From 2aee3017b0f0df46f23aeeaa87d4ebde18172a88 Mon Sep 17 00:00:00 2001
From: noxil <noxil@systemli.org>
Date: Thu, 4 Jul 2024 13:26:01 +0200
Subject: [PATCH] chore: switch to caddy webserver

---
 Caddyfile               | 113 ++++++++++++++++++++++++++++++++++++++
 README.md               |  23 ++++----
 apache/dev.website.conf |  33 ------------
 apache/website.conf     | 116 ----------------------------------------
 themes/lotusdocs        |   1 +
 5 files changed, 128 insertions(+), 158 deletions(-)
 create mode 100644 Caddyfile
 delete mode 100644 apache/dev.website.conf
 delete mode 100644 apache/website.conf
 create mode 160000 themes/lotusdocs

diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 0000000..3fad536
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,113 @@
+# www redirect
+www.{$SITE_ADDRESS:localhost} {
+	redir https://{$SITE_ADDRESS}{uri}
+}
+
+# production
+{$SITE_ADDRESS:localhost} {
+	root * {$WEBROOT:public}
+	encode gzip
+
+	@de_before_en {
+		header_regexp Accept-Language de.*en
+		path /
+	}
+	@en_before_de {
+		header_regexp Accept-Language en.*de
+		path /
+	}
+	@de_only {
+		header_regexp Accept-Language de
+		path /
+	}
+	@fallback {
+		path /
+	}
+
+	redir @de_before_en /de 302
+	redir @en_before_de /en 302
+	redir @de_only /de 302
+	redir @fallback /en 302
+
+	redir /index_en /en 301
+	redir /network /de/map 301
+	redir /contact /de/contact/ 301
+	redir /contact_en /en/contact 301
+	redir /download /de/downloads 301
+	redir /participate/ /de/participate 301
+	redir /p /de/participate 301
+	redir /impressum /de/impressum 301
+	redir /wiki /de/wiki 301
+	redir /meshwiki /de/wiki 301
+
+	file_server
+}
+
+# development
+dev.{$SITE_ADDRESS:localhost} {
+	root * {$WEBROOT_DEV:public}
+	encode gzip
+
+	@de_before_en {
+		header_regexp Accept-Language de.*en
+		path_regexp branch ^\/([[:alnum:]]+)(\/$|$)
+	}
+	@en_before_de {
+		header_regexp Accept-Language en.*de
+		path_regexp branch ^\/([[:alnum:]]+)(\/$|$)
+	}
+	@de_only {
+		header_regexp Accept-Language de
+		path_regexp branch ^\/([[:alnum:]]+)(\/$|$)
+	}
+	@fallback {
+		path_regexp branch ^\/([[:alnum:]]+)(\/$|$)
+	}
+
+	redir @de_before_en /{re.branch.1}/de 302
+	redir @en_before_de /{re.branch.1}/en 302
+	redir @de_only /{re.branch.1}/de 302
+	redir @fallback /{re.branch.1}/en 302
+
+	@index_en {
+		path_regexp branch ^\/([[:alnum:]]+)\/index\_en
+	}
+	redir @index_en /{re.branch.1}/en 301
+
+	@network {
+		path_regexp branch ^\/([[:alnum:]]+)\/network
+	}
+	redir @network /{re.branch.1}/de/map 301
+
+	@contact {
+		path_regexp branch ^\/([[:alnum:]]+)\/contact
+	}
+	redir @contact /{re.branch.1}/de/contact 301
+
+	@contact_en {
+		path_regexp branch ^\/([[:alnum:]]+)\/contact_en
+	}
+	redir @contact_en /{re.branch.1}/en/contact 301
+
+	@download {
+		path_regexp branch ^\/([[:alnum:]]+)\/download
+	}
+	redir @download /{re.branch.1}/de/downloads 301
+
+	@participate {
+		path_regexp branch ^\/([[:alnum:]]+)\/(participate|p$)
+	}
+	redir @participate /{re.branch.1}/de/participate 301
+
+	@impressum {
+		path_regexp branch ^\/([[:alnum:]]+)\/impressum
+	}
+	redir @impressum /{re.branch.1}/de/impressum 301
+
+	@wiki {
+		path_regexp branch ^\/([[:alnum:]]+)\/(meshwiki|wiki)
+	}
+	redir @wiki /{re.branch.1}/de/wiki 301
+
+	file_server
+}
diff --git a/README.md b/README.md
index fac0273..b224cb2 100644
--- a/README.md
+++ b/README.md
@@ -2,36 +2,41 @@
 
 This is the repository for the website of the [Freifunk Community Berlin](https://berlin.freifunk.net).
 
