Add nginx proxy hosts for Garage Web access
The respective bucket needs to be configured with a domain alias. When a new alias is added to the `s3_web_domains` config, a new nginx site can then be deployed to the `nginx_proxy` hosts.
This commit is contained in:
Râu Cao
parent
5d05d5c187
commit
8c3bd2e939
GPG Key ID:
15E65F399D084BA9
|
|
@ -4,7 +4,10 @@
|
|||
"garage": {
|
||||
"replication_mode": "2",
|
||||
"s3_api_root_domain": ".s3.garage.kosmos.org",
|
||||
"s3_web_root_domain": ".web.garage.kosmos.org"
|
||||
"s3_web_root_domain": ".web.garage.kosmos.org",
|
||||
"s3_web_domains": [
|
||||
"s3.kosmos.social"
|
||||
]
|
||||
},
|
||||
"gitea": {
|
||||
"postgresql_host": "pg.kosmos.local:5432",
|
||||
|
|
@ -23,4 +26,4 @@
|
|||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
node.default['garage']['version'] = '0.8.0'
|
||||
node.default['garage']['checksum']['amd64'] = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74'
|
||||
node.default['garage']['replication_mode'] = 'none'
|
||||
node.default['garage']['s3_api_port'] = 3900
|
||||
node.default['garage']['rpc_port'] = 3901
|
||||
node.default['garage']['s3_web_port'] = 3902
|
||||
|
|
@ -7,4 +8,4 @@ node.default['garage']['admin_port'] = 3903
|
|||
node.default['garage']['k2v_api_port'] = 3904
|
||||
node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost'
|
||||
node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost'
|
||||
node.default['garage']['replication_mode'] = 'none'
|
||||
node.default['garage']['s3_web_domains'] = []
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
#
|
||||
# Cookbook Name:: kosmos_garage
|
||||
# Recipe:: nginx_web
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domains = node['garage']['s3_web_domains']
|
||||
|
||||
domains.each do |server_name|
|
||||
nginx_certbot_site server_name
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
||||
source 'nginx_conf_web.erb'
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: server_name,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site server_name do
|
||||
action :enable
|
||||
end
|
||||
end
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
upstream garage_web {
|
||||
server localhost:3902;
|
||||
}
|
||||
|
||||
proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
|
||||
max_size=1g inactive=60m use_temp_path=off;
|
||||
|
||||
server {
|
||||
listen 443 http2 ssl;
|
||||
listen [::]:443 http2 ssl;
|
||||
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log off;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
error_page 401 403 404 500 /__empty-page.html;
|
||||
|
||||
location = /__empty-page.html {
|
||||
internal;
|
||||
return 200 "";
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_intercept_errors on;
|
||||
proxy_cache garage_cache;
|
||||
proxy_pass http://garage_web;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue