Add palinks.app to Rails config.hosts #51

New issue

Closed

opened 2026-06-13 13:39:51 +00:00 by ldraney · 2 comments

ldraney commented 2026-06-13 13:39:51 +00:00

Owner

Copy link

Type

Feature

Lineage

Related to custom domain setup — palinks.app DNS records are managed by ldraney/godaddy-tofu.

Repo

ldraney/palinks

User Story

As a user visiting palinks.app
I want the Rails app to accept requests with Host: palinks.app
So that the custom domain works without returning a 403 Blocked Host error

Context

Rails config.hosts blocks requests from hostnames not in the allowlist, returning a 403. The app currently accepts its Tailscale hostname (palinks.tail5b443a.ts.net) but not the public custom domain palinks.app. With DNS now pointing palinks.app at the Hetzner edge proxy (via godaddy-tofu), Rails needs to accept that hostname.

Note: Keycloak redirect URI configuration is NOT in scope here. Palinks has no Keycloak integration today — there is no palinks client in the keycloak_clients map in pal-e-services/terraform/k3s.tfvars. Keycloak redirect URI configuration will be added when palinks integrates Keycloak auth (auth-roles story).

File Targets

Files the agent should modify:

• config/environments/production.rb — add config.hosts << "palinks.app" alongside the existing Tailscale hostname entry

Files the agent should NOT touch:

• pal-e-services/terraform/k3s.tfvars — no palinks Keycloak client exists; Keycloak scope belongs to the future auth-roles story
• Any Keycloak-related configuration

Feature Flag

none

Acceptance Criteria

• config/environments/production.rb includes both palinks.app and the existing Tailscale hostname (palinks.tail5b443a.ts.net) in config.hosts
• Rails accepts requests with Host: palinks.app (no 403 Blocked Host error)
• Existing Tailscale hostname access continues to work

Test Expectations

• Manual test: curl -H "Host: palinks.app" https://palinks.app returns 200 (after deploy)
• Manual test: curl -H "Host: palinks.tail5b443a.ts.net" https://palinks.tail5b443a.ts.net still returns 200

Constraints

• Follow existing pattern in config/environments/production.rb for how the Tailscale hostname is added to config.hosts
• This is a one-line config change — keep the PR minimal

Checklist

• PR opened
• Tests pass
• No unrelated changes

Related

• pal-e-platform — DNS and infrastructure
• godaddy-tofu — DNS record management for palinks.app

### Type Feature ### Lineage Related to custom domain setup — palinks.app DNS records are managed by `ldraney/godaddy-tofu`. ### Repo `ldraney/palinks` ### User Story As a user visiting palinks.app I want the Rails app to accept requests with `Host: palinks.app` So that the custom domain works without returning a 403 Blocked Host error ### Context Rails `config.hosts` blocks requests from hostnames not in the allowlist, returning a 403. The app currently accepts its Tailscale hostname (`palinks.tail5b443a.ts.net`) but not the public custom domain `palinks.app`. With DNS now pointing `palinks.app` at the Hetzner edge proxy (via godaddy-tofu), Rails needs to accept that hostname. Note: Keycloak redirect URI configuration is NOT in scope here. Palinks has no Keycloak integration today — there is no palinks client in the `keycloak_clients` map in `pal-e-services/terraform/k3s.tfvars`. Keycloak redirect URI configuration will be added when palinks integrates Keycloak auth (auth-roles story). ### File Targets Files the agent should modify: - `config/environments/production.rb` — add `config.hosts << "palinks.app"` alongside the existing Tailscale hostname entry Files the agent should NOT touch: - `pal-e-services/terraform/k3s.tfvars` — no palinks Keycloak client exists; Keycloak scope belongs to the future auth-roles story - Any Keycloak-related configuration ### Feature Flag none ### Acceptance Criteria - [ ] `config/environments/production.rb` includes both `palinks.app` and the existing Tailscale hostname (`palinks.tail5b443a.ts.net`) in `config.hosts` - [ ] Rails accepts requests with `Host: palinks.app` (no 403 Blocked Host error) - [ ] Existing Tailscale hostname access continues to work ### Test Expectations - [ ] Manual test: `curl -H "Host: palinks.app" https://palinks.app` returns 200 (after deploy) - [ ] Manual test: `curl -H "Host: palinks.tail5b443a.ts.net" https://palinks.tail5b443a.ts.net` still returns 200 ### Constraints - Follow existing pattern in `config/environments/production.rb` for how the Tailscale hostname is added to `config.hosts` - This is a one-line config change — keep the PR minimal ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `pal-e-platform` — DNS and infrastructure - `godaddy-tofu` — DNS record management for palinks.app

ldraney referenced this issue 2026-06-13 13:40:17 +00:00

Wire up palinks.app custom domain via Hetzner edge proxy (umbrella) #28

ldraney referenced this issue 2026-06-13 13:42:54 +00:00

Wire up palinks.app custom domain via Hetzner edge proxy (umbrella) #28

ldraney commented 2026-06-14 20:23:42 +00:00

Author

Owner

Copy link

Scope Review: NEEDS_REFINEMENT

Review note: review-1466-2026-06-14

The Keycloak scope in this ticket is premature -- no palinks Keycloak client exists in k3s.tfvars, and the palinks app has no Keycloak integration (no omniauth/keycloak gems, no auth config). The keycloak_clients map only contains pal-e-app, pal-enterprises, and landscaping-assistant.