-The website is built using the static website generator Hugo.
+The website is built using the static website generator Hugo and served with Caddy.
 
 ## Install
 
 - Clone this repository
 - Load submodule with `git submodule init` and `git submodule update`
 - Install [Hugo](https://gohugo.io/installation/)
+- Install [Caddy](https://caddyserver.com/docs/install)
 
-## Run for development
+## Development
+
+For quick start you can use the hugo development server.
 
 ```console
 hugo server -w
 ```
 
-You can change the base address `-b` and the bind address `--bind` if your run it on a remote machine.
+If you want to test the full setup including the webserver you can generate the content for localhost and serve it, while watching for changes in content and config.
 
 ```console
-hugo server -w -b http://localhost:1313/ --bind 0.0.0.0
+hugo -b https://localhost/ -w & caddy run --watch
 ```
 
-You can set the environment variables `HUGO_MATRIX_ACCESS_TOKEN`, `HUGO_MATRIX_HOME_SERVER` and `HUGO_GITHUB_ACCESS_TOKEN` to get real activity informations. Else some dummy data is used.
+## Production
+
+First you must generate the content. You can set the environment variables `HUGO_MATRIX_ACCESS_TOKEN`, `HUGO_MATRIX_HOME_SERVER` and `HUGO_GITHUB_ACCESS_TOKEN` to get real activity informations. Else some dummy data is used.
 
 ```console
-HUGO_GITHUB_ACCESS_TOKEN="secret" HUGO_MATRIX_ACCESS_TOKEN="secret" HUGO_MATRIX_HOME_SERVER="htps://matrix.org" hugo server -w
+HUGO_GITHUB_ACCESS_TOKEN="<github_secret>" HUGO_MATRIX_ACCESS_TOKEN="<matrix_secret>" HUGO_MATRIX_HOME_SERVER="htps://matrix.org" hugo --minify -b <baseURL>
 ```
 
-## Build for production
+Then start the server with the production address and webroots.
 
 ```console
-hugo build --minify -b <baseURL>
+SITE_ADDRESS="berlin.freifunk.net" WEBROOT="/var/www" WEBROOT_DEV="/var/www-dev" caddy start
 ```
 
 ## Structure
@@ -50,7 +55,7 @@ hugo build --minify -b <baseURL>
 
 The website is deployed automatically via GitHub actions. The main branch is at [berlin.freifunk.net](https://berlin.freifunk.net). The other branches could be accessed via `dev.berlin.freifunk.net/<BRANCH_NAME>/`.
 
-The actions are defined in `.github/workflows` and could be configured with [GitHub variables and secrets](https://github.com/freifunk-berlin/berlin.freifunk.net/settings/secrets/actions). The configurations for the production and development webserver are in the `apache` directory.
+The actions are defined in `.github/workflows` and could be configured with [GitHub variables and secrets](https://github.com/freifunk-berlin/berlin.freifunk.net/settings/secrets/actions). The configurations for the production and development webserver are in the `Caddyfile` file.
 
