Merge branch 'feature/ipfs_gateway' of kosmos/chef into master

2019-07-02 11:39:26 +00:00 · 2019-07-02 11:39:26 +00:00 · 60205e8c7f
commit 60205e8c7f
parent 18170e2abd f1d58f6172
3 changed files with 30 additions and 8 deletions
--- a/site-cookbooks/kosmos-ipfs/attributes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb
@ -4,6 +4,7 @@
 # FIXME api_port should come from the ipfs cookbook/attributes
 # It has nothing to do with nginx
 node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
+node.default['kosmos-ipfs']['nginx']['gateway_port'] = 9090
 node.default['kosmos-ipfs']['nginx']['external_api_port'] = 5444

 node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org"
--- a/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/letsencrypt.rb
@ -36,6 +36,7 @@ template "#{node['nginx']['dir']}/sites-available/#{domain}" do
            ssl_cert:               "/etc/letsencrypt/live/#{domain}/fullchain.pem",
            ssl_key:                "/etc/letsencrypt/live/#{domain}/privkey.pem",
            ipfs_api_port:          node['kosmos-ipfs']['nginx']['api_port'],
+            ipfs_gateway_port:      node['kosmos-ipfs']['nginx']['gateway_port'],
            ipfs_external_api_port: node['kosmos-ipfs']['nginx']['external_api_port']

  notifies :reload, 'service[nginx]', :delayed
--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@ -1,12 +1,32 @@
-upstream _ipfs {
+upstream _ipfs_gateway {
+  server   localhost:<%= @ipfs_gateway_port %>;
+}
+upstream _ipfs_api {
  server   localhost:<%= @ipfs_api_port %>;
 }

-<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
 server {
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+<% else -%>
+  listen 80;
+  listen [::]:80;
+<% end -%>
+  server_name ipfs.kosmos.org;
+
+  location /ipfs {
+    proxy_pass http://_ipfs_gateway/ipfs;
+  }
+
+  ssl_certificate /etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem;
+}
+
+server {
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
  listen <%= @ipfs_external_api_port %> ssl http2;
 <% else -%>
-server {
  listen <%= @ipfs_external_api_port %>;
 <% end -%>

@ -22,19 +42,19 @@ server {
  proxy_http_version 1.1;

  location /api/v0/cat {
-    proxy_pass http://_ipfs/api/v0/cat;
+    proxy_pass http://_ipfs_api/api/v0/cat;
  }
  location /api/v0/add {
-    proxy_pass http://_ipfs/api/v0/add;
+    proxy_pass http://_ipfs_api/api/v0/add;
  }
  location /api/v0/object/get {
-    proxy_pass http://_ipfs/api/v0/object/get;
+    proxy_pass http://_ipfs_api/api/v0/object/get;
  }
  location /api/v0/object/data {
-    proxy_pass http://_ipfs/api/v0/object/data;
+    proxy_pass http://_ipfs_api/api/v0/object/data;
  }
  location /api/v0/id {
-    proxy_pass http://_ipfs/api/v0/id;
+    proxy_pass http://_ipfs_api/api/v0/id;
  }

  ssl_certificate <%= @ssl_cert %>;