staging

GrapheneOS · Sep 24, 2023 · e55dd69 · e55dd69
1 parent 238f418
commit e55dd69
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 22 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,11 +10,11 @@ jobs:
       - uses: actions/checkout@v4
         with:
           submodules: true
-      - name: Set up JDK 21
+      - name: Set up JDK 20
         uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
-          java-version: 21
+          java-version: 20
           cache: gradle
       - name: Build with Gradle
         run: ./gradlew build --no-daemon
diff --git a/deploy-server b/deploy-server
@@ -12,7 +12,7 @@ fi
 rm -rf build
 ./gradlew build
 
-[email protected]
+remote=root@staging.attestation.app
 path=/opt/attestation
 active=$(ssh $remote readlink $path/deploy)
 

diff --git a/deploy-static b/deploy-static
@@ -11,7 +11,7 @@ fi
 
 ./process-static $fd
 
-[email protected]
+remote=root@staging.attestation.app
 active=$(ssh $remote readlink /srv/attestation.app)
 
 if [[ $active = /srv/attestation.app_a ]]; then

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -68,8 +68,8 @@ http {
     ssl_prefer_server_ciphers on;
     ssl_conf_command Options PrioritizeChaCha;
 
-    ssl_certificate /etc/letsencrypt/live/attestation.app/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/attestation.app/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/staging.attestation.app/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/staging.attestation.app/privkey.pem;
 
     # maintained by nginx-rotate-session-ticket-keys in ramfs
     ssl_session_ticket_key session-ticket-keys/4.key;
@@ -79,11 +79,11 @@ http {
     ssl_session_timeout 1d;
     ssl_buffer_size 4k;
 
-    ssl_trusted_certificate /etc/letsencrypt/live/attestation.app/chain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/staging.attestation.app/chain.pem;
     ssl_stapling on;
     ssl_stapling_verify on;
     # maintained by certbot-ocsp-fetcher
-    ssl_stapling_file /var/cache/certbot-ocsp-fetcher/attestation.app.der;
+    ssl_stapling_file /var/cache/certbot-ocsp-fetcher/staging.attestation.app.der;
 
     log_format main '$connection-$connection_requests $remote_addr $remote_user $ssl_protocol $server_protocol '
         '$host $request_method "$request_uri" $status $request_length $body_bytes_sent/$bytes_sent '
@@ -125,7 +125,7 @@ http {
     server {
         listen 80;
         listen [::]:80;
-        server_name attestation.app www.attestation.app;
+        server_name staging.attestation.app;
 
         keepalive_timeout 0;
 
@@ -154,18 +154,7 @@ http {
     server {
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
-        server_name www.attestation.app;
-
-        include snippets/security-headers.conf;
-        add_header Cross-Origin-Resource-Policy "same-origin" always;
-
-        return 301 https://attestation.app$request_uri;
-    }
-
-    server {
-        listen 443 ssl http2;
-        listen [::]:443 ssl http2;
-        server_name attestation.app;
+        server_name staging.attestation.app;
 
         include root_attestation.app.conf;
         error_page 403 =404 /404;

diff --git a/nginx/snippets/security-headers.conf b/nginx/snippets/security-headers.conf
@@ -1,3 +1,6 @@
+# staging site (not a security header)
+add_header X-Robots-Tag "noindex" always;
+
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 add_header X-Content-Type-Options "nosniff" always;
 # Firefox applies Referrer-Policy to the Origin header

diff --git a/src/main/java/app/attestation/server/AttestationServer.java b/src/main/java/app/attestation/server/AttestationServer.java
@@ -82,7 +82,7 @@ public class AttestationServer {
     private static final int HISTORY_PER_PAGE = 20;
     private static final long MMAP_SIZE = 1024 * 1024 * 1024;
 
-    static final String DOMAIN = "attestation.app";
+    static final String DOMAIN = "staging.attestation.app";
     private static final String ORIGIN = "https://" + DOMAIN;
 
     private static final Logger logger = Logger.getLogger(AttestationServer.class.getName());