 ## Data fetching
 
diff --git a/apache/dev.website.conf b/apache/dev.website.conf
deleted file mode 100644
index 9ddbf74..0000000
--- a/apache/dev.website.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-<VirtualHost *:80>
-   	ServerName dev.berlin.freifunk.net
- 	ServerAdmin "info@berlin.freifunk.net"
-
-        DocumentRoot /var/www/404
-
-        RewriteEngine On
-        RewriteCond %{REQUEST_URI} !^/.well-known/
-        RewriteRule .* https://dev.berlin.freifunk.net%{REQUEST_URI} [R=301,L]
-</VirtualHost>
-
-<VirtualHost *:443>
-   	ServerName dev.berlin.freifunk.net
-   	ServerAdmin "info@berlin.freifunk.net"
-	SSLEngine on
-        SSLCertificateFile      /etc/letsencrypt/live/dev.berlin.freifunk.net/cert.pem
-        SSLCertificateChainFile /etc/letsencrypt/live/dev.berlin.freifunk.net/chain.pem
-        SSLCertificateKeyFile   /etc/letsencrypt/live/dev.berlin.freifunk.net/privkey.pem
-
-   	DocumentRoot /var/www/berlin.freifunk.net/www-dev
-
-	Header set Content-Security-Policy "script-src dev.berlin.freifunk.net"
-	Header set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
-   	<Directory "/var/www/berlin.freifunk.net/www-dev">
-      		Options FollowSymLinks
-      		AllowOverride None
-      		Require all granted
-   	</Directory>
-
-   	ErrorLog "/var/log/apache2/berlin.freifunk.net-error.log"
-   	CustomLog "/var/log/apache2/berlin.freifunk.net-access.log" combined
-</VirtualHost>
diff --git a/apache/website.conf b/apache/website.conf
deleted file mode 100644
index e6856ea..0000000
--- a/apache/website.conf
+++ /dev/null
@@ -1,116 +0,0 @@
-<VirtualHost *:80>
-        ServerName berlin.freifunk.net
-        ServerAdmin "info@berlin.freifunk.net"
-
-        DocumentRoot /var/www/404
-
-        RewriteEngine On
-        RewriteCond %{HTTP:Accept-Language} ^de [NC]
-        RewriteRule ^/$ https://berlin.freifunk.net/de/ [R=302,L]
-        RewriteCond %{REQUEST_URI} !^/.well-known/
-        RewriteRule ^/$ https://berlin.freifunk.net/en/ [R=302,L]
-        RewriteRule ^/index_en/$ https://berlin.freifunk.net/en/ [R=301,L]
-        RewriteRule ^/network https://berlin.freifunk.net/de/map/ [R=301,L]
-        RewriteRule ^/contact/$ https://berlin.freifunk.net/de/contact/ [R=301,L]
-        RewriteRule ^/contact_en/$ https://berlin.freifunk.net/en/contact/ [R=301,L]
-        RewriteRule ^/download https://berlin.freifunk.net/de/downloads/ [R=301,L]
-        RewriteRule ^/participate/ https://berlin.freifunk.net/de/participate/ [R=301,L]
-        RewriteRule ^/p$ https://berlin.freifunk.net/de/participate/ [R=301,L]
-        RewriteRule ^/impressum/$ https://berlin.freifunk.net/de/impressum/ [R=301,L]
-        RewriteRule ^/wiki/$ https://berlin.freifunk.net/de/wiki/ [R=301,L]
-        RewriteRule ^/meshwiki$ https://berlin.freifunk.net/de/wiki/ [R=301,L]
-        RewriteRule .* https://berlin.freifunk.net%{REQUEST_URI} [R=301,L]
-
-        <LocationMatch "^/$">
-                Header always merge Vary "Accept-Language"
-        </LocationMatch>
-</VirtualHost>
-
-<VirtualHost *:443>
-	ServerName www.berlin.freifunk.net
-        ServerAdmin "info@berlin.freifunk.net"
-	SSLEngine on
-        SSLCertificateFile      /etc/letsencrypt/live/www.berlin.freifunk.net/cert.pem
-        SSLCertificateChainFile /etc/letsencrypt/live/www.berlin.freifunk.net/chain.pem
-        SSLCertificateKeyFile   /etc/letsencrypt/live/www.berlin.freifunk.net/privkey.pem
-
-        RewriteEngine On
-        RewriteCond %{HTTP:Accept-Language} ^de [NC]
-        RewriteRule ^/$ https://berlin.freifunk.net/de/ [R=302,L]
-        RewriteCond %{REQUEST_URI} !^/.well-known/
-        RewriteRule ^/$ https://berlin.freifunk.net/en/ [R=302,L]
-        RewriteRule ^/index_en https://berlin.freifunk.net/en/ [R=301,L]
-        RewriteRule ^/network https://berlin.freifunk.net/de/map/ [R=301,L]
