Remove the NISEI_DOMAIN changes now that we moved domains.

README.md

@@ -124,8 +124,7 @@ echo "RAILS_ENV=production" > .env
 echo "COMPOSE_FILE=prod" >> .env
 echo "POSTGRES_PASSWORD=some-good-password" >> .env
 echo "SECRET_KEY_BASE=random-64-bit-hex-key" >> .env
-echo "COBRA_DOMAIN=cobr.ai" >> .env
-echo "NISEI_DOMAIN=tournaments.nisei.net" >> .env
+echo "COBRA_DOMAIN=yourdomainhere.com" >> .env
 ```
 - Deploy
 ```shell
@@ -143,7 +142,7 @@ some steps for setting that up.
 3. In the deploy directory, log into Pulumi CLI and create a new stack.
 4. Run this in the deploy directory: `pulumi config set cobra:cobra_domain your_domain.com`. 
    Ensure you own the domain you want to use.
-5. Do the same for cobra:nisei_domain. If you don't like the defaults for cobra:region and cobra:size, you can set them
+5. If you don't like the defaults for cobra:region and cobra:size, you can set them
    to slug values shown here: https://slugs.do-api.dev/.
 6. If you have NetrunnerDB client credentials, encrypt them with these commands:
    ```shell

bin/deploy

@@ -12,7 +12,6 @@ pushd "${PROJECT_DIR}"
 # Required if using prod compose file:
 # SECRET_KEY_BASE: A 64 bit hex key for rails, should be randomly generated
 # COBRA_DOMAIN
-# NISEI_DOMAIN
 source .env
 COMPOSE_FILE=${COMPOSE_FILE-override}
 

bin/init-certbot

@@ -6,15 +6,14 @@ pushd "${PROJECT_DIR}"
 
 # Required environment variables in .env:
 # COBRA_DOMAIN
-# NISEI_DOMAIN
 source .env
 
-if [ "$COBRA_DOMAIN" == "" ] || [ "$NISEI_DOMAIN" == "" ]; then
+if [ "$COBRA_DOMAIN" == "" ]; then
   echo "Not setting up certbot as domains not configured"
   exit
 fi
 
-domains=("$COBRA_DOMAIN" "$NISEI_DOMAIN")
+domains=("$COBRA_DOMAIN")
 rsa_key_size=4096
 data_path="./data/certbot"
 email="" # Adding a valid address is strongly recommended

config/containers/Dockerfile-nginx

@@ -8,8 +8,6 @@ RUN apt-get update -qq && apt-get -y install apache2-utils
 # TODO: make room for the tournaments.nisei.net name to aid the transition.
 ARG cobra_domain
 ENV COBRA_DOMAIN $cobra_domain
-ARG nisei_domain
-ENV NISEI_DOMAIN $nisei_domain
 
 # establish where Nginx should look for files
 ENV RAILS_ROOT /var/www/cobra
@@ -28,7 +26,7 @@ COPY config/containers/nginx.conf /tmp/cobra.nginx
 
 # substitute variable references in the Nginx config template for real values from the environment
 # put the final config in its place
-RUN envsubst '$RAILS_ROOT:$COBRA_DOMAIN:$NISEI_DOMAIN' < /tmp/cobra.nginx > /etc/nginx/conf.d/default.conf
+RUN envsubst '$RAILS_ROOT:$COBRA_DOMAIN' < /tmp/cobra.nginx > /etc/nginx/conf.d/default.conf
 
 # Use the "exec" form of CMD so Nginx shuts down gracefully on SIGTERM (i.e. `docker stop`)
 CMD [ "nginx", "-g", "daemon off;" ]

config/containers/nginx.conf

@@ -3,163 +3,37 @@ upstream unicorn {
   server app:3000;
 }
 
-# NOTE: The HTTP and HTTPS domains must be duplicated identically for
-# $COBRA_DOMAIN and $NISEI_DOMAIN until $COBRA_DOMAIN is completely
-# turned down.
 server {
-  listen 80;
-  server_name $NISEI_DOMAIN;
+  listen 443 ssl;
+  http2 on;
+  server_name cobra.nullsignal.games;
 
