kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Set up public HTTPS endpoint for RSKj

Browse Source 
refs #325
This commit is contained in:
Basti
2021-08-09 19:02:14 +02:00
parent 0ffddb9d0f
commit 89e27a040f
5 changed files with 80 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
site-cookbooks/kosmos_rsk/metadata.rb
View File

@@ -9,3 +9,4 @@ issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
source_url 'https://gitea.kosmos.org/kosmos/chef'
depends 'firewall'
depends 'kosmos-nginx'

27
site-cookbooks/kosmos_rsk/recipes/nginx.rb Normal file
View File

@@ -0,0 +1,27 @@
#
# Cookbook Name:: kosmos_rsk
# Recipe:: nginx
#
include_recipe "kosmos-nginx"
app_name = "rskj"
domain = node[app_name]["nginx"]["domain"]
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf_#{app_name}.erb"
owner 'www-data'
mode 0640
variables app_name: app_name,
domain: domain,
port: "4444",
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end
nginx_certbot_site domain

26
site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb Normal file
View File

@@ -0,0 +1,26 @@
# Generated by Chef
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=15768000";
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
server_name <%= @domain %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn;
root <%= @root_dir %>;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass localhost:<%= @port %>;
}
}
<% end -%>