git-svn-id: svn://losandesgames.com/alfheim-website@38 15359d88-9307-4e75-a9c1-e5686e5897df

Caddyfile

@@ -0,0 +1,7 @@
+{
+    email vicenteferrarismith@gmail.com
+}
+
+alfheimgame.com {
+    reverse_proxy localhost:4000
+}

Makefile

@@ -16,4 +16,5 @@ deploy:
 .PHONY: service
 service:
 	rsync -P alfheimgame.service alfheim@alfheimgame.com:/home/alfheim
-	ssh -t alfheim@alfheimgame.com 'sudo mv /home/alfheim/alfheimgame.service /etc/systemd/system && sudo systemctl enable alfheimgame && sudo systemctl restart alfheimgame'
+	rsync -P Caddyfile alfheim@alfheimgame.com:/home/alfheim
+	ssh -t root@alfheimgame.com 'mv /home/alfheim/alfheimgame.service /etc/systemd/system && mv /home/alfheim/Caddyfile /etc/caddy && systemctl enable alfheimgame && systemctl restart alfheimgame'

bin/Caddyfile

@@ -0,0 +1,7 @@
+{
+    email vicenteferrarismith@gmail.com
+}
+
+alfheimgame.com {
+    reverse_proxy localhost:4000
+}

bin/linux_amd64/Caddyfile

@@ -0,0 +1,7 @@
+{
+    email vicenteferrarismith@gmail.com
+}
+
+alfheimgame.com {
+    reverse_proxy localhost:4000
+}

bin/linux_amd64/static/style.css

@@ -16,6 +16,8 @@ body {
     margin-left: auto;
     margin-right: auto;
     margin-bottom: 0px;
+    display: flex;
+    flex-direction: column;
     min-height: 100%;
     max-width: 900px;
 }
@@ -51,18 +53,19 @@ nav {
 .loginbutton {
     align-self: center;
     display: flex;
-	background-color: white;
+    border: 12px solid;
+    border-image-source: url("/static/panel-000.png");
+    border-image-slice: 12 fill;
     padding-top: 15px;
     padding-right: 20px;
     padding-bottom: 15px;
     padding-left: 20px;
-	border-radius: 5px;
     color: black;
     /*box-shadow: 10px 10px 5px lightblue;*/
 }
 
 main {
-	margin: 0px;
+    padding: 5px;
     display: flex;
     flex-direction: column;
     justify-content: center;
@@ -169,9 +172,7 @@ input {
 }
 
 footer {
-	position: relative;
+    margin-top: auto;
-	left: 0;
-	bottom: 0;
     width: 100%;
     background-color: #132123;
     color: white;

bin/linux_amd64/ui/base.html

@@ -1,11 +1,5 @@
 <!DOCTYPE html>
 
-<!--
-	/\   |    |--- |   | |--- || |\    /|
-   /__\  |    |--  |---| |--  || | \  / |
-  /    \ |___ |    |   | |___ || |  \/  |
--->
-
 <html lang="en">
     <head>
         <title>Alfheim</title>
@@ -48,7 +42,7 @@
         </main>
 
         <footer>
-			Alfheim &copy; 2024, Vicente Ferrari Smith, Los Andes Games, Vienna, Austria. All rights reserved.
+            Alfheim &copy; 2025, Vicente Ferrari Smith, Los Andes Games, Vienna, Austria. All rights reserved.
         </footer>
     </body>
 </html>

bin/static/style.css

@@ -16,6 +16,8 @@ body {
     margin-left: auto;
     margin-right: auto;
     margin-bottom: 0px;
+    display: flex;
+    flex-direction: column;
     min-height: 100%;
     max-width: 900px;
 }
@@ -51,18 +53,19 @@ nav {
 .loginbutton {
     align-self: center;
     display: flex;
-	background-color: white;
+    border: 12px solid;
+    border-image-source: url("/static/panel-000.png");
+    border-image-slice: 12 fill;
     padding-top: 15px;
     padding-right: 20px;
     padding-bottom: 15px;
     padding-left: 20px;
-	border-radius: 5px;
     color: black;
     /*box-shadow: 10px 10px 5px lightblue;*/
 }
 
 main {
-	margin: 0px;
+    padding: 5px;
     display: flex;
     flex-direction: column;
     justify-content: center;
@@ -169,9 +172,7 @@ input {
 }
 
 footer {
-	position: relative;
+    margin-top: auto;
-	left: 0;
-	bottom: 0;
     width: 100%;
     background-color: #132123;
     color: white;

bin/ui/base.html

@@ -1,11 +1,5 @@
 <!DOCTYPE html>
 
-<!--
-	/\   |    |--- |   | |--- || |\    /|
-   /__\  |    |--  |---| |--  || | \  / |
-  /    \ |___ |    |   | |___ || |  \/  |
--->
-
 <html lang="en">
     <head>
         <title>Alfheim</title>
@@ -48,7 +42,7 @@
         </main>
 
