Deploy kosmos assets with Openresty

This commit is contained in:
Greg Karékinian 2023-07-12 20:36:12 +02:00
parent c1e2145ba1
commit d79dcd8e65
4 changed files with 20 additions and 22 deletions

View File

@ -27,7 +27,7 @@ knife[:automatic_attribute_whitelist] = %w[
]
knife[:default_attribute_whitelist] = []
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:override_attribute_whitelist] = []
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']

View File

@ -7,4 +7,5 @@ long_description 'Configures static asset Web hosting'
version '1.0.0'
chef_version '>= 15.10' if respond_to?(:chef_version)
depends "kosmos-nginx"
depends "kosmos-base"
depends "kosmos_openresty"

View File

@ -1,38 +1,35 @@
#
# Cookbook:: kosmos_assets
# Recipe:: nginx_site
# Recipe:: openresty_site
#
include_recipe "kosmos-nginx"
include_recipe "kosmos_openresty"
domain = node["kosmos_assets"]["domain"]
nginx_certbot_site domain
tls_cert_for domain do
auth "gandi_dns"
action :create
end
directory "/var/www/#{domain}/site" do
user node["nginx"]["user"]
group node["nginx"]["group"]
user node["openresty"]["user"]
group node["openresty"]["group"]
mode "0755"
recursive true
end
git "/var/www/#{domain}/site" do
user node["nginx"]["user"]
group node["nginx"]["group"]
user node["openresty"]["user"]
group node["openresty"]["group"]
repository node["kosmos_assets"]["repo"]
revision node["kosmos_assets"]["revision"]
action :sync
end
template "#{node["nginx"]["dir"]}/sites-available/#{domain}" do
source "nginx_conf_assets.erb"
owner node["nginx"]["user"]
mode 0640
openresty_site domain do
template "nginx_conf_assets.erb"
variables domain: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, "service[nginx]", :delayed
end
nginx_site domain do
action :enable
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
end

View File

@ -2,7 +2,7 @@
# Generated by Chef
server {
listen 443 ssl http2;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2;
server_name <%= @domain %>;