kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Migrate akkounts proxy to openresty

Browse Source
This commit is contained in:
Râu Cao 2023-07-26 12:04:36 +02:00
parent 77c97607d5
commit 4b0b4b8d80
Signed by: raucao
GPG Key ID: 15E65F399D084BA9
4 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
roles/openresty_proxy.rb
View File

@ -45,6 +45,7 @@ default_run_list = %w(
production_run_list = %w( production_run_list = %w(
role[openresty] role[openresty]
kosmos_assets::nginx_site kosmos_assets::nginx_site
kosmos-akkounts::nginx
) )
env_run_lists( env_run_lists(

2
site-cookbooks/kosmos-akkounts/metadata.rb
View File

@ -7,7 +7,7 @@ long_description 'Installs/configures kosmos-akkounts'
version '0.2.0' version '0.2.0'
chef_version '>= 18.0' chef_version '>= 18.0'
depends 'kosmos-nginx' depends 'kosmos_openresty'
depends "kosmos-nodejs" depends "kosmos-nodejs"
depends "redisio" depends "redisio"
depends "postgresql" depends "postgresql"

21
site-cookbooks/kosmos-akkounts/recipes/nginx.rb
View File

@ -3,11 +3,13 @@
# Recipe:: nginx # Recipe:: nginx
# #
include_recipe "kosmos-nginx" app_name = "akkounts"
app_name = "akkounts" domain = node[app_name]["domain"]
domain = node[app_name]["domain"]
nginx_certbot_site domain tls_cert_for domain do
auth "gandi_dns"
action :create
end
upstream_hosts = [] upstream_hosts = []
search(:node, "role:akkounts").each do |node| search(:node, "role:akkounts").each do |node|
@ -15,10 +17,8 @@ search(:node, "role:akkounts").each do |node|
end end
upstream_hosts.push("localhost") if upstream_hosts.empty? upstream_hosts.push("localhost") if upstream_hosts.empty?
template "#{node['nginx']['dir']}/sites-available/#{domain}" do openresty_site domain do
source "nginx_conf_#{app_name}.erb" template "nginx_conf_#{app_name}.erb"
owner 'www-data'
mode 0640
variables port: node[app_name]['port'], variables port: node[app_name]['port'],
domain: domain, domain: domain,
upstream_port: node["akkounts"]["port"], upstream_port: node["akkounts"]["port"],
@ -26,9 +26,4 @@ template "#{node['nginx']['dir']}/sites-available/#{domain}" do
root_dir: "/opt/#{app_name}/public", root_dir: "/opt/#{app_name}/public",
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end end

2
site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb
View File

@ -10,7 +10,7 @@ proxy_cache_path /var/cache/nginx/akkounts levels=1:2
max_size=1g inactive=120m use_temp_path=off; max_size=1g inactive=120m use_temp_path=off;
server { server {
listen 443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;