-  # Listen for challenges from Let's Encrypt for our SSL certificates.
-  location ~ /\.well-known/acme-challenge/ {
-    allow all;
-    default_type "text/plain";
-    root /var/www/certbot;
-  }
-
-  # Send everything else to HTTPS.
-  location / {
-    return 301 https://$NISEI_DOMAIN$request_uri;
-  }
-}
-
-server {
-  listen 443 ssl http2;
-  server_name $NISEI_DOMAIN;
-
-  ssl_certificate /etc/letsencrypt/live/$NISEI_DOMAIN/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/$NISEI_DOMAIN/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/cobra.nullsignal.games/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/cobra.nullsignal.games/privkey.pem;
 
   include /etc/letsencrypt/options-ssl-nginx.conf;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
-  # define the public application root
-  root   $RAILS_ROOT/public;
-  index  index.html;
-
-  # define where Nginx should write its logs
-  access_log $RAILS_ROOT/log/nginx.access.log;
-  error_log $RAILS_ROOT/log/nginx.error.log;
-
-  # deny requests for files that should never be accessed
-  location ~ /\. {
-    deny all;
-  }
-
-  location ~* ^.+\.(rb|log)$ {
-    deny all;
-  }
-
-  # serve static (compiled) assets directly if they exist (for rails production)
-  location ^~ /assets/ {
-    try_files $uri @rails;
-
-    access_log off;
-    gzip_static on; # to serve pre-gzipped version
-
-    expires max;
-    add_header Cache-Control public;
-
-    # Some browsers still send conditional-GET requests if there's a
-    # Last-Modified header or an ETag header even if they haven't
-    # reached the expiry date sent in the Expires header.
-    add_header Last-Modified "";
-    add_header ETag "";
-    break;
-  }
-
-  # send non-static file requests to the app server
+  # Send everything to tournaments.nullsignal.games
   location / {
-    try_files $uri @rails;
-  }
-
-  location @rails {
-    proxy_set_header  X-Real-IP  $remote_addr;
-    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header  Host $http_host;
-    proxy_set_header  X-Forwarded-Ssl on;
-    proxy_set_header  X-Forwarded-Port $server_port;
-    proxy_set_header  X-Forwarded-Proto $scheme;
-    proxy_redirect off;
-    proxy_pass http://unicorn;
+    return 301 https://tournaments.nullsignal.games$request_uri;
   }
 }
 
 server {
-  listen 80;
-  server_name $COBRA_DOMAIN;
+  listen 443 ssl;
+  http2 on;
+  server_name t.nullsignal.games;
 
-  # Listen for challenges from Let's Encrypt for our SSL certificates.
-  location ~ /\.well-known/acme-challenge/ {
-    allow all;
-    default_type "text/plain";
-    root /var/www/certbot;
-  }
-
-  # Send everything else to HTTPS.
-  location / {
-    return 301 https://$COBRA_DOMAIN$request_uri;
-  }
-}
-
-server {
-  listen 443 ssl http2;
-  server_name $COBRA_DOMAIN;
-
-  ssl_certificate /etc/letsencrypt/live/$COBRA_DOMAIN/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/$COBRA_DOMAIN/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/t.nullsignal.games/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/t.nullsignal.games/privkey.pem;
 
