if I go to tacosdedatos.dev on my computer browser it'll redirect me to tacosdedatos.dev no problem
This is probably the browser rewriting the url for you, and not the server redirecting, the two http names redirect to https:// but preserve the original name. It's possible that the mobile browser isn't doing this url fixup for you and the desktop browser is.
after deploying, can I change the URL
I don't think this is along the "happy path" of things the selfhost recipe makes easy.
I have heard from other users that this setup is achievable in Cloudflare, if you move your DNS there. The forem instance would only see traffic on the www subdomain and the ssl would work (it already does). I think this is what dev.to is doing in reverse, all traffic to dev.to is redirected to dev.to by cloudflare. community.cloudflare.com/t/the-per... might cover that use case accurately. This is the easist fix as long as you want the www subdomain to continue to work as well, and expect all traffic to be redirected to the same location at tacosdedatos.dev/ which already works. It looks like Christina said this is doable in Namecheap, also. I don't know what that would look like for a Google domain.
If you originally deployed with subdomain www, and don't want that subdomain to work at all, or need it to redirect, and for all requests to use the base domain only, (you only want tacosdedatos.dev/ to work), you can redeploy using no subdomain (this probably replaces your data, if you've done much setup already besides deploying).
Otherwise, if you wanted to use both names, and can't do this via a DNS redirect or rule, it's likely possible, but definitely untested, and not something the selfhost deploy recipe will handle for you. I can't stress strongly enough that if you're going to edit the traefik configuration files that you make a backup copy before you do. I did not test this and it might cause the service to fail to start completely.
Warranty void if cover removed
The core issue is that while the DNS setup sends all traffic for both names to your forem server, only the one name (www) is available for https traffic. Apart from the APP_DOMAIN environment variable in /opt/forem/envs/rails.env, the main issue is the traefik http router.
It also appears that there is no SSL certificate valid for tacosdedatos.dev answering (there is for tacosdedatos.dev only). These are requested from letsencrypt based on the traefik configuration. The static config /opt/forem/configs/traefik/traefik.toml handles the redirect to secure, and the configuration to use letsencrypt as the certificate authority is configured there, and reading traefik's documentation suggests the domains to request certificates for go into the dynamic config /opt/forem/configs/traefik/dynamic.toml. This is setup in the selfhost ansible template here.
The "app_domain" used during the deployment script gets interpolated into the rule for the "forem" router - it's possible that adding a second rule or amending the existing router's rule to include both tacosdedatos.dev and tacosdedatos.dev (see doc.traefik.io/traefik/routing/rou... for how this looks) would work.
Assuming you had a line like this in the http.routers.forem section of the dynamic config file
I am reading the docs here, and not testing, but it looks like the domains can be added to the issued certificate by putting the SAN (subject alternate name) in the routers.forem.tls.domains section (this does not exist yet). See doc.traefik.io/traefik/routing/rou... for this sections documentation.
It's possible that means the dynamic config/routers section might need to look like this, restart the traefik service, and try both domains (the traefik docs suggest this will validate both names when letsencrypt issues the certificate).
I'm not aware of anything that redirects from one name to the other (that appears to be setup between the APP_DOMAIN environment variable and the app domain general setting in the rails app, handling one redirect from the original APP_DOMAIN in the environment file, to the configured domain from the settings), if the same resource is available both at the www and apex domain url there might be some implications to SEO. I don't see an option to set the app_domain in the settings page in admin (I'm possibly missing something obvious) - but it would be in the site_configs table or set by saving Settings::General.app_domain from ruby. If you're seeing both domains resolving and not one redirecting to the other, leveraging this redirect (where the environment variable is valid, but redirect to the setting when the setting differs) might do it.
this actually helped me move my forem instance from tacosdedatos.dev to tacosdedatos.com without issues 💖 (just updating the rails.env and dynamic.toml files, for others that might be interested).
Thank you again, this was very helpful and illuminating!!
