Add nginx reverse proxy for botka on freenode

2018-06-13 18:51:46 +02:00
parent 4b30ce8b23
commit 50de448d53
2 changed files with 89 additions and 2 deletions
--- a/site-cookbooks/kosmos-hubot/recipes/default.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/default.rb
@@ -9,7 +9,7 @@

 unless node.chef_environment == "development"
  include_recipe 'firewall'
-  firewall_rule 'hubot_express_hal8000' do
+  firewall_rule 'hubot_express_hal8000_freenode' do
    port     8080
    protocol :tcp
    command  :allow
@@ -185,7 +185,7 @@ application botka_freenode_path do
        "HUBOT_RSS_PRINTERROR"        => "false",
        "HUBOT_RSS_IRCCOLORS"         => "true",
        # "HUBOT_LOG_LEVEL"             => "error",
-        "EXPRESS_PORT"                => "8082",
+        "EXPRESS_PORT"                => "8081",
        "HUBOT_AUTH_ADMIN"            => "bkero,derbumi,galfert,gregkare,jaaan,slvrbckt,raucao",
        "RS_LOGGER_USER"              => "kosmos@5apps.com",
        "RS_LOGGER_TOKEN"             => botka_freenode_data_bag_item['rs_logger_token'],
@@ -205,3 +205,46 @@ application botka_freenode_path do
    action [:enable, :start]
  end
 end
+
+#
+# Nginx reverse proxy
+#
+express_port = 8081
+express_domain = "freenode.botka.kosmos.org"
+
+unless node.chef_environment == "development"
+  include_recipe "kosmos-base::letsencrypt"
+end
+
+include_recipe 'kosmos-nginx'
+
+directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
+  owner     node["nginx"]["user"]
+  group     node["nginx"]["group"]
+  recursive true
+  action    :create
+end
+
+template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
+  source 'nginx_conf_hubot.erb'
+  owner node["nginx"]["user"]
+  mode 0640
+  variables express_port: express_port,
+            server_name:  express_domain,
+            ssl_cert:     "/etc/letsencrypt/live/#{express_domain}/fullchain.pem",
+            ssl_key:      "/etc/letsencrypt/live/#{express_domain}/privkey.pem"
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site express_domain do
+  enable true
+end
+
+unless node.chef_environment == "development"
+  execute "letsencrypt cert for #{express_domain}" do
+    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
+    cwd "/usr/local/certbot"
+    not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
+    notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
+  end
+end