Add nginx reverse proxy for botka on freenode
This commit is contained in:
parent
4b30ce8b23
commit
50de448d53
|
@ -9,7 +9,7 @@
|
|||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe 'firewall'
|
||||
firewall_rule 'hubot_express_hal8000' do
|
||||
firewall_rule 'hubot_express_hal8000_freenode' do
|
||||
port 8080
|
||||
protocol :tcp
|
||||
command :allow
|
||||
|
@ -185,7 +185,7 @@ application botka_freenode_path do
|
|||
"HUBOT_RSS_PRINTERROR" => "false",
|
||||
"HUBOT_RSS_IRCCOLORS" => "true",
|
||||
# "HUBOT_LOG_LEVEL" => "error",
|
||||
"EXPRESS_PORT" => "8082",
|
||||
"EXPRESS_PORT" => "8081",
|
||||
"HUBOT_AUTH_ADMIN" => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
|
||||
"RS_LOGGER_USER" => "kosmos@5apps.com",
|
||||
"RS_LOGGER_TOKEN" => botka_freenode_data_bag_item['rs_logger_token'],
|
||||
|
@ -205,3 +205,46 @@ application botka_freenode_path do
|
|||
action [:enable, :start]
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Nginx reverse proxy
|
||||
#
|
||||
express_port = 8081
|
||||
express_domain = "freenode.botka.kosmos.org"
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
end
|
||||
|
||||
include_recipe 'kosmos-nginx'
|
||||
|
||||
directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
|
||||
owner node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
recursive true
|
||||
action :create
|
||||
end
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
|
||||
source 'nginx_conf_hubot.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables express_port: express_port,
|
||||
server_name: express_domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site express_domain do
|
||||
enable true
|
||||
end
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
execute "letsencrypt cert for #{express_domain}" do
|
||||
command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
|
||||
cwd "/usr/local/certbot"
|
||||
not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
|
||||
notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
#
|
||||
# Generated by Chef
|
||||
#
|
||||
upstream _express_<%= @server_name.gsub(".", "_") %> {
|
||||
server localhost:<%= @express_port %>;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
# For Let's Encrypt ACME verification
|
||||
location /.well-known {
|
||||
root "/var/www/<%= @server_name %>";
|
||||
}
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
listen 443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=15768000";
|
||||
<% end -%>
|
||||
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
|
||||
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
|
||||
|
||||
location / {
|
||||
# Increase number of buffers. Default is 8
|
||||
proxy_buffers 1024 8k;
|
||||
|
||||
proxy_pass http://_express_<%= @server_name.gsub(".", "_") %>;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
<% end -%>
|
||||
}
|
Loading…
Reference in New Issue
Block a user