Add nginx proxy hosts for Garage Web access
The respective bucket needs to be configured with a domain alias. When a new alias is added to the `s3_web_domains` config, a new nginx site can then be deployed to the `nginx_proxy` hosts.
This commit is contained in:
parent
5d05d5c187
commit
8c3bd2e939
|
@ -4,7 +4,10 @@
|
||||||
"garage": {
|
"garage": {
|
||||||
"replication_mode": "2",
|
"replication_mode": "2",
|
||||||
"s3_api_root_domain": ".s3.garage.kosmos.org",
|
"s3_api_root_domain": ".s3.garage.kosmos.org",
|
||||||
"s3_web_root_domain": ".web.garage.kosmos.org"
|
"s3_web_root_domain": ".web.garage.kosmos.org",
|
||||||
|
"s3_web_domains": [
|
||||||
|
"s3.kosmos.social"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"gitea": {
|
"gitea": {
|
||||||
"postgresql_host": "pg.kosmos.local:5432",
|
"postgresql_host": "pg.kosmos.local:5432",
|
||||||
|
@ -23,4 +26,4 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
node.default['garage']['version'] = '0.8.0'
|
node.default['garage']['version'] = '0.8.0'
|
||||||
node.default['garage']['checksum']['amd64'] = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74'
|
node.default['garage']['checksum']['amd64'] = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74'
|
||||||
|
node.default['garage']['replication_mode'] = 'none'
|
||||||
node.default['garage']['s3_api_port'] = 3900
|
node.default['garage']['s3_api_port'] = 3900
|
||||||
node.default['garage']['rpc_port'] = 3901
|
node.default['garage']['rpc_port'] = 3901
|
||||||
node.default['garage']['s3_web_port'] = 3902
|
node.default['garage']['s3_web_port'] = 3902
|
||||||
|
@ -7,4 +8,4 @@ node.default['garage']['admin_port'] = 3903
|
||||||
node.default['garage']['k2v_api_port'] = 3904
|
node.default['garage']['k2v_api_port'] = 3904
|
||||||
node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost'
|
node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost'
|
||||||
node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost'
|
node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost'
|
||||||
node.default['garage']['replication_mode'] = 'none'
|
node.default['garage']['s3_web_domains'] = []
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
#
|
||||||
|
# Cookbook Name:: kosmos_garage
|
||||||
|
# Recipe:: nginx_web
|
||||||
|
#
|
||||||
|
|
||||||
|
include_recipe "kosmos-nginx"
|
||||||
|
|
||||||
|
domains = node['garage']['s3_web_domains']
|
||||||
|
|
||||||
|
domains.each do |server_name|
|
||||||
|
nginx_certbot_site server_name
|
||||||
|
|
||||||
|
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
||||||
|
source 'nginx_conf_web.erb'
|
||||||
|
owner 'www-data'
|
||||||
|
mode 0640
|
||||||
|
variables server_name: server_name,
|
||||||
|
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
||||||
|
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
||||||
|
notifies :reload, 'service[nginx]', :delayed
|
||||||
|
end
|
||||||
|
|
||||||
|
nginx_site server_name do
|
||||||
|
action :enable
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,33 @@
|
||||||
|
upstream garage_web {
|
||||||
|
server localhost:3902;
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
|
||||||
|
max_size=1g inactive=60m use_temp_path=off;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 http2 ssl;
|
||||||
|
listen [::]:443 http2 ssl;
|
||||||
|
|
||||||
|
server_name <%= @server_name %>;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
|
||||||
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
|
ssl_certificate_key <%= @ssl_key %>;
|
||||||
|
|
||||||
|
error_page 401 403 404 500 /__empty-page.html;
|
||||||
|
|
||||||
|
location = /__empty-page.html {
|
||||||
|
internal;
|
||||||
|
return 200 "";
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_intercept_errors on;
|
||||||
|
proxy_cache garage_cache;
|
||||||
|
proxy_pass http://garage_web;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue