diff --git a/site-cookbooks/kosmos-ipfs/recipes/default.rb b/site-cookbooks/kosmos-ipfs/recipes/default.rb index 25fdefa..aac5270 100644 --- a/site-cookbooks/kosmos-ipfs/recipes/default.rb +++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb @@ -12,19 +12,18 @@ include_recipe "ipfs" # Configure ipfs # The default gateway is already used by kosmos' hubot (8080) -execute "ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/9090" do - environment "IPFS_PATH" => "/home/ipfs/.ipfs" - user "ipfs" - not_if "ipfs config Addresses.Gateway | grep /ip4/127.0.0.1/tcp/9090" - notifies :restart, "service[ipfs]", :delayed +ipfs_config "Addresses.Gateway" do + value "/ip4/127.0.0.1/tcp/9090" end # Set up CORS headers -execute "ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"kredits.kosmos.org\"]'" do - environment "IPFS_PATH" => "/home/ipfs/.ipfs" - user "ipfs" - not_if "ipfs config API.HTTPHeaders.Access-Control-Allow-Origin | grep kredits.kosmos.org" - notifies :restart, "service[ipfs]", :delayed +ipfs_config "API.HTTPHeaders.Access-Control-Allow-Origin" do + value ["kredits.kosmos.org"] +end + +# Set up the Gateway to be writable +ipfs_config "Gateway.Writable" do + value true end include_recipe "kosmos-ipfs::letsencrypt" diff --git a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb index 51c7e47..3be5800 100644 --- a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb +++ b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb @@ -26,7 +26,9 @@ template "#{node['nginx']['dir']}/sites-available/ipfs.kosmos.org" do variables server_name: 'ipfs.kosmos.org', root_directory: root_directory, ssl_cert: "/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem" + ssl_key: "/etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem", + ipfs_api_port: 5001 + notifies :reload, 'service[nginx]', :delayed end diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb index db0cfa5..c0f660b 100644 --- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb +++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb @@ -1,21 +1,45 @@ +upstream _ipfs { + server localhost:<%= @ipfs_api_port %>; +} + +# Used by Let's Encrypt (certbot in webroot mode) +server { + listen 80; + server_name <%= @server_name %>; + location /.well-known { + root "<%= @root_directory %>"; + } + location / { + return 301 https://$host$request_uri; + } +} + server { - listen 80; # For Let's Encrypt <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> listen 443 ssl spdy; + <% else -%> + listen 80; <% end -%> server_name <%= @server_name %>; - # Used by Let's Encrypt (certbot in webroot mode) - location /.well-known { - root "<%= @root_directory %>"; - } - location / { return 200 'Nothing to see here'; add_header Content-Type text/plain; } + # Increase number of buffers. Default is 8 + proxy_buffers 1024 8k; + proxy_http_version 1.1; + + location /api/v0/cat { + proxy_pass http://_ipfs/api/v0/cat; + } + + location /api/v0/add { + proxy_pass http://_ipfs/api/v0/add; + } + <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>;