Separate interfaces and DNS updates.

apache24/httpd.conf

@@ -1,7 +1,9 @@
+ServerName othostash.com
+ServerRoot /usr/local
 
-ServerRoot "/usr/local"
+Listen [2603:3015:1003:566d::dad:db]:80
-
+Listen [2603:3015:1003:566d::dad:db]:443
-Listen 443
+Listen 10.1.9.10:443
 
 LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
 LoadModule authn_file_module libexec/apache24/mod_authn_file.so
@@ -49,74 +51,87 @@ Group www
     Require all denied
 </Directory>
 
-MDomain othostash.com
+MDCertificateAgreement accepted
+MDContactEmail admin@othostash.com
+MDomain othostash.com www.othostash.com
 
-#<VirtualHost 10.1.9.10:443>
+# <VirtualHost [2603:3015:1003:566d::dad:feed]:443>
+#     ServerName "plex.othostash.com"
+#     SSLEngine on
+#     ProxyPass "/" "http://localhost:32400"
+#     ProxyPassReverse "/" "http://localhost:32400"
+# </VirtualHost>
 
-<Location "/md-status">
+<VirtualHost 10.1.9.10:443 [2603:3015:1003:566d::dad:db]:443>
-    SetHandler md-status
+    ServerName "www.othostash.com"
-</Location>
+    ServerName "othostash.com"
 
-DocumentRoot "/data"
+    <Location "/md-status">
-<Directory "/data">
+        SetHandler md-status
-    Options Indexes
+    </Location>
-    AllowOverride Options Indexes FileInfo AuthConfig
-    AuthType Basic
-    AuthName "Who be you?"
-    AuthUserFile /usr/local/etc/apache24/.badpass
-    Require valid-user
-</Directory>
 
-<DirectoryMatch "^.*/\..*">
+    DocumentRoot "/data"
-    Require all denied
+    <Directory "/data">
-</DirectoryMatch>
+        Options Indexes
+        AllowOverride Options Indexes FileInfo AuthConfig
+        AuthType Basic
+        AuthName "Who be you?"
+        AuthUserFile /usr/local/etc/apache24/.badpass
+        Require valid-user
+    </Directory>
 
-<Files ".*">
+    <DirectoryMatch "^.*/\..*">
-    Require all denied
+        Require all denied
-</Files>
+    </DirectoryMatch>
 
-<IfModule dir_module>
+    <Files ".*">
-    DirectoryIndex index.html
+        Require all denied
-</IfModule>
+    </Files>
 
-SSLEngine		on
+    <IfModule dir_module>
-SSLCertificateFile	    /usr/local/etc/apache24/fullchain.pem
+        DirectoryIndex index.html
-SSLCertificateKeyFile	/usr/local/etc/apache24/privkey.pem
-
-ErrorLog "/var/log/httpd-error.log"
-LogLevel warn
-
-<IfModule log_config_module>
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
-    <IfModule logio_module>
-      # You need to enable mod_logio.c to use %I and %O
-      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
     </IfModule>
 
-    CustomLog "/var/log/httpd-access.log" common
+    SSLEngine		on
-</IfModule>
+    # SSLCertificateFile	    /usr/local/etc/apache24/fullchain.pem
+    # SSLCertificateKeyFile	/usr/local/etc/apache24/privkey.pem
 
-<IfModule alias_module>
+    ErrorLog "/var/log/httpd-error.log"
-    ScriptAlias /cgi-bin/ "/data/metadata/www/cgi-bin/"
+    LogLevel warn
-</IfModule>
 
-<Directory "/data/metadata/www/cgi-bin">
+    <IfModule log_config_module>
-    AllowOverride None
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    Options None
+        LogFormat "%h %l %u %t \"%r\" %>s %b" common
-    Require all granted
-</Directory>
 
-<IfModule headers_module>
+        <IfModule logio_module>
-    RequestHeader unset Proxy early
+        # You need to enable mod_logio.c to use %I and %O
-</IfModule>
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+        </IfModule>
 
-<IfModule mime_module>
+        CustomLog "/var/log/httpd-access.log" common
-    TypesConfig etc/apache24/mime.types
+    </IfModule>
-    AddType application/x-compress .Z
+
-    AddType application/x-gzip .gz .tgz
+    <IfModule alias_module>
-</IfModule>
+        ScriptAlias /cgi-bin/ "/data/metadata/www/cgi-bin/"
+    </IfModule>
+
+    <Directory "/data/metadata/www/cgi-bin">
+        AllowOverride None
+        Options None
+        Require all granted
+    </Directory>
+
+    <IfModule headers_module>
+        RequestHeader unset Proxy early
+    </IfModule>
+
+    <IfModule mime_module>
+        TypesConfig etc/apache24/mime.types
+        AddType application/x-compress .Z
+        AddType application/x-gzip .gz .tgz
+    </IfModule>
+
+</VirtualHost>
 
 <IfModule ssl_module>
     SSLRandomSeed startup builtin

dns.tf

@@ -18,22 +18,47 @@ terraform {
 
 provider "namecheap" {}
 
-variable "stashbox-vip" {
+variable "network" {
   type    = string
-  default = "stashbox.delhi.o4data.net."
+  default = "2603:3015:1003:566d"
+}
+
+variable "ipv4" {
+  type    = string
+  default = "96.78.236.124"
 }
 
 resource "namecheap_domain_records" "othostash" {
   domain = "othostash.com"
   record {
     hostname = "@"
-    address  = var.stashbox-vip
+    address  = "${var.network}::dad:db"
-    type     = "ALIAS"
+    type     = "AAAA"
-    ttl      = 300
+  }
+  record {
+    hostname = "feed"
+    address  = "${var.network}::dad:feed"
+    type     = "AAAA"
   }
   record {
     hostname = "www"
-    address  = "othostash.com."
+    address  = "othostash.com"
     type     = "CNAME"
   }
+  record {
+    hostname = "plex"
+    address  = "feed.othostash.com"
+    type     = "CNAME"
+  }
+
+  record {
+    hostname = "@"
+    address  = var.ipv4
+    type     = "A"
+  }
+  record {
+    hostname = "feed"
+    address  = var.ipv4
+    type     = "A"
+  }
 }