Move lndhub nginx site to proxy

And configure for lndhub-go. Also configure branding for public lndhub dashboard
2022-12-22 19:33:25 +07:00 · 2022-12-22 19:33:25 +07:00 · 379a503dd0
parent 7d11450c4e
commit 379a503dd0
6 changed files with 57 additions and 29 deletions
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@ -87,6 +87,14 @@ node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
 node.default['lndhub-go']['postgres']['database'] = 'lndhub'
 node.default['lndhub-go']['postgres']['user'] = 'lndhub'
 node.default['lndhub-go']['postgres']['port'] = 5432
+node.default['lndhub-go']['branding'] = {
+  'title' => 'LndHub - Kosmos Lightning',
+  'desc' => 'Kosmos accounts for the Lightning Network',
+  'url' => 'https://lndhub.kosmos.org',
+  'logo' => 'https://storage.5apps.com/basti/public/shares/221222-0955-icon-lndhub-400px.png',
+  'favicon' => 'https://kosmos.org/favicon.ico',
+  'footer' => 'about=https://kosmos.org'
+}

 node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
--- a/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
@ -53,7 +53,8 @@ template "#{source_dir}/.env" do
    lnd_cert_file:  "#{lnd_dir}/tls.cert",
    custom_name: node['lndhub-go']['domain'],
    port: node['lndhub-go']['port'],
-    admin_token: credentials['admin_token']
+    admin_token: credentials['admin_token'],
+    branding: node['lndhub-go']['branding']
  }
  notifies :restart, 'service[lndhub-go]', :delayed
 end
@ -90,6 +91,10 @@ systemd_unit 'lndhub-go.service' do
  action [:create, :enable, :start]
 end

+service "lndhub-go" do
+  action :nothing
+end
+
 firewall_rule 'lndhub-go' do
  port     node['lndhub-go']['port']
  source   "10.1.1.0/24"
--- a/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb
@ -90,27 +90,5 @@ firewall_rule 'lndhub_private' do
  command  :allow
 end

-unless node.chef_environment == "development"
-  include_recipe "kosmos-base::letsencrypt"
-  include_recipe "kosmos-nginx"
-
-  nginx_certbot_site node[app_name]['domain']
-
-  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
-    source 'nginx_conf_lndhub.erb'
-    owner node["nginx"]["user"]
-    mode 0640
-    variables port: node[app_name]['port'],
-              server_name:  node[app_name]['domain'],
-              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
-              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
-    notifies :reload, 'service[nginx]', :delayed
-  end
-
-  nginx_site node[app_name]['domain'] do
-    action :enable
-  end
-
-  node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
-  include_recipe "backup"
-end
+node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
+include_recipe "backup"
--- a/site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb
@ -0,0 +1,29 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: nginx_lndhub
+#
+
+include_recipe "kosmos-base::letsencrypt"
+include_recipe "kosmos-nginx"
+
+domain = node['lndhub-go']['domain']
+
+nginx_certbot_site domain
+
+upstream_host = search(:node, "role:lndhub").first["knife_zero"]["host"]
+
+template "#{node['nginx']['dir']}/sites-available/#{domain}" do
+  source 'nginx_conf_lndhub.erb'
+  owner node["nginx"]["user"]
+  mode 0640
+  variables port: node['lndhub-go']['port'],
+            server_name: domain,
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem",
+            upstream_host: upstream_host
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
--- a/site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb
@ -1,3 +1,9 @@
 <% @config.each do |key, value| %>
+<% if value.is_a?(Hash) %>
+<% value.each do |k, v| %>
+<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
+<% end %>
+<% else %>
 <%= key.upcase %>=<%= value.to_s %>
 <% end %>
+<% end %>
--- a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
@ -2,10 +2,9 @@
 # Generated by Chef
 #
 upstream _lndhub {
-  server localhost:<%= @port %>;
+  server <%= @upstream_host || "localhost" %>:<%= @port %>;
 }

-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
  listen 443 ssl http2;
  server_name <%= @server_name %>;
@ -16,10 +15,13 @@ server {
  error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;

  location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header Host $http_host;
+    proxy_redirect off;
    proxy_pass http://_lndhub;
-   }
+  }

  ssl_certificate <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;
 }
-<% end -%>