move my sandstorm node to my own domain

[dckc]

16:05 i still use sandcats.io, though i did read a post on the list earlier this year that you could use your own domain now that letsencrypt supports wildcard certs. https://freenode.irclog.whitequark.org/sandstorm/2019-12-28#26041192;domain

[dckc]

@timmc dckc: The core of it is hooking up certbot to some mechanism for setting DNS records with your domain provider: https://github.com/timmc/commapps/blob/master/ansible/roles/sandstorm/files/certbot/scripts/renew-one-cert.sh

[timmc]

And here's the nginx side of things, which is a modification of the suggested Sandstorm config: https://github.com/timmc/commapps/blob/master/ansible/roles/sandstorm/templates/nginx-sites/sandstorm.conf.j2

[dckc]

@timmc how did you set up wildcard DNS in nearlyfreespeech.net? Their FAQ says they don't support it.

[timmc]

Hmm! That's inaccurate or misleading and I'll poke them about updating it. Here's what it says at the moment:

No, we do not presently support wildcard DNS; adding support for wildcard aliases would slow down everybody, even people who weren't using them.

Perhaps they don't support wildcard A records, but I have a wildcard CNAME set up there.

*.sandstorm.appux.com CNAME t.timmc.org.
sandstorm.appux.com CNAME t.timmc.org.

t.timmc.org CNAME kibble.mooo.com.

And then kibble.mooo.com is a https://freedns.afraid.org/ dynamic DNS entry that gets updated by another Ansible-configured cron job. There's no real reason to have several layers of CNAMEs there, and I'll probably shorten it at some point.

[timmc]

Update: Looks like I can directly create wildcard A records as well.

Update 2: Word of god, from the forums: « You can create your own wildcard DNS records pointing to other stuff, no problem. » Apparently the FAQ entry is supposed to refer to wildcard site aliases, and will be clarified at some point.