kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Move lndhub nginx site to proxy

Browse Source 
And configure for lndhub-go. Also configure branding for public lndhub
dashboard
This commit is contained in:
Râu Cao 2022-12-22 19:33:25 +07:00
parent 7d11450c4e
commit 379a503dd0
Signed by: raucao
GPG Key ID: 15E65F399D084BA9
6 changed files with 57 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@ -87,6 +87,14 @@ node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
node.default['lndhub-go']['postgres']['database'] = 'lndhub' node.default['lndhub-go']['postgres']['database'] = 'lndhub'
node.default['lndhub-go']['postgres']['user'] = 'lndhub' node.default['lndhub-go']['postgres']['user'] = 'lndhub'
node.default['lndhub-go']['postgres']['port'] = 5432 node.default['lndhub-go']['postgres']['port'] = 5432
node.default['lndhub-go']['branding'] = {
'title' => 'LndHub - Kosmos Lightning',
'desc' => 'Kosmos accounts for the Lightning Network',
'url' => 'https://lndhub.kosmos.org',
'logo' => 'https://storage.5apps.com/basti/public/shares/221222-0955-icon-lndhub-400px.png',
'favicon' => 'https://kosmos.org/favicon.ico',
'footer' => 'about=https://kosmos.org'
}
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb" node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"

7
site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb
View File

@ -53,7 +53,8 @@ template "#{source_dir}/.env" do
lnd_cert_file: "#{lnd_dir}/tls.cert", lnd_cert_file: "#{lnd_dir}/tls.cert",
custom_name: node['lndhub-go']['domain'], custom_name: node['lndhub-go']['domain'],
port: node['lndhub-go']['port'], port: node['lndhub-go']['port'],
admin_token: credentials['admin_token'] admin_token: credentials['admin_token'],
branding: node['lndhub-go']['branding']
} }
notifies :restart, 'service[lndhub-go]', :delayed notifies :restart, 'service[lndhub-go]', :delayed
end end
@ -90,6 +91,10 @@ systemd_unit 'lndhub-go.service' do
action [:create, :enable, :start] action [:create, :enable, :start]
end end
service "lndhub-go" do
action :nothing
end
firewall_rule 'lndhub-go' do firewall_rule 'lndhub-go' do
port node['lndhub-go']['port'] port node['lndhub-go']['port']
source "10.1.1.0/24" source "10.1.1.0/24"

22
site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb
View File

@ -90,27 +90,5 @@ firewall_rule 'lndhub_private' do
command :allow command :allow
end end
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
nginx_certbot_site node[app_name]['domain']
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
source 'nginx_conf_lndhub.erb'
owner node["nginx"]["user"]
mode 0640
variables port: node[app_name]['port'],
server_name: node[app_name]['domain'],
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site node[app_name]['domain'] do
action :enable
end
node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"] node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
include_recipe "backup" include_recipe "backup"
end

29
site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb Normal file
View File

@ -0,0 +1,29 @@
#
# Cookbook:: kosmos-bitcoin
# Recipe:: nginx_lndhub
#
include_recipe "kosmos-base::letsencrypt"
include_recipe "kosmos-nginx"
domain = node['lndhub-go']['domain']
nginx_certbot_site domain
upstream_host = search(:node, "role:lndhub").first["knife_zero"]["host"]
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source 'nginx_conf_lndhub.erb'
owner node["nginx"]["user"]
mode 0640
variables port: node['lndhub-go']['port'],
server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_host: upstream_host
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end

6
site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb
View File

@ -1,3 +1,9 @@
<% @config.each do |key, value| %> <% @config.each do |key, value| %>
<% if value.is_a?(Hash) %>
<% value.each do |k, v| %>
<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
<% end %>
<% else %>
<%= key.upcase %>=<%= value.to_s %> <%= key.upcase %>=<%= value.to_s %>
<% end %> <% end %>
<% end %>

8
site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
View File

@ -2,10 +2,9 @@
# Generated by Chef # Generated by Chef
# #
upstream _lndhub { upstream _lndhub {
server localhost:<%= @port %>; server <%= @upstream_host || "localhost" %>:<%= @port %>;
} }
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server { server {
listen 443 ssl http2; listen 443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
@ -16,10 +15,13 @@ server {
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn; error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
location / { location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://_lndhub; proxy_pass http://_lndhub;
} }
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;
} }
<% end -%>