         <footer>
-			Alfheim &copy; 2024, Vicente Ferrari Smith, Los Andes Games, Vienna, Austria. All rights reserved.
+            Alfheim &copy; 2025, Vicente Ferrari Smith, Los Andes Games, Vienna, Austria. All rights reserved.
         </footer>
     </body>
 </html>

go.mod

@@ -7,12 +7,12 @@ require (
 	github.com/gorilla/sessions v1.2.2
 	github.com/lib/pq v1.10.9
 	github.com/stripe/stripe-go/v78 v78.7.0
-	golang.org/x/crypto v0.23.0
+	golang.org/x/crypto v0.33.0
 )
 
 require (
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
 )

go.sum

@@ -23,6 +23,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -47,6 +49,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -61,6 +65,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=

main.go

@@ -4,15 +4,23 @@
 
 package main
 
-import "log"
+import (
-import "flag"
+	"flag"
-import "net/http"
+	"log"
-import _ "github.com/lib/pq"
+	"net/http"
-import "database/sql"
+	"time"
-import "github.com/gorilla/sessions"
-import "regexp"
 
-import "github.com/stripe/stripe-go/v78"
+	"database/sql"
+	"regexp"
+
+	"github.com/gorilla/sessions"
+	_ "github.com/lib/pq"
+	"github.com/stripe/stripe-go/v78"
+
+	"crypto/tls"
+
+	"golang.org/x/crypto/acme/autocert"
+)
 
 var users *Usermodel
 var subscriptions *SubscriptionModel
@@ -24,6 +32,7 @@ var emailrx = regexp.MustCompile("/^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-
 
 func main() {
 	addr := flag.String("addr", "127.0.0.1:8080", "HTTP network addr")
+	//prodaddr := flag.String("prodaddr", "127.0.0.1:4000", "HTTP network addr")
 	prodaddr := flag.String("prodaddr", "45.76.84.7:443", "HTTP network addr")
 
 	production := flag.Bool("production", false, "Whether to use production port and TLS")
@@ -85,14 +94,30 @@ func main() {
 	mux.HandleFunc("/webhook", webhooks)
 
 	if *production {
+		autocertManager := autocert.Manager{
+			Prompt:     autocert.AcceptTOS,
+			HostPolicy: autocert.HostWhitelist("alfheimgame.com"),
+			Email:      "vicenteferrarismith@gmail.com",
+			Cache:      autocert.DirCache("certs"),
+		}
+
+		tlsConfig := &tls.Config{
+			GetCertificate:           autocertManager.GetCertificate,
+			PreferServerCipherSuites: true,
+			CurvePreferences:         []tls.CurveID{tls.X25519, tls.CurveP256},
+			NextProtos:               []string{"acme-tls/1"},
+		}
 
 		server := &http.Server{
 			Addr:         *prodaddr,
 			Handler:      log_connection(secure_headers(mux)),
+			TLSConfig:    tlsConfig,
+			IdleTimeout:  time.Minute,
+			ReadTimeout:  5 * time.Second,
+			WriteTimeout: 10 * time.Second,
 		}
 
-
+		log.Fatal(server.ListenAndServeTLS("", ""))
-        log.Fatal(server.ListenAndServeTLS("/home/alfheim/cert/config/live/alfheimgame.com/fullchain.pem", "/home/alfheim/cert/config/live/alfheimgame.com/privkey.pem"))
 	} else {
 		log.Fatal(http.ListenAndServe(*addr, log_connection(secure_headers(mux))))
 	}

neovide_backtraces.log

@@ -1,20 +0,0 @@
-2024-04-30 13:18:48 - Neovide panicked with the message 'called `Result::unwrap()` on an `Err` value: Connection(IoError(Custom { kind: Other, error: UnknownError }))'. (File: /build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/winit-0.29.10/src/platform_impl/linux/x11/window.rs; Line: 1316, Column: 14)
-   0: <unknown>
-   1: <unknown>
-   2: <unknown>
-   3: <unknown>
-   4: <unknown>
-   5: <unknown>
-   6: <unknown>
-   7: <unknown>
-   8: <unknown>
-   9: <unknown>
-  10: <unknown>
-  11: <unknown>
-  12: <unknown>
-  13: <unknown>
-  14: <unknown>
-  15: <unknown>
-  16: __libc_start_main
-  17: <unknown>
-

setup.sh

@@ -55,12 +55,11 @@ ufw --force enable
 apt --yes install fail2ban
 apt --yes install certbot
 
-su - alfheim -c "mkdir cert"
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
-su - alfheim -c "mkdir cert/lib"
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-su - alfheim -c "mkdir cert/config"
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
-su - alfheim -c "mkdir cert/log"
+sudo apt update
-su - alfheim -c "sudo certbot certonly --cert-path cert/ --work-dir cert/lib --config-dir cert/config/ --logs-dir cert/log/ --standalone"
+sudo apt install caddy
-su - alfheim -c "sudo chown -R alfheim:alfheim cert"
 
 # Add a DSN for connecting to the greenlight database to the system-wide environment
 # variables in the /etc/environment file.

static/style.css

@@ -65,7 +65,7 @@ nav {
 }
 
 main {
-    margin: 0px;
+    padding: 5px;
     display: flex;
     flex-direction: column;
     justify-content: center;