Skip to content

Commit

Permalink
staging
Browse files Browse the repository at this point in the history
  • Loading branch information
thestinger committed Sep 24, 2023
1 parent 4cc97ca commit 77ba6d3
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 20 deletions.
2 changes: 1 addition & 1 deletion deploy-server
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ fi
rm -rf build
./gradlew build

[email protected]
remote=root@staging.attestation.app
path=/opt/attestation
active=$(ssh $remote readlink $path/deploy)

Expand Down
2 changes: 1 addition & 1 deletion deploy-static
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ fi

./process-static $fd

[email protected]
remote=root@staging.attestation.app
active=$(ssh $remote readlink /srv/attestation.app)

if [[ $active = /srv/attestation.app_a ]]; then
Expand Down
23 changes: 6 additions & 17 deletions nginx/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,8 @@ http {
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;

ssl_certificate /etc/letsencrypt/live/attestation.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/attestation.app/privkey.pem;
ssl_certificate /etc/letsencrypt/live/staging.attestation.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staging.attestation.app/privkey.pem;

# maintained by nginx-rotate-session-ticket-keys in ramfs
ssl_session_ticket_key session-ticket-keys/4.key;
Expand All @@ -79,11 +79,11 @@ http {
ssl_session_timeout 1d;
ssl_buffer_size 4k;

ssl_trusted_certificate /etc/letsencrypt/live/attestation.app/chain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/staging.attestation.app/chain.pem;
ssl_stapling on;
ssl_stapling_verify on;
# maintained by certbot-ocsp-fetcher
ssl_stapling_file /var/cache/certbot-ocsp-fetcher/attestation.app.der;
ssl_stapling_file /var/cache/certbot-ocsp-fetcher/staging.attestation.app.der;

log_format main '$connection-$connection_requests $remote_addr $remote_user $ssl_protocol $server_protocol '
'$host $request_method "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent '
Expand Down Expand Up @@ -125,7 +125,7 @@ http {
server {
listen 80;
listen [::]:80;
server_name attestation.app www.attestation.app;
server_name staging.attestation.app;

keepalive_timeout 0;

Expand Down Expand Up @@ -154,18 +154,7 @@ http {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.attestation.app;

include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;

return 301 https://attestation.app$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name attestation.app;
server_name staging.attestation.app;

include root_attestation.app.conf;
error_page 403 =404 /404;
Expand Down
3 changes: 3 additions & 0 deletions nginx/snippets/security-headers.conf
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# staging site (not a security header)
add_header X-Robots-Tag "noindex" always;

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
# Firefox applies Referrer-Policy to the Origin header
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public class AttestationServer {
private static final int HISTORY_PER_PAGE = 20;
private static final long MMAP_SIZE = 1024 * 1024 * 1024;

static final String DOMAIN = "attestation.app";
static final String DOMAIN = "staging.attestation.app";
private static final String ORIGIN = "https://" + DOMAIN;

private static final Logger logger = Logger.getLogger(AttestationServer.class.getName());
Expand Down

0 comments on commit 77ba6d3

Please sign in to comment.