Initial nginx reverse proxy for the IPFS IP

It supports cat and add for now. I have tried it using the ipfs-api npm module
2017-03-20 19:38:51 +00:00 · 2017-03-20 19:38:51 +00:00 · 114503033b
commit 114503033b
parent 3f81310109
3 changed files with 42 additions and 17 deletions
--- a/site-cookbooks/kosmos-ipfs/recipes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb
@ -12,19 +12,18 @@ include_recipe "ipfs"
 # Configure ipfs

 # The default gateway is already used by kosmos' hubot (8080)
-execute "ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/9090" do
-  environment "IPFS_PATH" => "/home/ipfs/.ipfs"
-  user "ipfs"
-  not_if "ipfs config Addresses.Gateway | grep /ip4/127.0.0.1/tcp/9090"
-  notifies :restart, "service[ipfs]", :delayed
+ipfs_config "Addresses.Gateway" do
+  value "/ip4/127.0.0.1/tcp/9090"
 end

 # Set up CORS headers
-execute "ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '[\"kredits.kosmos.org\"]'" do
-  environment "IPFS_PATH" => "/home/ipfs/.ipfs"
-  user "ipfs"
-  not_if "ipfs config API.HTTPHeaders.Access-Control-Allow-Origin | grep kredits.kosmos.org"
-  notifies :restart, "service[ipfs]", :delayed
+ipfs_config "API.HTTPHeaders.Access-Control-Allow-Origin" do
+  value ["kredits.kosmos.org"]
+end
+
+# Set up the Gateway to be writable
+ipfs_config "Gateway.Writable" do
+  value true
 end

 include_recipe "kosmos-ipfs::letsencrypt"
--- a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
@ -26,7 +26,9 @@ template "#{node['nginx']['dir']}/sites-available/ipfs.kosmos.org" do
  variables server_name:    'ipfs.kosmos.org',
            root_directory: root_directory,
            ssl_cert:       "/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem",
-            ssl_key:        "/etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem"
+            ssl_key:        "/etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem",
+            ipfs_api_port:  5001
+
  notifies :reload, 'service[nginx]', :delayed
 end

--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@ -1,21 +1,45 @@
+upstream _ipfs {
+  server   localhost:<%= @ipfs_api_port %>;
+}
+
+# Used by Let's Encrypt (certbot in webroot mode)
+server {
+  listen 80;
+  server_name <%= @server_name %>;
+  location /.well-known {
+    root "<%= @root_directory %>";
+  }
+  location / {
+    return 301 https://$host$request_uri;
+  }
+}
+
 server {
-  listen 80; # For Let's Encrypt
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  listen 443 ssl spdy;
+  <% else -%>
+  listen 80;
  <% end -%>

  server_name <%= @server_name %>;

-  # Used by Let's Encrypt (certbot in webroot mode)
-  location /.well-known {
-    root "<%= @root_directory %>";
-  }
-
  location / {
    return 200 'Nothing to see here';
    add_header Content-Type text/plain;
  }

+  # Increase number of buffers. Default is 8
+  proxy_buffers 1024 8k;
+  proxy_http_version 1.1;
+
+  location /api/v0/cat {
+    proxy_pass http://_ipfs/api/v0/cat;
+  }
+
+  location /api/v0/add {
+    proxy_pass http://_ipfs/api/v0/add;
+  }
+
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;