@@ -1,4 +1,6 @@
|
||||
node.default['akkounts']['repo'] = 'https://gitea.kosmos.org/kosmos/akkounts.git'
|
||||
node.default['akkounts']['revision'] = 'master'
|
||||
node.default['akkounts']['revision'] = 'feature/community_funds_balance'
|
||||
node.default['akkounts']['port'] = 3000
|
||||
node.default['akkounts']['domain'] = 'accounts.kosmos.org'
|
||||
|
||||
node.default['akkounts_api']['domain'] = 'api.kosmos.org'
|
||||
|
||||
@@ -175,4 +175,12 @@ rescue IPAddr::InvalidAddressError
|
||||
next
|
||||
end
|
||||
|
||||
# TODO move to nginx proxy
|
||||
include_recipe 'kosmos-akkounts::nginx'
|
||||
|
||||
firewall_rule "Akkounts private access" do
|
||||
command :allow
|
||||
port node["akkounts"]["port"]
|
||||
protocol :tcp
|
||||
source "10.1.1.0/24"
|
||||
end
|
||||
|
||||
@@ -2,32 +2,13 @@
|
||||
# Cookbook Name:: kosmos-akkounts
|
||||
# Recipe:: nginx
|
||||
#
|
||||
# The MIT License (MIT)
|
||||
#
|
||||
# Copyright:: 2020, Kosmos Developers
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in
|
||||
# all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
# THE SOFTWARE.
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
app_name = "akkounts"
|
||||
domain = node[app_name]["domain"]
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf_#{app_name}.erb"
|
||||
owner 'www-data'
|
||||
@@ -43,5 +24,3 @@ end
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
30
site-cookbooks/kosmos-akkounts/recipes/nginx_api.rb
Normal file
30
site-cookbooks/kosmos-akkounts/recipes/nginx_api.rb
Normal file
@@ -0,0 +1,30 @@
|
||||
#
|
||||
# Cookbook Name:: kosmos-akkounts
|
||||
# Recipe:: nginx_api
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
domain = node["akkounts_api"]["domain"]
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
upstream_hosts = []
|
||||
search(:node, "role:akkounts").each do |node|
|
||||
upstream_hosts << node["knife_zero"]["host"]
|
||||
end
|
||||
|
||||
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
|
||||
source "nginx_conf_akkounts_api.erb"
|
||||
owner "www-data"
|
||||
mode 0640
|
||||
variables domain: domain,
|
||||
upstream_port: node["akkounts"]["port"],
|
||||
upstream_hosts: upstream_hosts,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
notifies :reload, "service[nginx]", :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
@@ -0,0 +1,33 @@
|
||||
# Generated by Chef
|
||||
upstream _akkounts {
|
||||
<% @upstream_hosts.each do |host| %>
|
||||
server <%= host %>:<%= @upstream_port %>;
|
||||
<% end %>
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name <%= @domain %>;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
add_header 'Strict-Transport-Security' 'max-age=31536000';
|
||||
|
||||
location /kredits/ {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_ssl_server_name on;
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_pass http://_akkounts/api/kredits/;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user