-        RewriteRule ^/contact/$ https://berlin.freifunk.net/de/contact/ [R=301,L]
-        RewriteRule ^/contact_en/$ https://berlin.freifunk.net/en/contact/ [R=301,L]
-        RewriteRule ^/download https://berlin.freifunk.net/de/downloads/ [R=301,L]
-        RewriteRule ^/participate/ https://berlin.freifunk.net/de/participate/ [R=301,L]
-        RewriteRule ^/p$ https://berlin.freifunk.net/de/participate/ [R=301,L]
-        RewriteRule ^/impressum/$ https://berlin.freifunk.net/de/impressum/ [R=301,L]
-        RewriteRule ^/wiki/$ https://berlin.freifunk.net/de/wiki/ [R=301,L]
-        RewriteRule ^/meshwiki$ https://berlin.freifunk.net/de/wiki/ [R=301,L]
-        RewriteRule ^/impressum/$ https://berlin.freifunk.net/de/impressum/ [R=301,L]
-
-        <LocationMatch "^/$">
-                Header always merge Vary "Accept-Language"
-        </LocationMatch>
-</VirtualHost>
-
-<VirtualHost *:80>
-	ServerName www.berlin.freifunk.net
-        ServerAdmin "info@berlin.freifunk.net"
-
-        RewriteEngine On
-        RewriteCond %{HTTP:Accept-Language} ^de [NC]
-        RewriteRule ^/$ https://berlin.freifunk.net/de/ [R=302,L]
-        RewriteCond %{REQUEST_URI} !^/.well-known/
-        RewriteRule ^/$ https://berlin.freifunk.net/en/ [R=302,L]
-        RewriteRule .* https://berlin.freifunk.net/en/ [R=301,L]
-
-        <LocationMatch "^/$">
-                Header always merge Vary "Accept-Language"
-        </LocationMatch>
-</VirtualHost>
-
-<VirtualHost *:443>
-        ServerName berlin.freifunk.net
-        ServerAdmin "info@berlin.freifunk.net"
-	SSLEngine on
-        SSLCertificateFile      /etc/letsencrypt/live/berlin.freifunk.net/cert.pem
-        SSLCertificateChainFile /etc/letsencrypt/live/berlin.freifunk.net/chain.pem
-        SSLCertificateKeyFile   /etc/letsencrypt/live/berlin.freifunk.net/privkey.pem
-
-        DocumentRoot /var/www/berlin.freifunk.net/www
-
-        RewriteEngine On
-        RewriteCond %{HTTP:Accept-Language} ^de [NC]
-        RewriteRule ^/$ https://berlin.freifunk.net/de/ [R=302,L]
-        RewriteCond %{REQUEST_URI} !^/.well-known/
-        RewriteRule ^/$ https://berlin.freifunk.net/en/ [R=302,L]
-        RewriteRule ^/index_en https://berlin.freifunk.net/en/ [R=301,L]
-        RewriteRule ^/network https://berlin.freifunk.net/de/map/ [R=301,L]
-        RewriteRule ^/contact/$ https://berlin.freifunk.net/de/contact/ [R=301,L]
-        RewriteRule ^/contact_en/$ https://berlin.freifunk.net/en/contact/ [R=301,L]
-        RewriteRule ^/download https://berlin.freifunk.net/de/downloads/ [R=301,L]
-        RewriteRule ^/participate/ https://berlin.freifunk.net/de/participate/ [R=301,L]
-        RewriteRule ^/p$ https://berlin.freifunk.net/de/participate/ [R=301,L]
-        RewriteRule ^/impressum/$ https://berlin.freifunk.net/de/impressum/ [R=301,L]
-        RewriteRule ^/wiki/$ https://berlin.freifunk.net/de/wiki/ [R=301,L]
-        RewriteRule ^/meshwiki$ https://berlin.freifunk.net/de/wiki/ [R=301,L]
-
-        <LocationMatch "^/$">
-                Header always merge Vary "Accept-Language"
-        </LocationMatch>
-
-	Header set Content-Security-Policy "script-src berlin.freifunk.net"
-	Header set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
-        <Directory "/var/www/berlin.freifunk.net/www">
-                Options FollowSymLinks
-                AllowOverride None
-                Require all granted
-        </Directory>
-
-        ErrorLog "/var/log/apache2/berlin.freifunk.net-error.log"
-        CustomLog "/var/log/apache2/berlin.freifunk.net-access.log" combined
-</VirtualHost>
diff --git a/themes/lotusdocs b/themes/lotusdocs
new file mode 160000
index 0000000..f5785a2
--- /dev/null
+++ b/themes/lotusdocs
@@ -0,0 +1 @@
+Subproject commit f5785a2399ca09e7fb4e7e3d69b397f85df42a24