Custom domain support

.env.example

@@ -0,0 +1,3 @@
+# Domain configuration for AttestationServer
+# This domain will be used in the application code and Caddy reverse proxy
+DOMAIN=attestation.app

Caddyfile

@@ -6,12 +6,12 @@
     redir https://{host}{uri}
 }
 
-attestation.app:443 {
-    tls /etc/caddy/certs/attestation.app.crt /etc/caddy/certs/attestation.app.key
-    
+{$DOMAIN}:443 {
+    tls /etc/caddy/certs/{$DOMAIN}.crt /etc/caddy/certs/{$DOMAIN}.key
+
     # Disable HSTS
-    header Strict-Transport-Security ""  
-    
+    header Strict-Transport-Security ""
+
     # Serve static files (HTML, CSS, images, etc.)
     root * /srv/static
     file_server

Dockerfile

@@ -1,5 +1,8 @@
 FROM eclipse-temurin:21-jdk-jammy AS builder
 
+# Build argument for domain configuration
+ARG DOMAIN=attestation.app
+
 WORKDIR /build
 
 RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
@@ -11,10 +14,9 @@ RUN git clone --depth 1 --recurse-submodules https://github.com/GrapheneOS/Attes
 RUN sed -i 's/new InetSocketAddress("::1", 8080)/new InetSocketAddress("0.0.0.0", 8080)/' \
     src/main/java/app/attestation/server/AttestationServer.java
 
-# Optional: Patch the domain if you want to use a custom domain
-# Uncomment and modify the following line for your domain:
-# RUN sed -i 's/attestation.app/your-domain.com/g' \
-#     src/main/java/app/attestation/server/AttestationServer.java
+# Patch the domain using the build argument
+RUN sed -i "s/attestation.app/${DOMAIN}/g" \
+     src/main/java/app/attestation/server/AttestationServer.java
 
 RUN chmod +x gradlew && ./gradlew build -x test --no-daemon
 

README.md

@@ -15,24 +15,37 @@ This project provides a containerized setup for running your own GrapheneOS Atte
 Before running the server, ensure you have:
 
 1. **Docker** and **Docker Compose** installed
-2. **TLS certificates** for `attestation.app` domain in the `certs/` directory:
-   - `certs/attestation.app.crt` - Certificate file
-   - `certs/attestation.app.key` - Private key file
-3. **DNS or hosts file configuration** to resolve `attestation.app` to your server
+2. **TLS certificates** for your domain in the `certs/` directory
+3. **DNS or hosts file configuration** to resolve your domain to your server
 
-## Pre-Launch Setup
+## Configuration
 
-### 1. Prepare TLS Certificates
+### 1. Create .env file
 
-Place your TLS certificates for `attestation.app` in the `certs/` directory:
-- `certs/attestation.app.crt` - Certificate
-- `certs/attestation.app.key` - Private key
+Copy the example environment file and edit it with your domain:
+
+```bash
+cp .env.example .env
+```
+
+Edit `.env` and set your domain:
+```bash
+DOMAIN=your-domain.com
+```
+
+### 2. Prepare TLS Certificates
+
+Place your TLS certificates for your domain in the `certs/` directory:
+- `certs/your-domain.com.crt` - Certificate file
+- `certs/your-domain.com.key` - Private key file
 
 > **Note:** Certificate generation is up to you. You can use self-signed certificates for local testing or certificates from a trusted CA.
 
-### 2. Configure DNS or Hosts File
+> **Important:** The certificate filenames must match your domain name from the `.env` file.
 
-The GrapheneOS Auditor app expects to connect to `attestation.app`. You must redirect this domain to your local server's IP address.
+### 3. Configure DNS or Hosts File
+
+The GrapheneOS Auditor app expects to connect to the domain you configured. You must redirect this domain to your local server's IP address.
 
 #### Option A: Local Machine (hosts file)
 
@@ -48,14 +61,14 @@ sudo nano /etc/hosts
 C:\Windows\System32\drivers\etc\hosts
 ```
 
-Add the following line (replace `192.168.1.100` with your server's IP):
+Add the following line (replace `192.168.1.100` with your server's IP and `your-domain.com` with your domain):
 ```
-192.168.1.100 attestation.app
+192.168.1.100 your-domain.com
 ```
 
 #### Option B: Network-wide (DNS)
 
-Configure your router or local DNS server (like Pi-hole or AdGuard) to resolve `attestation.app` to your server's IP address.
+Configure your router or local DNS server (like Pi-hole or AdGuard) to resolve your domain to your server's IP address.
 
 #### Option C: Android Device (root required)
 
@@ -63,13 +76,13 @@ If your Android device is rooted, edit `/system/etc/hosts`:
 ```bash
 su
 mount -o remount,rw /system
-echo "192.168.1.100 attestation.app" >> /system/etc/hosts
+echo "192.168.1.100 your-domain.com" >> /system/etc/hosts
 mount -o remount,ro /system
 ```
 
 **Important:** You must configure this on the Android device running the Auditor app, not just the server.
 
-### 3. Create Data Directory
+### 4. Create Data Directory
 
 Ensure the data directory exists for persistent SQLite storage:
 
@@ -86,7 +99,7 @@ docker compose up -d --build
 ```
 
 This will:
-1. Build the AttestationServer from source
+1. Build the AttestationServer from source with your configured domain
 2. Start the attestation service on port 8080 (internal)
 3. Start Caddy reverse proxy on ports 80 and 443
 
@@ -112,22 +125,23 @@ rm -rf data/*.db data/*.db-*
 
 ## Usage
 
-1. Ensure your Android device has `attestation.app` pointing to your server IP
+1. Ensure your Android device has your domain pointing to your server IP
 2. Install [GrapheneOS Auditor](https://github.com/GrapheneOS/Auditor) app on your Android device
 3. Open the Auditor app
 4. The app will connect to your local attestation server instead of the official one
 
-
 ## Directory Structure
 
 ```
 .
 ├── certs/                  # TLS certificates
-│   ├── attestation.app.crt
-│   └── attestation.app.key
+│   ├── your-domain.com.crt
+│   └── your-domain.com.key
 ├── data/                   # SQLite databases (persistent)
 │   ├── attestation.db
 │   └── samples.db
+├── .env                    # Environment configuration (domain settings)
+├── .env.example            # Example environment file
 ├── Caddyfile               # Caddy reverse proxy config
 ├── Dockerfile              # AttestationServer build
 ├── docker-compose.yml      # Service orchestration
@@ -135,10 +149,13 @@ rm -rf data/*.db data/*.db-*
 └── process-static-docker.sh # Static file processor
 ```
 
+## Default Domain
+
+If you don't create a `.env` file, the default domain `attestation.app` will be used for backward compatibility.
 
 ## Security Considerations
 
-- Keep your private key (`certs/attestation.app.key`) secure and never commit it to version control
+- Keep your private key (`certs/*.key`) secure and never commit it to version control
 - The `.gitignore` file excludes sensitive files like certificates and databases
 - This setup is intended for **local/private use only**
 - For production deployment, use properly signed certificates from a trusted CA

docker-compose.yml

@@ -2,7 +2,10 @@ version: '3.8'
 
 services:
   attestation:
-    build: .
+    build:
+      context: .
+      args:
+        - DOMAIN=${DOMAIN:-attestation.app}
     container_name: attestation-server
     restart: unless-stopped
     volumes:
@@ -23,6 +26,8 @@ services:
       - "80:80"
       - "443:443"
       - "443:443/udp"
+    environment:
+      - DOMAIN=${DOMAIN:-attestation.app}
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile:ro
       - ./certs:/etc/caddy/certs:ro