CroneKorkN
6f2073847d
Two things from the left4me-integration session worth pinning:
- 80.conf was orphaned in sites/ (not sites-enabled/) for an
unknown amount of time. Commit d49259f moved it; document the
resulting wiring so it's not re-broken accidentally.
- items.py reads node.metadata.get('vm/cores') with no default
for worker_processes; bare-metal nodes outside the vm group
raise at item-build time. Cost the agent ~10 min when
ovh.left4me first opted into webserver.
Also note the cross-namespace read on letsencrypt/domains.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1.3 KiB
1.3 KiB
nginx
Webserver. Per-node vhosts in nginx/vhosts; per-vhost templates in
data/nginx/*.conf.
How port 80 is served
The bundle ships a fixed 80.conf to
/etc/nginx/sites-available/80.conf (picked up by the
sites-enabled/ symlink) that handles all port-80 traffic
across vhosts:
- ACME HTTP-01 challenges (
/.well-known/acme-challenge/) are served from/var/lib/dehydrated/acme-challenges/. - All other port-80 requests are 301-redirected to
https://$host$request_uri.
Per-vhost templates only declare listen 443 ssl http2;, so they
don't need their own port-80 server blocks. If you need vhost-
specific port-80 behaviour (e.g. plain-HTTP without redirect),
override 80.conf or add a per-vhost block.
Required metadata
vm/cores— read directly byitems.pyforworker_processes. No default;bw items <node>raises at item-build time if missing. Typically supplied by thevmbundle / hetzner-vm group; double- check on bare-metal hosts.nginx/vhosts— dict of vhost-name → vhost-config.nginx/modules— list of dynamic modules to load.
Cross-namespace
items.py reads letsencrypt/domains to skip emitting a per-vhost
HTTPS block when LE hasn't declared the domain yet — keeps the
bundle loadable on a node where letsencrypt isn't fully wired up.