feat(www): provide DESECSTACK_DOMAIN to www container

Removing DESECSTACK_API_ALLOWED_HOSTS, as it can be generated from
DESECSTACK_DOMAIN.

Depends on desec-io/desec-www@9485f5b2bd0d0b43f9afb917b8a66285a968c44a

.env.default

@@ -1,3 +1,5 @@
+DESECSTACK_DOMAIN=example.com
+
 # network
 DESECSTACK_IPV4_REAR_PREFIX16=172.16
 DESECSTACK_IPV6_SUBNET=bade:affe:dead:beef:deec::/80
@@ -9,7 +11,6 @@ DESECSTACK_DBMASTER_CERTS=./certs
 
 # API-related
 DESECSTACK_API_ADMIN=
-DESECSTACK_API_ALLOWED_HOSTS=
 DESECSTACK_API_SEPA_CREDITOR_ID=
 DESECSTACK_API_EMAIL_HOST=
 DESECSTACK_API_EMAIL_HOST_USER=

.travis.yml

@@ -4,8 +4,8 @@ env:
   matrix:
    - DOCKER_COMPOSE_VERSION: 1.9.0
   global:
+   - DESECSTACK_DOMAIN=your.hostname.example.com
    - DESECSTACK_API_ADMIN=john.doe@example.com
-   - DESECSTACK_API_ALLOWED_HOSTS=desec.your.hostname.example.com update.dedyn.your.hostname.example.com
    - DESECSTACK_API_SEPA_CREDITOR_ID=TESTCREDITORID
    - DESECSTACK_API_EMAIL_HOST=mail.your.hostname.example.com
    - DESECSTACK_API_EMAIL_HOST_USER=user

README.md

@@ -23,6 +23,8 @@ Although most configuration is contained in this repository, some external depen
     To generate the necessary keys and certificates, follow the instructions at https://dev.mysql.com/doc/refman/5.7/en/creating-ssl-files-using-openssl.html. In the `openssl req -newkey` steps, consider switching to a bigger key size, and add `-subj '/CN=slave.hostname.example'`. (It turned out that StartSSL and Let's Encrypt certificates do not work out of the box.)
 
 3.  Set sensitive information and network topology using environment variables or an `.env` file. You need (you can use the `.env.default` file as a template):
+    - global
+      - `DESECSTACK_DOMAIN`: domain name under which the entire system will be running. The API will be reachable at https://desec.$DESECSTACK_DOMAIN/api/. For development setup, we recommend using `yourname.dedyn.io`
     - network
       - `DESECSTACK_IPV4_REAR_PREFIX16`: IPv4 net, size /16, for assignment of internal container IPv4 addresses. **NOTE:** If you change this in an existing setup, you 
         need to manually update MySQL grant tables and the `nsmaster` supermaster table to update IP addresses! Better don't do it.
@@ -33,7 +35,6 @@ Although most configuration is contained in this repository, some external depen
       - `DESECSTACK_DBMASTER_CERTS`: `./path/to/certificates` for `dbmaster` container
     - API-related
       - `DESECSTACK_API_ADMIN`: white-space separated list of Django admin email addresses
-      - `DESECSTACK_API_ALLOWED_HOSTS`: white-space separated list of hostnames for which the API listens
       - `DESECSTACK_API_DEBUG`: Django debug setting. Must be True (default in `docker-compose.dev.yml`) or False (default otherwise)
       - `DESECSTACK_API_SEPA_CREDITOR_ID`: SEPA creditor ID for donations
       - `DESECSTACK_API_EMAIL_HOST`: when sending email, use this mail server

api/desecapi/settings.py

@@ -25,7 +25,11 @@ DEBUG = False
 if os.environ.get('DESECSTACK_API_DEBUG', "").upper() == "TRUE":
     DEBUG = True
 
-ALLOWED_HOSTS = os.environ['DESECSTACK_API_ALLOWED_HOSTS'].split()
+ALLOWED_HOSTS = [
+    'desec.%s' % os.environ['DESECSTACK_DOMAIN'],
+    'update.dedyn.%s' % os.environ['DESECSTACK_DOMAIN'],
+    'update6.dedyn.%s' % os.environ['DESECSTACK_DOMAIN'],
+]
 
 
 # Application definition

docker-compose.yml

@@ -10,6 +10,8 @@ services:
     volumes:
     - ${DESECSTACK_WWW_CERTS}:/etc/ssl/private:ro
     - ./www/html:/usr/share/nginx/html:ro
+    environment:
+    - DESECSTACK_DOMAIN
     depends_on:
     - static
     - api
@@ -100,8 +102,8 @@ services:
     - dbapi
     - nslord
     environment:
+    - DESECSTACK_DOMAIN
     - DESECSTACK_API_ADMIN
-    - DESECSTACK_API_ALLOWED_HOSTS
     - DESECSTACK_API_SEPA_CREDITOR_ID
     - DESECSTACK_API_EMAIL_HOST
     - DESECSTACK_API_EMAIL_HOST_USER