DNS: added www subdomain to zonefile

nginx: redirect www. to non-www
Fix indentation in nginx.conf.j2
2026-05-12 17:14:36 +00:00 · 2024-01-12 12:18:41 +00:00 · 2024-01-12 12:18:41 +00:00 · 2024-01-12 12:18:41 +00:00 · 2024-01-12 12:18:41 +00:00 · 2024-01-12 12:18:41 +00:00
4 changed files with 22 additions and 10 deletions
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -424,7 +424,10 @@ def deploy_chatmail(config_path: Path) -> None:
    )
    # Deploy acmetool to have TLS certificates.
-    deploy_acmetool(nginx_hook=True, domains=[mail_domain, f"mta-sts.{mail_domain}"])
+    deploy_acmetool(
        nginx_hook=True,
        domains=[mail_domain, f"mta-sts.{mail_domain}", f"www.{mail_domain}"],
    )
    apt.packages(
        name="Install Postfix",
--- a/cmdeploy/src/cmdeploy/chatmail.zone.f
+++ b/cmdeploy/src/cmdeploy/chatmail.zone.f
@@ -10,5 +10,6 @@ _imaps._tcp.{chatmail_domain}.       SRV 0 1 993 {chatmail_domain}.
 _dmarc.{chatmail_domain}.            TXT "v=DMARC1;p=reject;rua=mailto:{email};ruf=mailto:{email};fo=1;adkim=r;aspf=r"
 _mta-sts.{chatmail_domain}.          TXT "v=STSv1; id={sts_id}"
 mta-sts.{chatmail_domain}.           CNAME {chatmail_domain}.
 www.{chatmail_domain}.               CNAME {chatmail_domain}.
 _smtp._tls.{chatmail_domain}.        TXT "v=TLSRPTv1;rua=mailto:{email}"
 {dkim_entry}
--- a/cmdeploy/src/cmdeploy/dns.py
+++ b/cmdeploy/src/cmdeploy/dns.py
@@ -183,14 +183,14 @@ def check_necessary_dns(out, mail_domain):
    ipv4 = dns.get("A", mail_domain)
    ipv6 = dns.get("AAAA", mail_domain)
    mta_entry = dns.get("CNAME", "mta-sts." + mail_domain)
-    mta_ip = dns.get("A", mta_entry)
+    www_entry = dns.get("CNAME", "www." + mail_domain)
    if not mta_ip:
        mta_ip = dns.get("AAAA", mta_entry)
    to_print = []
    if not (ipv4 or ipv6):
        to_print.append(f"\t{mail_domain}.\t\t\tA<your server's IPv4 address>")
-    if not mta_ip or not (mta_ip == ipv4 or mta_ip == ipv6):
+    if mta_entry != mail_domain + ".":
        to_print.append(f"\tmta-sts.{mail_domain}.\tCNAME\t{mail_domain}.")
    if www_entry != mail_domain + ".":
        to_print.append(f"\twww.{mail_domain}.\tCNAME\t{mail_domain}.")
    if to_print:
        to_print.insert(
            0,
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -48,4 +48,12 @@ http {
 		# add cgi-bin support
 		include /usr/share/doc/fcgiwrap/examples/nginx.conf;
 	}
 	# Redirect www. to non-www
 	server {
 		listen 443 ssl;
 		listen [::]:443 ssl;
 		server_name www.{{ config.domain_name }};
 		return 301 $scheme://{{ config.domain_name }}$request_uri;
 	}
 }
Author	SHA1	Message	Date
missytake	f7cdfbd929	DNS: added www subdomain to zonefile	2024-01-12 12:18:41 +00:00
link2xt	891b510c39	nginx: redirect www. to non-www	2024-01-12 12:18:41 +00:00
link2xt	3765bc1697	Fix indentation in nginx.conf.j2	2024-01-12 12:18:41 +00:00
link2xt	825285d12b	dns: require www. subdomain and request TLS certificate for it	2024-01-12 12:18:41 +00:00
link2xt	7391a17ff8	dns: check mta-sts CNAME directly without resolving to IP	2024-01-12 12:18:41 +00:00