Alias cfp.nixcon.org to talks.nixcon.org

[infinisil]

See https://matrix.to/#/!GlDwnQuDPMNzaUXCJB:lassul.us/$XlMOVN5dZnWuL6f-bidD-yV1aHtJC57uqOtqp1Z_hFs?via=lassul.us&via=matrix.org&via=nixos.dev

cfp.nixcon.org isn't valid anymore

Ping @Lassulus

[mweinelt]

How is that supposd to work? This removes just an indirection in DNS. Tthat doesn't make cfp.nixcon.org work, because the SNI and Host header will still request that vhost.

❯ curl -H "Host: cfp.nixcon.org" https://talks.nixcon.org -v
* Host talks.nixcon.org:443 was resolved.
* IPv6: 2a01:4f8:c01f:82::1
* IPv4: 78.47.124.138
*   Trying [2a01:4f8:c01f:82::1]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
*  subject: CN=talks.nixcon.org
*  start date: Jun 18 01:25:37 2025 GMT
*  expire date: Sep 16 01:25:36 2025 GMT
*  subjectAltName: host "talks.nixcon.org" matched cert's "talks.nixcon.org"
*  issuer: C=US; O=Let's Encrypt; CN=E5
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to talks.nixcon.org (2a01:4f8:c01f:82::1) port 443
* using HTTP/1.x
> GET / HTTP/1.1
> Host: cfp.nixcon.org
> User-Agent: curl/8.13.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/1.1 400 Bad Request
< Alt-Svc: h3=":443"; ma=2592000
< Content-Length: 1112
< Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'none'; img-src 'self' data:
< Content-Type: text/html; charset=utf-8
< Cross-Origin-Opener-Policy: same-origin
< Date: Fri, 20 Jun 2025 22:03:54 GMT
< Referrer-Policy: strict-origin-when-cross-origin
< Server: Caddy
< Server: gunicorn
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Vary: Cookie
< X-Content-Type-Options: nosniff
<

[...]

[infinisil]

Oh I guess an ALIAS record should work then, although I'm not an expert. Alternatively @Lassulus should be able to just have both cfp and talks in pretalx

[mweinelt]

What you probably need is an HTTP redirect. Or we drop the domain entirely.

[mweinelt]

Oh I guess an ALIAS record should work then

Same issue. ALIAS is just a custom record to support a CNAME-like construct at the domain apex.