Migrate discourse proxy to openresty

This commit is contained in:
Râu Cao 2023-07-26 13:40:03 +02:00
parent 87657db8a7
commit 543b482adb
Signed by: raucao
GPG Key ID: 15E65F399D084BA9
7 changed files with 35 additions and 48 deletions

View File

@ -39,6 +39,7 @@
"kosmos_openresty::firewall",
"kosmos_assets::nginx_site",
"kosmos-akkounts::nginx",
"kosmos_discourse::nginx",
"kosmos_encfs",
"kosmos_encfs::default",
"kosmos-ejabberd::firewall",
@ -99,4 +100,4 @@
"recipe[kosmos_zerotier::firewall]",
"recipe[sockethub::firewall]"
]
}
}

View File

@ -21,8 +21,6 @@ development_run_list = %w(
default_run_list = %w(
role[openresty]
tor-full
kosmos_assets::nginx_site
kosmos_discourse::nginx
kosmos_drone::nginx
kosmos_garage::default
kosmos_garage::firewall_rpc
@ -46,6 +44,7 @@ production_run_list = %w(
role[openresty]
kosmos_assets::nginx_site
kosmos-akkounts::nginx
kosmos_discourse::nginx
)
env_run_lists(

View File

@ -7,5 +7,4 @@ long_description 'Installs/Configures discourse'
version '0.1.0'
chef_version '>= 14.0'
depends 'kosmos-nginx'
depends 'firewall'

View File

@ -1,39 +0,0 @@
#
# Cookbook:: discourse
# Recipe:: nginx
#
include_recipe "kosmos-nginx"
domain = node['discourse']['domain']
discourse_role = node['discourse']['role']
upstream_ip_addresses = []
search(:node, "role:#{discourse_role}").each do |n|
upstream_ip_addresses << n["knife_zero"]["host"]
end
# No Discourse host, stop here
if upstream_ip_addresses.empty?
Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
return
end
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: node['discourse']['port'],
upstream_name: discourse_role,
upstream_ip_addresses: upstream_ip_addresses
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end

View File

@ -2,10 +2,11 @@ name 'kosmos_discourse'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures discourse'
long_description 'Installs/Configures discourse'
version '0.1.0'
description 'Installs/configures Discourse'
long_description 'Installs/configures Discourse'
version '0.2.0'
chef_version '>= 14.0'
depends 'discourse'
depends 'firewall'
depends 'kosmos_openresty'

View File

@ -3,4 +3,30 @@
# Recipe:: nginx
#
include_recipe "discourse::nginx"
domain = node['discourse']['domain']
discourse_role = node['discourse']['role']
upstream_ip_addresses = []
search(:node, "role:#{discourse_role}").each do |n|
upstream_ip_addresses << n["knife_zero"]["host"]
end
# No Discourse host, stop here
if upstream_ip_addresses.empty?
Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
return
end
tls_cert_for domain do
auth "gandi_dns"
action :create
end
openresty_site domain do
template "nginx_conf.erb"
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: node['discourse']['port'],
upstream_name: discourse_role,
upstream_ip_addresses: upstream_ip_addresses
end

View File

@ -8,7 +8,7 @@ upstream _discourse {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
server_name <%= @server_name %>;
listen 443 ssl http2;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate <%= @ssl_cert %>;