Make hubot nginx config generic

site-cookbooks/5apps-hubot/recipes/xmpp_schlupp.rb

@@ -8,6 +8,7 @@
 #
 
 express_port = 8083
+express_domain = "hubot.5apps.com"
 
 unless node.chef_environment == "development"
   include_recipe "firewall"
@@ -108,40 +109,42 @@ application schlupp_xmpp_path do
   end
 end
 
-# nginx reverse proxy
+#
+# Nginx reverse proxy
+#
 unless node.chef_environment == "development"
   include_recipe "kosmos-base::letsencrypt"
 end
 
 include_recipe 'kosmos-nginx'
 
-directory "/var/www/hubot.5apps.com/.well-known/acme-challenge" do
+directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
   owner     node["nginx"]["user"]
   group     node["nginx"]["group"]
   recursive true
   action    :create
 end
 
-template "#{node['nginx']['dir']}/sites-available/hubot.5apps.com" do
-  source 'nginx_conf_hubot.5apps.com.erb'
+template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
+  source 'nginx_conf_hubot.erb'
   owner node["nginx"]["user"]
   mode 0640
   variables express_port: express_port,
-            server_name:  'hubot.5apps.com',
-            ssl_cert:     "/etc/letsencrypt/live/hubot.5apps.com/fullchain.pem",
-            ssl_key:      "/etc/letsencrypt/live/hubot.5apps.com/privkey.pem"
+            server_name:  express_domain,
+            ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
+            ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
   notifies :reload, 'service[nginx]', :delayed
 end
 
-nginx_site 'hubot.5apps.com' do
+nginx_site express_domain do
   enable true
 end
 
 unless node.chef_environment == "development"
-  execute "letsencrypt cert for hubot.5apps.com" do
-    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/hubot.5apps.com -d hubot.5apps.com -n"
+  execute "letsencrypt cert for #{express_domain}" do
+    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
     cwd "/usr/local/certbot"
-    not_if { File.exist? "/etc/letsencrypt/live/hubot.5apps.com/fullchain.pem" }
-    notifies :create, "template[#{node['nginx']['dir']}/sites-available/hubot.5apps.com]", :immediately
+    not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
+    notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
   end
 end

site-cookbooks/5apps-hubot/templates/default/nginx_conf_hubot.erb

@@ -1,14 +1,17 @@
+#
 # Generated by Chef
-upstream _express_schlupp {
-  server   localhost:<%= @express_port %>;
+#
+upstream _express_<%= @server_name.gsub(".", "_") %> {
+  server localhost:<%= @express_port %>;
 }
 
 server {
-  listen 80; # For Let's Encrypt
+  listen 80;
   server_name <%= @server_name %>;
 
+  # For Let's Encrypt ACME verification
   location /.well-known {
-    root "/var/www/hubot.5apps.com";
+    root "/var/www/<%= @server_name %>";
   }
   location / {
     return 301 https://$host$request_uri;
@@ -23,14 +26,14 @@ server {
 
   server_name <%= @server_name %>;
 
-  access_log <%= node[:nginx][:log_dir] %>/hubot.5apps.com.access.log json;
-  error_log <%= node[:nginx][:log_dir] %>/hubot.5apps.com.error.log warn;
+  access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
 
   location / {
     # Increase number of buffers. Default is 8
     proxy_buffers 1024 8k;
 
-    proxy_pass http://_express_schlupp;
+    proxy_pass http://_express_<%= @server_name.gsub(".", "_") %>;
     proxy_http_version 1.1;
    }