Configure FQDN centrally via .env

Co-authored-by: Cursor <cursoragent@cursor.com>

.env.example

@@ -1,2 +1,5 @@
+# Vollqualifizierter Domainname (FQDN) der Anwendung
+FQDN=dawarich.example.com
+
 # E-Mail fuer Let's Encrypt Zertifikatsanforderung (erforderlich fuer SSL)
-CERTBOT_EMAIL=elpatron@mailbox.org
+CERTBOT_EMAIL=mail@example.com

docker-compose.yml

@@ -51,6 +51,7 @@ services:
     networks:
       - dawarich
     environment:
+      FQDN: ${FQDN:-location.butenostfreesen.de}
       CERTBOT_EMAIL: ${CERTBOT_EMAIL:-}
     depends_on:
       dawarich_app:
@@ -80,9 +81,9 @@ services:
       DATABASE_PASSWORD: password
       DATABASE_NAME: dawarich_development
       MIN_MINUTES_SPENT_IN_CITY: 60
-      APPLICATION_HOSTS: "location.butenostfreesen.de,127.0.0.1"
+      APPLICATION_HOSTS: "${FQDN:-location.butenostfreesen.de},127.0.0.1"
       TIME_ZONE: Europe/Berlin
-      APPLICATION_PROTOCOL: httpss
+      APPLICATION_PROTOCOL: https
       DISTANCE_UNIT: km
       PROMETHEUS_EXPORTER_ENABLED: false
       PROMETHEUS_EXPORTER_HOST: 0.0.0.0
@@ -133,9 +134,9 @@ services:
       DATABASE_USERNAME: postgres
       DATABASE_PASSWORD: password
       DATABASE_NAME: dawarich_development
-      APPLICATION_HOSTS: "location.butenostfreesen.de,127.0.0.1"
+      APPLICATION_HOSTS: "${FQDN:-location.butenostfreesen.de},127.0.0.1"
       BACKGROUND_PROCESSING_CONCURRENCY: 10
-      APPLICATION_PROTOCOL: httpss
+      APPLICATION_PROTOCOL: https
       DISTANCE_UNIT: km
       PROMETHEUS_EXPORTER_ENABLED: false
       PROMETHEUS_EXPORTER_HOST: dawarich_app

nginx/entrypoint.sh

@@ -1,16 +1,19 @@
 #!/bin/sh
 set -e
 
-DOMAIN="location.butenostfreesen.de"
+DOMAIN="${FQDN:-location.butenostfreesen.de}"
 EMAIL="${CERTBOT_EMAIL:-}"
 
+# FQDN in Config ersetzen
+subst() { sed "s/__FQDN__/$DOMAIN/g" "$1"; }
+
 # Entferne Standard-Config
 rm -f /etc/nginx/conf.d/default.conf
 
 # Bootstrap-Config verwenden, wenn Zertifikate noch nicht existieren
 if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
   echo "Zertifikate nicht gefunden. Starte mit Bootstrap-Config..."
-  cp /etc/nginx/templates/nginx-bootstrap.conf /etc/nginx/conf.d/default.conf
+  subst /etc/nginx/templates/nginx-bootstrap.conf > /etc/nginx/conf.d/default.conf
   nginx -g "daemon off;" &
   NGINX_PID=$!
 
@@ -29,10 +32,10 @@ if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
       echo "Zertifikat erfolgreich erstellt. Starte nginx mit HTTPS..."
       kill $NGINX_PID 2>/dev/null || true
       sleep 2
-      cp /etc/nginx/templates/nginx.conf /etc/nginx/conf.d/default.conf
+      subst /etc/nginx/templates/nginx.conf > /etc/nginx/conf.d/default.conf
     else
       echo "Zertifikatsanforderung fehlgeschlagen. Laeufe mit HTTP (Port 80)."
-      echo "Stelle sicher, dass location.butenostfreesen.de auf diesen Server zeigt."
+      echo "Stelle sicher, dass ${DOMAIN} auf diesen Server zeigt."
       exec wait $NGINX_PID
     fi
   else
@@ -41,7 +44,7 @@ if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
     exec wait $NGINX_PID
   fi
 else
-  cp /etc/nginx/templates/nginx.conf /etc/nginx/conf.d/default.conf
+  subst /etc/nginx/templates/nginx.conf > /etc/nginx/conf.d/default.conf
 fi
 
 # Zertifikatserneuerung alle 12 Stunden im Hintergrund

nginx/nginx-bootstrap.conf

@@ -2,7 +2,7 @@
 server {
 	listen 80;
 	listen [::]:80;
-	server_name location.butenostfreesen.de;
+	server_name __FQDN__;
 
 	location /.well-known/acme-challenge/ {
 		root /var/www/certbot;

nginx/nginx.conf

@@ -1,7 +1,7 @@
 server {
 	listen 80;
 	listen [::]:80;
-	server_name location.butenostfreesen.de;
+	server_name __FQDN__;
 
 	# ACME-Challenge für Let's Encrypt Zertifikatserneuerung
 	location /.well-known/acme-challenge/ {
@@ -17,11 +17,11 @@ server {
 	listen 443 ssl;
 	listen [::]:443 ssl;
 	http2 on;
-	server_name location.butenostfreesen.de;
+	server_name __FQDN__;
 
 	# Let's Encrypt Zertifikate
-	ssl_certificate /etc/letsencrypt/live/location.butenostfreesen.de/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/location.butenostfreesen.de/privkey.pem;
+	ssl_certificate /etc/letsencrypt/live/__FQDN__/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/__FQDN__/privkey.pem;
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers off;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;