kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Merge pull request 'Improve ejabberd HTTP API configs and access' (#483) from bugfix/ejabberd_api_access into master

Browse Source 
Reviewed-on: #483
This commit is contained in:
Greg 2023-04-03 16:03:03 +00:00
commit a44fa31951
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
site-cookbooks/kosmos-akkounts/recipes/default.rb
View File

@ -84,7 +84,7 @@ end
ejabberd_private_ip_addresses.each do |ip_address| ejabberd_private_ip_addresses.each do |ip_address|
IPAddr.new ip_address IPAddr.new ip_address
hostsfile_entry ip_address do hostsfile_entry ip_address do
hostname 'xmpp.kosmos.org' hostname 'xmpp.kosmos.local'
action :create action :create
end end
rescue IPAddr::InvalidAddressError rescue IPAddr::InvalidAddressError
@ -93,7 +93,7 @@ rescue IPAddr::InvalidAddressError
end end
if ejabberd_private_ip_addresses.size > 0 if ejabberd_private_ip_addresses.size > 0
env[:ejabberd_api_url] = 'https://xmpp.kosmos.org:5443/api' env[:ejabberd_api_url] = "http://xmpp.kosmos.local/api"
end end
systemd_unit "akkounts.service" do systemd_unit "akkounts.service" do

8
site-cookbooks/kosmos-ejabberd/recipes/default.rb
View File

@ -186,6 +186,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"], stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
turn_min_port: node["kosmos-ejabberd"]["turn_min_port"], turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
turn_max_port: node["kosmos-ejabberd"]["turn_max_port"], turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
private_ip_address: node["knife_zero"]["host"],
akkounts_ip_addresses: akkounts_ip_addresses akkounts_ip_addresses: akkounts_ip_addresses
notifies :reload, "service[ejabberd]", :delayed notifies :reload, "service[ejabberd]", :delayed
end end
@ -198,6 +199,13 @@ unless node.chef_environment == "development"
include_recipe "kosmos-ejabberd::firewall" include_recipe "kosmos-ejabberd::firewall"
end end
firewall_rule 'ejabberd_http' do
port [80]
source "10.1.1.0/24"
protocol :tcp
command :allow
end
# #
# Tor hidden service # Tor hidden service
# #

9
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@ -61,6 +61,14 @@ listen:
use_proxy_protocol: true use_proxy_protocol: true
max_stanza_size: 131072 max_stanza_size: 131072
shaper: s2s_shaper shaper: s2s_shaper
-
port: 80
ip: "<%= @private_ip_address %>"
module: ejabberd_http
request_handlers:
"/api": mod_http_api
tls: false
captcha: false
- -
port: 5443 port: 5443
ip: "::" ip: "::"
@ -69,7 +77,6 @@ listen:
request_handlers: request_handlers:
"/ws": ejabberd_http_ws "/ws": ejabberd_http_ws
"/bosh": mod_bosh "/bosh": mod_bosh
"/api": mod_http_api
"/upload": mod_http_upload "/upload": mod_http_upload
"/admin": ejabberd_web_admin "/admin": ejabberd_web_admin
custom_headers: custom_headers: