 KiB
Bash
#!/bin/bash
|
|
# ============================================================================
|
|
# Pounce Yield HTTP Routing Setup
|
|
# ============================================================================
|
|
# This sets up Nginx to catch-all domains pointing to our server
|
|
# and route them to the Pounce backend for Yield landing pages.
|
|
#
|
|
# Instead of Nameserver delegation (which requires Port 53),
|
|
# users simply set an A-record pointing to our IP.
|
|
#
|
|
# Usage: sudo bash setup_yield_nginx.sh
|
|
# ============================================================================
|
|
|
|
set -e
|
|
|
|
echo "=========================================="
|
|
echo "Pounce Yield HTTP Routing Setup"
|
|
echo "=========================================="
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "ERROR: Please run as root (sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
NGINX_CONF="/etc/nginx/sites-available/yield-catchall"
|
|
SERVER_IP="46.235.147.194"
|
|
|
|
echo "[1/3] Creating Nginx catch-all config for Yield..."
|
|
|
|
cat > "$NGINX_CONF" << 'NGINX'
|
|
# Pounce Yield Catch-All Server
|
|
# This catches all domains pointing to our server that aren't pounce.ch
|
|
# and routes them to the Yield routing backend.
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
# Catch all hostnames except pounce.ch
|
|
server_name _;
|
|
|
|
# Skip if it's pounce.ch or www.pounce.ch
|
|
if ($host ~* ^(www\.)?pounce\.ch$) {
|
|
return 444; # Close connection, let the main server block handle it
|
|
}
|
|
|
|
# Route all traffic to backend yield routing
|
|
location / {
|
|
# Rewrite to /api/v1/r/{hostname}
|
|
set $yield_domain $host;
|
|
|
|
proxy_pass http://127.0.0.1:8000/api/v1/r/$yield_domain;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Yield-Domain $host;
|
|
|
|
# Handle errors gracefully
|
|
proxy_intercept_errors on;
|
|
error_page 404 502 503 504 = @yield_fallback;
|
|
}
|
|
|
|
# Fallback for domains not configured in Yield
|
|
location @yield_fallback {
|
|
return 302 https://pounce.ch/yield?domain=$host;
|
|
}
|
|
}
|
|
NGINX
|
|
|
|
echo "[2/3] Enabling site and testing config..."
|
|
|
|
# Enable the site if not already
|
|
if [ ! -f "/etc/nginx/sites-enabled/yield-catchall" ]; then
|
|
ln -sf "$NGINX_CONF" /etc/nginx/sites-enabled/yield-catchall
|
|
fi
|
|
|
|
# Test nginx config
|
|
nginx -t
|
|
|
|
echo "[3/3] Reloading Nginx..."
|
|
systemctl reload nginx
|
|
|
|
echo ""
|
|
echo "=========================================="
|
|
echo "✅ Yield HTTP Routing configured!"
|
|
echo "=========================================="
|
|
echo ""
|
|
echo "How it works:"
|
|
echo "1. User sets A-record for their domain to: $SERVER_IP"
|
|
echo "2. When someone visits the domain, Nginx catches it"
|
|
echo "3. Traffic is routed to /api/v1/r/{domain}"
|
|
echo "4. Backend serves the Yield landing page"
|
|
echo ""
|
|
echo "No DNS server (Port 53) required!"
|
|
echo "=========================================="
|