Set up public HTTPS endpoint for RSKj

refs #325

nodes/rsk-testnet-1.json

@@ -12,11 +12,12 @@
     "hostname": "rsk-testnet-1",
     "ipaddress": "192.168.122.196",
     "roles": [
-
+      "rskj_testnet"
     ],
     "recipes": [
       "kosmos-base",
       "kosmos-base::default",
+      "kosmos_rsk::rskj",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
@@ -30,7 +31,9 @@
       "postfix::_common",
       "postfix::_attributes",
       "postfix::sasl_auth",
-      "hostname::default"
+      "hostname::default",
+      "firewall::default",
+      "chef-sugar::default"
     ],
     "platform": "ubuntu",
     "platform_version": "20.04",
@@ -48,6 +51,7 @@
     }
   },
   "run_list": [
-    "recipe[kosmos-base]"
+    "recipe[kosmos-base]",
+    "role[rskj_testnet]"
   ]
 }

roles/rskj_testnet.rb

@@ -0,0 +1,19 @@
+name 'rskj_testnet'
+
+default_attributes 'rskj' => {
+  'network' => 'testnet',
+  'nginx' => {
+    'domain' => 'rsk-testnet.kosmos.org'
+  }
+}
+
+default_run_list = %w(
+  kosmos_rsk::rskj
+  kosmos_rsk::nginx
+)
+
+env_run_lists(
+  '_default' => default_run_list,
+  'development' => default_run_list,
+  'production' => default_run_list
+)

site-cookbooks/kosmos_rsk/metadata.rb

@@ -9,3 +9,4 @@ issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
 source_url 'https://gitea.kosmos.org/kosmos/chef'
 
 depends 'firewall'
+depends 'kosmos-nginx'

site-cookbooks/kosmos_rsk/recipes/nginx.rb

@@ -0,0 +1,27 @@
+#
+# Cookbook Name:: kosmos_rsk
+# Recipe:: nginx
+#
+
+include_recipe "kosmos-nginx"
+
+app_name = "rskj"
+domain   = node[app_name]["nginx"]["domain"]
+
+template "#{node['nginx']['dir']}/sites-available/#{domain}" do
+  source "nginx_conf_#{app_name}.erb"
+  owner 'www-data'
+  mode 0640
+  variables app_name: app_name,
+            domain: domain,
+            port: "4444",
+            ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
+
+nginx_certbot_site domain

site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb

@@ -0,0 +1,26 @@
+# Generated by Chef
+<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+server {
+  listen 443 ssl http2;
+  add_header Strict-Transport-Security "max-age=15768000";
+
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  server_name <%= @domain %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn;
+
+  root <%= @root_dir %>;
+
+  location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_redirect off;
+    proxy_pass localhost:<%= @port %>;
+   }
+}
+<% end -%>