diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json index f95e990..65bf076 100644 --- a/nodes/draco.kosmos.org.json +++ b/nodes/draco.kosmos.org.json @@ -57,6 +57,7 @@ "kosmos_strfry::nginx", "kosmos_website", "kosmos_website::default", + "kosmos_website::redirects", "kosmos-akkounts::nginx", "kosmos-akkounts::nginx_api", "kosmos-bitcoin::nginx_lndhub", diff --git a/nodes/fornax.kosmos.org.json b/nodes/fornax.kosmos.org.json index d5903f9..b879194 100644 --- a/nodes/fornax.kosmos.org.json +++ b/nodes/fornax.kosmos.org.json @@ -51,6 +51,7 @@ "kosmos_strfry::nginx", "kosmos_website", "kosmos_website::default", + "kosmos_website::redirects", "kosmos-akkounts::nginx", "kosmos-akkounts::nginx_api", "kosmos-bitcoin::nginx_lndhub", diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb index c238c1b..1721a4e 100644 --- a/roles/openresty_proxy.rb +++ b/roles/openresty_proxy.rb @@ -30,6 +30,7 @@ production_run_list = %w( kosmos_rsk::nginx_mainnet kosmos_strfry::nginx kosmos_website::default + kosmos_website::redirects kosmos-akkounts::nginx kosmos-akkounts::nginx_api kosmos-bitcoin::nginx_lndhub diff --git a/site-cookbooks/kosmos_website/attributes/default.rb b/site-cookbooks/kosmos_website/attributes/default.rb index a567811..213f9f2 100644 --- a/site-cookbooks/kosmos_website/attributes/default.rb +++ b/site-cookbooks/kosmos_website/attributes/default.rb @@ -1,3 +1,4 @@ -node.default["kosmos_website"]["domain"] = "kosmos.org" -node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git" -node.default["kosmos_website"]["revision"] = "chore/content" +node.default["kosmos_website"]["domain"] = "kosmos.org" +node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git" +node.default["kosmos_website"]["revision"] = "chore/content" +node.default["kosmos_website"]["accounts_url"] = "https://accounts.kosmos.org" diff --git a/site-cookbooks/kosmos_website/recipes/default.rb b/site-cookbooks/kosmos_website/recipes/default.rb index b8374c6..0e3be0c 100644 --- a/site-cookbooks/kosmos_website/recipes/default.rb +++ b/site-cookbooks/kosmos_website/recipes/default.rb @@ -23,6 +23,7 @@ end openresty_site domain do template "nginx_conf_website.erb" variables domain: domain, + accounts_url: node.default["kosmos_website"]["accounts_url"], ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" end diff --git a/site-cookbooks/kosmos_website/recipes/redirects.rb b/site-cookbooks/kosmos_website/recipes/redirects.rb new file mode 100644 index 0000000..451c2f6 --- /dev/null +++ b/site-cookbooks/kosmos_website/recipes/redirects.rb @@ -0,0 +1,35 @@ +# +# Cookbook:: kosmos_website +# Recipe:: redirects +# + +redirects = [ + { + domain: "kosmos.chat", + target: "https://kosmos.org", + http_status: 307 + }, + { + domain: "kosmos.cash", + acme_domain: "letsencrypt.kosmos.org", + target: "https://kosmos.org", + http_status: 307 + } +] + +redirects.each do |redirect| + tls_cert_for redirect[:domain] do + auth "gandi_dns" + acme_domain redirect[:acme_domain] unless redirect[:acme_domain].nil? + action :create + end + + openresty_site redirect[:domain] do + template "nginx_conf_redirect.erb" + variables domain: redirect[:domain], + target: redirect[:target], + http_status: redirect[:http_status], + ssl_cert: "/etc/letsencrypt/live/#{redirect[:domain]}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{redirect[:domain]}/privkey.pem" + end +end diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb new file mode 100644 index 0000000..d657d62 --- /dev/null +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb @@ -0,0 +1,20 @@ +# Generated by Chef + +server { + server_name <%= @domain %>; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; + listen [::]:443 ssl http2; + + access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log; + error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn; + + gzip_static on; + gzip_comp_level 5; + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; + + location / { + return <%= @http_status || 301 %> <%= @target %>; + } +} diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb new file mode 100644 index 0000000..3a173e1 --- /dev/null +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb @@ -0,0 +1,18 @@ +# Generated by Chef + +server { + server_name <%= @domain %>; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; + listen [::]:443 ssl http2; + + root /var/www/<%= @domain %>/public; + + access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log; + error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn; + + gzip_static on; + gzip_comp_level 5; + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; +} diff --git a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb index 5ae24c1..47d8a24 100644 --- a/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb +++ b/site-cookbooks/kosmos_website/templates/nginx_conf_website.erb @@ -1,9 +1,18 @@ # Generated by Chef +server { + server_name _; + listen 80 default_server; + + location / { + return 301 https://<%= @domain %>; + } +} + server { server_name <%= @domain %>; - listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; - listen [::]:443 ssl http2; + listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; root /var/www/<%= @domain %>/public; @@ -18,8 +27,10 @@ server { ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; +<% if @accounts_url %> location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) { proxy_ssl_server_name on; proxy_pass https://accounts.kosmos.org; } +<% end %> }