certs: Use TWEAK domain certs if set

snikket-im / snikket-web-proxy

Apache License 2.0

6 stars 7 forks source link

certs: Use TWEAK domain certs if set #14

Open Rijul-A opened 2 years ago

Rijul-A commented 2 years ago

Web proxy extension of snikket-im/snikket-server#69

mwild1 commented 11 months ago

:wave:

I'm trying to piece things together so we could rebase and merge this PR prior to the upcoming release. I'm not aiming for full support of split-domain setups in this release, but I'd like to make any small safe steps that we can towards it. This seems like one!

I see that SNIKKET_TWEAK_CERT_DOMAIN is being pulled from SNIKKET_TWEAK_XMPP_DOMAIN. But in the case of a split-domain setup, we want nginx to have certs for the web domain, right?

Rijul-A commented 11 months ago

Hey Matt! How have you been?

I have forgotten some of what I wrote back then but you are correct. If SNIKKET_TWEAK_XMPP_DOMAIN is set, the jids are of the form user@SNIKKET_TWEAK_XMPP_DOMAIN and the web portal is still hosted on SNIKKET_DOMAIN. This means that certificates for SNIKKET_DOMAIN should be used.