Issues found:

• [BODY] Remove all Keycloak scope (terraform changes, redirect URI acceptance criteria, checklist items). Keycloak redirect URIs belong with the auth-roles story ticket that creates the palinks Keycloak client.
• [BODY] Fix Constraints -- "palinks Keycloak client block is around line 16" is wrong (line 16 is the database config, and no Keycloak client exists).
• [BODY] Update File Targets and Repo to remove pal-e-services -- this becomes a single-repo palinks ticket (production.rb + custom-domain.md only).
• [BODY] Add Tailscale hostname (palinks.tail5b443a.ts.net) to production config.hosts alongside palinks.app.
• [SCOPE] Missing architecture note arch-palinks in pal-e-docs.

Once the Keycloak scope is removed, this is a clean 1-point single-repo ticket (~2 min agent pass).

## Scope Review: NEEDS_REFINEMENT Review note: `review-1466-2026-06-14` The Keycloak scope in this ticket is premature -- no palinks Keycloak client exists in `k3s.tfvars`, and the palinks app has no Keycloak integration (no omniauth/keycloak gems, no auth config). The `keycloak_clients` map only contains pal-e-app, pal-enterprises, and landscaping-assistant. **Issues found:** - `[BODY]` Remove all Keycloak scope (terraform changes, redirect URI acceptance criteria, checklist items). Keycloak redirect URIs belong with the auth-roles story ticket that creates the palinks Keycloak client. - `[BODY]` Fix Constraints -- "palinks Keycloak client block is around line 16" is wrong (line 16 is the database config, and no Keycloak client exists). - `[BODY]` Update File Targets and Repo to remove pal-e-services -- this becomes a single-repo palinks ticket (production.rb + custom-domain.md only). - `[BODY]` Add Tailscale hostname (`palinks.tail5b443a.ts.net`) to production config.hosts alongside `palinks.app`. - `[SCOPE]` Missing architecture note `arch-palinks` in pal-e-docs. Once the Keycloak scope is removed, this is a clean 1-point single-repo ticket (~2 min agent pass).

ldraney changed title from Add palinks.app to Rails config.hosts and Keycloak redirect URIs to Add palinks.app to Rails config.hosts 2026-06-14 20:26:27 +00:00

ldraney commented 2026-06-14 20:29:54 +00:00

Author

Owner

Copy link

Scope Review: APPROVED

Review note: review-1466-2026-06-14-v2
Re-review after Keycloak scope removal -- ticket is now a clean single-file config change. All template sections present, traceability verified, file target confirmed.

Minor non-blocking notes:

• config.hosts is currently commented out in production.rb (no existing Tailscale entry to "add alongside") -- agent should add both hostnames as new lines following the development.rb pattern
• Constraint should reference development.rb pattern, not production.rb
• arch-palinks note missing (tracked separately)

## Scope Review: APPROVED Review note: `review-1466-2026-06-14-v2` Re-review after Keycloak scope removal -- ticket is now a clean single-file config change. All template sections present, traceability verified, file target confirmed. Minor non-blocking notes: - `config.hosts` is currently commented out in production.rb (no existing Tailscale entry to "add alongside") -- agent should add both hostnames as new lines following the development.rb pattern - Constraint should reference development.rb pattern, not production.rb - `arch-palinks` note missing (tracked separately)

ldraney referenced this issue from a pull request that will close it, 2026-06-15 23:36:06 +00:00

feat: add palinks.app to Rails config.hosts (#51) #53

ldraney referenced this issue 2026-06-15 23:37:44 +00:00

feat: add palinks.app to Rails config.hosts (#51) #53

ldraney referenced this issue 2026-06-15 23:51:08 +00:00

feat: add palinks.app to Rails config.hosts (#51) #53

ldraney closed this issue 2026-06-16 00:19:38 +00:00

ldraney referenced this issue from a commit 2026-06-16 00:19:39 +00:00

feat: add palinks.app to Rails config.hosts (#51) (#53)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

40-canvas-view-activity-sizing

28-custom-domain-reverse-proxy

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ldraney/palinks#51

No description provided.