diff --git a/deployments/@domains/ftw.pw/deploy.sh b/deployments/@domains/ftw.pw/deploy.sh index 5006b199..46424330 100755 --- a/deployments/@domains/ftw.pw/deploy.sh +++ b/deployments/@domains/ftw.pw/deploy.sh @@ -22,11 +22,13 @@ ssh "$REMOTE" "mkdir -p /etc/nginx/sites-available" rsync -avz "$SCRIPT_DIR/nginx/prod.conf" "$REMOTE:$REMOTE_NGINX_CONF" # --------------------------------------------------------------------------- -# [3/4] Test nginx syntax + reload +# [3/4] Enable vhost (idempotent symlink), test nginx syntax + reload # --------------------------------------------------------------------------- echo "==> [3/4] Testing nginx syntax and reloading..." ssh "$REMOTE" bash -euo pipefail <<'ENDSSH' set -euo pipefail + # Ensure the vhost is enabled (symlink is idempotent on re-deploy). + ln -sfn /etc/nginx/sites-available/ftw.pw /etc/nginx/sites-enabled/ftw.pw echo " Testing /etc/nginx/sites-available/ftw.pw..." nginx -t echo " Reloading nginx..." diff --git a/deployments/@domains/ftw.pw/nginx/prod.conf b/deployments/@domains/ftw.pw/nginx/prod.conf index 725d0d3a..d99501f5 100644 --- a/deployments/@domains/ftw.pw/nginx/prod.conf +++ b/deployments/@domains/ftw.pw/nginx/prod.conf @@ -6,7 +6,13 @@ # /s/* routes proxy to the short-link redirect handler upstream ftw_pw_api { - server 127.0.0.1:3030; + # Points at the autossh tunnel endpoint: black:3030 INTERNAL is exposed as + # vps loopback :3031 by quinn-api-tunnel.service. INTERNAL owns the + # protected-download grants (black's DB) and rsyncs assembled zips to + # /srv/quinn-downloads/ on vps before issuing X-Accel-Redirect. + # DO NOT change to :3030 — that would hit the vps quinn-api edge instance, + # which (in internal mode) has no download grants and no /d/ route. + server 127.0.0.1:3031; keepalive 16; }