Forem Creators and Builders 🌱

Discussion on: www. or nah

Collapse
 
djuber profile image
Daniel Uber • Edited

Otherwise, if you wanted to use both names, and can't do this via a DNS redirect or rule, it's likely possible, but definitely untested, and not something the selfhost deploy recipe will handle for you. I can't stress strongly enough that if you're going to edit the traefik configuration files that you make a backup copy before you do. I did not test this and it might cause the service to fail to start completely.


Warranty void if cover removed

The core issue is that while the DNS setup sends all traffic for both names to your forem server, only the one name (www) is available for https traffic. Apart from the APP_DOMAIN environment variable in /opt/forem/envs/rails.env, the main issue is the traefik http router.

It also appears that there is no SSL certificate valid for tacosdedatos.dev answering (there is for tacosdedatos.dev only). These are requested from letsencrypt based on the traefik configuration. The static config /opt/forem/configs/traefik/traefik.toml handles the redirect to secure, and the configuration to use letsencrypt as the certificate authority is configured there, and reading traefik's documentation suggests the domains to request certificates for go into the dynamic config /opt/forem/configs/traefik/dynamic.toml. This is setup in the selfhost ansible template here.

The "app_domain" used during the deployment script gets interpolated into the rule for the "forem" router - it's possible that adding a second rule or amending the existing router's rule to include both tacosdedatos.dev and tacosdedatos.dev (see doc.traefik.io/traefik/routing/rou... for how this looks) would work.

Assuming you had a line like this in the http.routers.forem section of the dynamic config file

 rule = "Host(`www.tacosdedatos.dev`) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)"
Enter fullscreen mode Exit fullscreen mode

You might want instead this rule to handle routing requests (accept either www or the apex domain as a host):

rule = "( Host(`www.tacosdedatos.dev`) || Host(`tacosdedatos.dev`) ) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)"
Enter fullscreen mode Exit fullscreen mode

I am reading the docs here, and not testing, but it looks like the domains can be added to the issued certificate by putting the SAN (subject alternate name) in the routers.forem.tls.domains section (this does not exist yet). See doc.traefik.io/traefik/routing/rou... for this sections documentation.

It's possible that means the dynamic config/routers section might need to look like this, restart the traefik service, and try both domains (the traefik docs suggest this will validate both names when letsencrypt issues the certificate).

        [http.routers]
          [http.routers.forem]
            entrypoints= ["web", "websecure"]
            rule = "(Host(`www.tacosdedatos.dev`)  || Host(`tacosdedatos.dev`) ) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)"
            service = "forem"
            middlewares = ["security"]
            [http.routers.forem.tls]
              certResolver = "forem"
              [[http.routers.forem.tls.domains]]
                 main = "tacosdedatos.dev"
                 sans = ["www.tacosdedatos.dev"]
Enter fullscreen mode Exit fullscreen mode

I'm not aware of anything that redirects from one name to the other (that appears to be setup between the APP_DOMAIN environment variable and the app domain general setting in the rails app, handling one redirect from the original APP_DOMAIN in the environment file, to the configured domain from the settings), if the same resource is available both at the www and apex domain url there might be some implications to SEO. I don't see an option to set the app_domain in the settings page in admin (I'm possibly missing something obvious) - but it would be in the site_configs table or set by saving Settings::General.app_domain from ruby. If you're seeing both domains resolving and not one redirecting to the other, leveraging this redirect (where the environment variable is valid, but redirect to the setting when the setting differs) might do it.

Collapse
 
chekos profile image
Sergio Sánchez Zavala

wow thank you so much!! This was fantastic!!!

this actually helped me move my forem instance from tacosdedatos.dev to tacosdedatos.com without issues 💖 (just updating the rails.env and dynamic.toml files, for others that might be interested).

Thank you again, this was very helpful and illuminating!!