Migrate discourse proxy to openresty
This commit is contained in:
Râu Cao
parent
87657db8a7
commit
543b482adb
GPG Key ID:
15E65F399D084BA9
@ -39,6 +39,7 @@
|
|||||||
"kosmos_openresty::firewall",
|
"kosmos_openresty::firewall",
|
||||||
"kosmos_assets::nginx_site",
|
"kosmos_assets::nginx_site",
|
||||||
"kosmos-akkounts::nginx",
|
"kosmos-akkounts::nginx",
|
||||||
|
"kosmos_discourse::nginx",
|
||||||
"kosmos_encfs",
|
"kosmos_encfs",
|
||||||
"kosmos_encfs::default",
|
"kosmos_encfs::default",
|
||||||
"kosmos-ejabberd::firewall",
|
"kosmos-ejabberd::firewall",
|
||||||
@ -99,4 +100,4 @@
|
|||||||
"recipe[kosmos_zerotier::firewall]",
|
"recipe[kosmos_zerotier::firewall]",
|
||||||
"recipe[sockethub::firewall]"
|
"recipe[sockethub::firewall]"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
@ -21,8 +21,6 @@ development_run_list = %w(
|
|||||||
default_run_list = %w(
|
default_run_list = %w(
|
||||||
role[openresty]
|
role[openresty]
|
||||||
tor-full
|
tor-full
|
||||||
kosmos_assets::nginx_site
|
|
||||||
kosmos_discourse::nginx
|
|
||||||
kosmos_drone::nginx
|
kosmos_drone::nginx
|
||||||
kosmos_garage::default
|
kosmos_garage::default
|
||||||
kosmos_garage::firewall_rpc
|
kosmos_garage::firewall_rpc
|
||||||
@ -46,6 +44,7 @@ production_run_list = %w(
|
|||||||
role[openresty]
|
role[openresty]
|
||||||
kosmos_assets::nginx_site
|
kosmos_assets::nginx_site
|
||||||
kosmos-akkounts::nginx
|
kosmos-akkounts::nginx
|
||||||
|
kosmos_discourse::nginx
|
||||||
)
|
)
|
||||||
|
|
||||||
env_run_lists(
|
env_run_lists(
|
||||||
|
|||||||
@ -7,5 +7,4 @@ long_description 'Installs/Configures discourse'
|
|||||||
version '0.1.0'
|
version '0.1.0'
|
||||||
chef_version '>= 14.0'
|
chef_version '>= 14.0'
|
||||||
|
|
||||||
depends 'kosmos-nginx'
|
|
||||||
depends 'firewall'
|
depends 'firewall'
|
||||||
|
|||||||
@ -1,39 +0,0 @@
|
|||||||
#
|
|
||||||
# Cookbook:: discourse
|
|
||||||
# Recipe:: nginx
|
|
||||||
#
|
|
||||||
|
|
||||||
include_recipe "kosmos-nginx"
|
|
||||||
|
|
||||||
domain = node['discourse']['domain']
|
|
||||||
discourse_role = node['discourse']['role']
|
|
||||||
|
|
||||||
upstream_ip_addresses = []
|
|
||||||
search(:node, "role:#{discourse_role}").each do |n|
|
|
||||||
upstream_ip_addresses << n["knife_zero"]["host"]
|
|
||||||
end
|
|
||||||
# No Discourse host, stop here
|
|
||||||
if upstream_ip_addresses.empty?
|
|
||||||
Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
nginx_certbot_site domain
|
|
||||||
|
|
||||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
|
||||||
source "nginx_conf.erb"
|
|
||||||
owner 'www-data'
|
|
||||||
mode 0640
|
|
||||||
variables server_name: domain,
|
|
||||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
|
||||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
|
||||||
upstream_port: node['discourse']['port'],
|
|
||||||
upstream_name: discourse_role,
|
|
||||||
upstream_ip_addresses: upstream_ip_addresses
|
|
||||||
|
|
||||||
notifies :reload, 'service[nginx]', :delayed
|
|
||||||
end
|
|
||||||
|
|
||||||
nginx_site domain do
|
|
||||||
action :enable
|
|
||||||
end
|
|
||||||
@ -2,10 +2,11 @@ name 'kosmos_discourse'
|
|||||||
maintainer 'Kosmos Developers'
|
maintainer 'Kosmos Developers'
|
||||||
maintainer_email 'mail@kosmos.org'
|
maintainer_email 'mail@kosmos.org'
|
||||||
license 'MIT'
|
license 'MIT'
|
||||||
description 'Installs/Configures discourse'
|
description 'Installs/configures Discourse'
|
||||||
long_description 'Installs/Configures discourse'
|
long_description 'Installs/configures Discourse'
|
||||||
version '0.1.0'
|
version '0.2.0'
|
||||||
chef_version '>= 14.0'
|
chef_version '>= 14.0'
|
||||||
|
|
||||||
depends 'discourse'
|
depends 'discourse'
|
||||||
depends 'firewall'
|
depends 'firewall'
|
||||||
|
depends 'kosmos_openresty'
|
||||||
|
|||||||
@ -3,4 +3,30 @@
|
|||||||
# Recipe:: nginx
|
# Recipe:: nginx
|
||||||
#
|
#
|
||||||
|
|
||||||
include_recipe "discourse::nginx"
|
domain = node['discourse']['domain']
|
||||||
|
discourse_role = node['discourse']['role']
|
||||||
|
|
||||||
|
upstream_ip_addresses = []
|
||||||
|
search(:node, "role:#{discourse_role}").each do |n|
|
||||||
|
upstream_ip_addresses << n["knife_zero"]["host"]
|
||||||
|
end
|
||||||
|
# No Discourse host, stop here
|
||||||
|
if upstream_ip_addresses.empty?
|
||||||
|
Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
tls_cert_for domain do
|
||||||
|
auth "gandi_dns"
|
||||||
|
action :create
|
||||||
|
end
|
||||||
|
|
||||||
|
openresty_site domain do
|
||||||
|
template "nginx_conf.erb"
|
||||||
|
variables server_name: domain,
|
||||||
|
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||||
|
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||||
|
upstream_port: node['discourse']['port'],
|
||||||
|
upstream_name: discourse_role,
|
||||||
|
upstream_ip_addresses: upstream_ip_addresses
|
||||||
|
end
|
||||||
|
|||||||
@ -8,7 +8,7 @@ upstream _discourse {
|
|||||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||||
server {
|
server {
|
||||||
server_name <%= @server_name %>;
|
server_name <%= @server_name %>;
|
||||||
listen 443 ssl http2;
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
ssl_certificate <%= @ssl_cert %>;
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user