c3cc404beb
Lights up dist.flowercore.io end-to-end: - cf-origin-flowercore-io Secret (literal *.flowercore.io Origin Cert, copied from the telephony/gitea-public/matrix/mail/flowercore/fc-landing pattern — not via OnePasswordItem yet). - Traefik Middleware dist-public-profile-header: strips any caller-supplied X-FC-Distribution-Profile, injects 'public' so the controller's NamedEntitlementResolverRouter routes to the strict resolver. - IngressRoute fc-distribution-public: Host(`dist.flowercore.io`) -> same backing Service as the internal dist.iamworkin.lan route. Middleware attached; cert secret cf-origin-flowercore-io. Cloudflare DNS A record dist.flowercore.io -> 74.40.140.24 (proxied) already created 2026-04-24 via Cloudflare API (record id e9b957511556f37ff6763f4441acbc45). Controller entitlement config is still DefaultAllow=false + empty PublicEditions on the 'public' profile, so every public request returns 403 by default. Populate FlowerCore__Distribution__EntitlementPublic__PublicEditions__0 via env var when ready to expose specific editions.
17 KiB
17 KiB