   include /etc/letsencrypt/options-ssl-nginx.conf;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
-  # define the public application root
-  root   $RAILS_ROOT/public;
-  index  index.html;
-
-  # define where Nginx should write its logs
-  access_log $RAILS_ROOT/log/nginx.access.log;
-  error_log $RAILS_ROOT/log/nginx.error.log;
-
-  # deny requests for files that should never be accessed
-  location ~ /\. {
-    deny all;
-  }
-
-  location ~* ^.+\.(rb|log)$ {
-    deny all;
-  }
-
-  # serve static (compiled) assets directly if they exist (for rails production)
-  location ^~ /assets/ {
-    try_files $uri @rails;
-
-    access_log off;
-    gzip_static on; # to serve pre-gzipped version
-
-    expires max;
-    add_header Cache-Control public;
-
-    # Some browsers still send conditional-GET requests if there's a
-    # Last-Modified header or an ETag header even if they haven't
-    # reached the expiry date sent in the Expires header.
-    add_header Last-Modified "";
-    add_header ETag "";
-    break;
-  }
-
-  # send non-static file requests to the app server
+  # Send everything to tournaments.nullsignal.games
   location / {
-    try_files $uri @rails;
-  }
-
-  location @rails {
-    proxy_set_header  X-Real-IP  $remote_addr;
-    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header  Host $http_host;
-    proxy_set_header  X-Forwarded-Ssl on;
-    proxy_set_header  X-Forwarded-Port $server_port;
-    proxy_set_header  X-Forwarded-Proto $scheme;
-    proxy_redirect off;
-    proxy_pass http://unicorn;
+    return 301 https://tournaments.nullsignal.games$request_uri;
   }
 }
+

config/secrets.example.yml

@@ -42,8 +42,4 @@ production:
       client_id: <%= ENV["NRDB_CLIENT"] %>
       client_secret: <%= ENV["NRDB_SECRET"] %>
       redirect_uri: https://<%= ENV["COBRA_DOMAIN"] || "cobr.ai" %>/oauth/callback
-  <%= ENV["NISEI_DOMAIN"] || "tournaments.nisei.net" %>:
-    nrdb:
-      client_id: <%= ENV["NISEI_NRDB_CLIENT"] %>
-      client_secret: <%= ENV["NISEI_NRDB_SECRET"] %>
-      redirect_uri: https://<%= ENV["NISEI_DOMAIN"] || "tournaments.nisei.net" %>/oauth/callback
+

deploy/bin/github-actions-deploy-in-droplet

@@ -21,7 +21,6 @@ chmod u=rw,g=,o= "$ENV_FILE"
   echo "POSTGRES_PASSWORD=$(pulumi stack output postgres_password --show-secrets)"
   echo "SECRET_KEY_BASE=$(pulumi stack output rails_secret_key_base --show-secrets)"
   echo "COBRA_DOMAIN=$(pulumi stack output cobra_domain)"
-  echo "NISEI_DOMAIN=$(pulumi stack output nisei_domain)"
   echo "NRDB_CLIENT=$(pulumi stack output nrdb_client)"
   echo "NRDB_SECRET=$(pulumi stack output nrdb_secret --show-secrets)"
   echo "NISEI_NRDB_CLIENT=$(pulumi stack output nisei_nrdb_client)"

deploy/bin/in-droplet/deploy

@@ -26,7 +26,6 @@ git checkout -B "$BRANCH" --track "origin/$BRANCH" --force
   echo "SECRET_KEY_BASE=$SECRET_KEY_BASE"
   echo "COMPOSE_FILE=$COMPOSE_FILE"
   echo "COBRA_DOMAIN=$COBRA_DOMAIN"
-  echo "NISEI_DOMAIN=$NISEI_DOMAIN"
   echo "NRDB_CLIENT=$NRDB_CLIENT"
   echo "NRDB_SECRET=$NRDB_SECRET"
   echo "NISEI_NRDB_CLIENT=$NISEI_NRDB_CLIENT"

docker-compose.prod.yml

@@ -34,7 +34,6 @@ services:
       dockerfile: config/containers/Dockerfile-nginx
       args:
         cobra_domain: $COBRA_DOMAIN
-        nisei_domain: $NISEI_DOMAIN
 
     # makes the web container aware of the app container
     links: