Move lndhub nginx site to proxy
And configure for lndhub-go. Also configure branding for public lndhub dashboard
This commit is contained in:
parent
7d11450c4e
commit
379a503dd0
|
@ -87,6 +87,14 @@ node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
|
|||
node.default['lndhub-go']['postgres']['database'] = 'lndhub'
|
||||
node.default['lndhub-go']['postgres']['user'] = 'lndhub'
|
||||
node.default['lndhub-go']['postgres']['port'] = 5432
|
||||
node.default['lndhub-go']['branding'] = {
|
||||
'title' => 'LndHub - Kosmos Lightning',
|
||||
'desc' => 'Kosmos accounts for the Lightning Network',
|
||||
'url' => 'https://lndhub.kosmos.org',
|
||||
'logo' => 'https://storage.5apps.com/basti/public/shares/221222-0955-icon-lndhub-400px.png',
|
||||
'favicon' => 'https://kosmos.org/favicon.ico',
|
||||
'footer' => 'about=https://kosmos.org'
|
||||
}
|
||||
|
||||
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
|
||||
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
|
||||
|
|
|
@ -53,7 +53,8 @@ template "#{source_dir}/.env" do
|
|||
lnd_cert_file: "#{lnd_dir}/tls.cert",
|
||||
custom_name: node['lndhub-go']['domain'],
|
||||
port: node['lndhub-go']['port'],
|
||||
admin_token: credentials['admin_token']
|
||||
admin_token: credentials['admin_token'],
|
||||
branding: node['lndhub-go']['branding']
|
||||
}
|
||||
notifies :restart, 'service[lndhub-go]', :delayed
|
||||
end
|
||||
|
@ -90,6 +91,10 @@ systemd_unit 'lndhub-go.service' do
|
|||
action [:create, :enable, :start]
|
||||
end
|
||||
|
||||
service "lndhub-go" do
|
||||
action :nothing
|
||||
end
|
||||
|
||||
firewall_rule 'lndhub-go' do
|
||||
port node['lndhub-go']['port']
|
||||
source "10.1.1.0/24"
|
||||
|
|
|
@ -90,27 +90,5 @@ firewall_rule 'lndhub_private' do
|
|||
command :allow
|
||||
end
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
nginx_certbot_site node[app_name]['domain']
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
|
||||
source 'nginx_conf_lndhub.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables port: node[app_name]['port'],
|
||||
server_name: node[app_name]['domain'],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site node[app_name]['domain'] do
|
||||
action :enable
|
||||
end
|
||||
|
||||
node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
|
||||
include_recipe "backup"
|
||||
end
|
||||
node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
|
||||
include_recipe "backup"
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
#
|
||||
# Cookbook:: kosmos-bitcoin
|
||||
# Recipe:: nginx_lndhub
|
||||
#
|
||||
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node['lndhub-go']['domain']
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
upstream_host = search(:node, "role:lndhub").first["knife_zero"]["host"]
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source 'nginx_conf_lndhub.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables port: node['lndhub-go']['port'],
|
||||
server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_host: upstream_host
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
|
@ -1,3 +1,9 @@
|
|||
<% @config.each do |key, value| %>
|
||||
<% if value.is_a?(Hash) %>
|
||||
<% value.each do |k, v| %>
|
||||
<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
<%= key.upcase %>=<%= value.to_s %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
|
|
@ -2,10 +2,9 @@
|
|||
# Generated by Chef
|
||||
#
|
||||
upstream _lndhub {
|
||||
server localhost:<%= @port %>;
|
||||
server <%= @upstream_host || "localhost" %>:<%= @port %>;
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name <%= @server_name %>;
|
||||
|
@ -16,10 +15,13 @@ server {
|
|||
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
proxy_pass http://_lndhub;
|
||||
}
|
||||
}
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
||||
<% end -%>
|
||||
|
|
Loading…
Reference in New Issue