For further actions, you may consider blocking this person and/or reporting abuse
Hi Sergio,
This is probably the browser rewriting the url for you, and not the server redirecting, the two http names redirect to https:// but preserve the original name. It's possible that the mobile browser isn't doing this url fixup for you and the desktop browser is.
I don't think this is along the "happy path" of things the selfhost recipe makes easy.
I have heard from other users that this setup is achievable in Cloudflare, if you move your DNS there. The forem instance would only see traffic on the www subdomain and the ssl would work (it already does). I think this is what dev.to is doing in reverse, all traffic to dev.to is redirected to dev.to by cloudflare. community.cloudflare.com/t/the-per... might cover that use case accurately. This is the easist fix as long as you want the www subdomain to continue to work as well, and expect all traffic to be redirected to the same location at tacosdedatos.dev/ which already works. It looks like Christina said this is doable in Namecheap, also. I don't know what that would look like for a Google domain.
If you originally deployed with subdomain www, and don't want that subdomain to work at all, or need it to redirect, and for all requests to use the base domain only, (you only want tacosdedatos.dev/ to work), you can redeploy using no subdomain (this probably replaces your data, if you've done much setup already besides deploying).
Otherwise, if you wanted to use both names, and can't do this via a DNS redirect or rule, it's likely possible, but definitely untested, and not something the selfhost deploy recipe will handle for you. I can't stress strongly enough that if you're going to edit the traefik configuration files that you make a backup copy before you do. I did not test this and it might cause the service to fail to start completely.
Warranty void if cover removed
The core issue is that while the DNS setup sends all traffic for both names to your forem server, only the one name (www) is available for https traffic. Apart from the APP_DOMAIN environment variable in /opt/forem/envs/rails.env, the main issue is the traefik http router.
It also appears that there is no SSL certificate valid for tacosdedatos.dev answering (there is for tacosdedatos.dev only). These are requested from letsencrypt based on the traefik configuration. The static config /opt/forem/configs/traefik/traefik.toml handles the redirect to secure, and the configuration to use letsencrypt as the certificate authority is configured there, and reading traefik's documentation suggests the domains to request certificates for go into the dynamic config /opt/forem/configs/traefik/dynamic.toml. This is setup in the selfhost ansible template here.
The "app_domain" used during the deployment script gets interpolated into the rule for the "forem" router - it's possible that adding a second rule or amending the existing router's rule to include both tacosdedatos.dev and tacosdedatos.dev (see doc.traefik.io/traefik/routing/rou... for how this looks) would work.
Assuming you had a line like this in the http.routers.forem section of the dynamic config file
You might want instead this rule to handle routing requests (accept either www or the apex domain as a host):
I am reading the docs here, and not testing, but it looks like the domains can be added to the issued certificate by putting the SAN (subject alternate name) in the routers.forem.tls.domains section (this does not exist yet). See doc.traefik.io/traefik/routing/rou... for this sections documentation.
It's possible that means the dynamic config/routers section might need to look like this, restart the traefik service, and try both domains (the traefik docs suggest this will validate both names when letsencrypt issues the certificate).
I'm not aware of anything that redirects from one name to the other (that appears to be setup between the APP_DOMAIN environment variable and the app domain general setting in the rails app, handling one redirect from the original APP_DOMAIN in the environment file, to the configured domain from the settings), if the same resource is available both at the www and apex domain url there might be some implications to SEO. I don't see an option to set the app_domain in the settings page in admin (I'm possibly missing something obvious) - but it would be in the site_configs table or set by saving
Settings::General.app_domainfrom ruby. If you're seeing both domains resolving and not one redirecting to the other, leveraging this redirect (where the environment variable is valid, but redirect to the setting when the setting differs) might do it.wow thank you so much!! This was fantastic!!!
this actually helped me move my forem instance from tacosdedatos.dev to tacosdedatos.com without issues 💖 (just updating the
rails.envanddynamic.tomlfiles, for others that might be interested).Thank you again, this was very helpful and illuminating!!