archweb: Allow any origin to see our .well-known redirects

Required to get .well-known working with web clients.

archweb: Allow any origin to see our .well-known redirects
Required to get .well-known working with web clients.
c67e25be · Jan Alexander Steffens (heftig) · Jan Alexander Steffens (heftig) · 1893d35b · c67e25be
Commit c67e25be authored Aug 19, 2020 by Jan Alexander Steffens (heftig) Committed by Jan Alexander Steffens (heftig) Sep 30, 2020
--- a/roles/archweb/templates/nginx.d.conf.j2
+++ b/roles/archweb/templates/nginx.d.conf.j2
@@ -21,6 +21,11 @@ server {

    include snippets/letsencrypt.conf;

+    location /.well-known {
+        add_header Access-Control-Allow-Origin *;
+        return 301 https://$server_name$request_uri;
+    }
+
    location / {
        access_log off;
        return 301 https://$server_name$request_uri;
@@ -39,6 +44,11 @@ server {
    ssl_certificate_key  /etc/letsencrypt/live/{{ archweb_domain }}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{{ archweb_domain }}/chain.pem;

+    location /.well-known {
+        add_header Access-Control-Allow-Origin *;
+        return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};
+    }
+
    location / {
        access_log off;
        return 301 https://{{ archweb_domain }}{{ domain['redirect']|default('$request_uri') }};