Migrate ejabberd uploads to mod_s3_upload and Garage

In addition to installing and configuring the new module, this also enables public access to the S3 API via `bucket-name.s3.kosmos.org` as well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled). Also includes some drive-by improvements to Chef attribute naming and usage. Co-authored-by: Greg Karékinian <greg@karekinian.com>
2023-10-10 17:55:55 +02:00
parent 832075dfb2
commit 65d71d6a73
25 changed files with 322 additions and 132 deletions
--- a/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb
+++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb
@@ -0,0 +1,49 @@
+upstream garage_s3 {
+  server 127.0.0.1:3900;
+}
+
+server {
+  listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2;
+  listen [::]:443 http2 ssl;
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  server_name <%= @server_name %>;
+
+  access_log <%= node[:openresty][:log_dir] %>/<%= @domain_name %>.access.log json;
+  error_log <%= node[:openresty][:log_dir] %>/<%= @domain_name %>.error.log warn;
+
+  error_page 401 403 404 500 /__empty-page.html;
+
+  location = /__empty-page.html {
+    internal;
+    return 200 "";
+  }
+
+  location / {
+    if ($request_method = OPTIONS) {
+      add_header Content-Length 0;
+      add_header Content-Type text/plain;
+      return 200;
+    }
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+    proxy_request_buffering off;
+    proxy_max_temp_file_size 0;
+
+    proxy_pass http://garage_s3;
+
+<% if @xmpp_upload_bucket %>
+    # Some XMPP clients (e.g. Beagle, Siskin, Snikket, Monal) require a 201 CREATED
+    # for PUT requests to be considered successful
+    header_filter_by_lua_block {
+      if ngx.var.http_host == "<%= @xmpp_upload_bucket %>.<%= @domain_name %>" and
+         ngx.req.get_method() == "PUT" and ngx.status == ngx.HTTP_OK then
+        ngx.status = ngx.HTTP_CREATED
+      end
+    }
+<% end %>
+  }
+}
--- a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
+++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
@@ -1,14 +1,15 @@
 server {
-  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
+  listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2;
  listen [::]:443 http2 ssl;

  server_name <%= @server_name %>;

-  access_log off;
-
  ssl_certificate     <%= @ssl_cert %>;
  ssl_certificate_key <%= @ssl_key %>;

+  access_log <%= node[:openresty][:log_dir] %>/<%= @domain_name %>.access.log json;
+  error_log <%= node[:openresty][:log_dir] %>/<%= @domain_name %>.error.log warn;
+
  error_page 401 403 404 500 /__empty-page.html;

  location = /__empty-page.html {