Create a nginx_certbot_site resource to remove duplication

It creates a folder, the nginx vhost for certbot and HTTP redirects, and also runs certbot and recreates the nginx vhost that includes the TLS cert
2019-03-15 19:03:28 +01:00
parent b30dcab4da
commit 17f1b2a20a
23 changed files with 152 additions and 302 deletions
--- a/site-cookbooks/kosmos-parity/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-parity/recipes/letsencrypt.rb
@@ -1,39 +0,0 @@
-#
-# Cookbook Name:: kosmos-parity
-# Recipe:: letsencrypt
-#
-# Copyright 2017, Kosmos
-#
-# All rights reserved - Do Not Redistribute
-#
-
-include_recipe "kosmos-base::letsencrypt"
-
-hostname = node['kosmos-parity']['hostname']
-
-directory "/var/www/#{hostname}/.well-known/acme-challenge" do
-  owner     node["nginx"]["user"]
-  group     node["nginx"]["group"]
-  action    :create
-  recursive true
-end
-
-template "#{node['nginx']['dir']}/sites-available/#{hostname}" do
-  source 'nginx_conf_parity_letsencrypt.erb'
-  owner 'www-data'
-  mode 0640
-  variables server_name: hostname,
-            ssl_cert:    "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
-            ssl_key:     "/etc/letsencrypt/live/#{hostname}/privkey.pem"
-  notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_site "#{hostname}" do
-  action :enable
-end
-
-execute "letsencrypt cert for #{hostname}" do
-  command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
-  not_if { File.exist? "/etc/letsencrypt/live/#{hostname}/fullchain.pem" }
-  notifies :reload, "service[nginx]", :delayed
-end
--- a/site-cookbooks/kosmos-parity/resources/node.rb
+++ b/site-cookbooks/kosmos-parity/resources/node.rb
@@ -108,10 +108,6 @@ action :enable do
  end

  if rpc_proxy_port
-    unless node.chef_environment == "development"
-      include_recipe "kosmos-parity::letsencrypt"
-    end
-
    include_recipe "kosmos-nginx"

    hostname = node['kosmos-parity']['hostname']
@@ -129,8 +125,12 @@ action :enable do
      notifies :reload, 'service[nginx]', :delayed
    end

-    nginx_site "#{parity_service}" do
+    nginx_site parity_service do
      action :enable
    end
+
+    nginx_certbot_site hostname do
+      site parity_service
+    end
  end
 end
--- a/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity.erb
+++ b/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity.erb
@@ -15,10 +15,6 @@ server {
  access_log <%= node[:nginx][:log_dir] %>/<%= @parity_service %>.access.log json;
  error_log <%= node[:nginx][:log_dir] %>/<%= @parity_service %>.error.log warn;

-  location /.well-known {
-    root "/var/www/<%= @parity_service %>";
-  }
-
  location / {
    # Increase number of buffers. Default is 8
    proxy_buffers 1024 8k;
--- a/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity_letsencrypt.erb
+++ b/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity_letsencrypt.erb
@@ -1,13 +0,0 @@
-# Generated by Chef
-server {
-  listen 80; # For Let's Encrypt
-
-  server_name <%= @server_name %>;
-
-  access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
-  error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
-
-  location /.well-known {
-    root "/var/www/<%= @server_name %>";
-  }
-}