From f3f0d0deb2b3e63ce008180eb96ce175a20344c2 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 9 May 2019 23:43:21 +0200 Subject: [PATCH] Add nginx site for hal8000_xmpp --- .../kosmos-hubot/recipes/hal8000_xmpp.rb | 36 ++++++++++++++----- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb index fd2fc75..cd92579 100644 --- a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb +++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb @@ -38,6 +38,15 @@ include_recipe "kosmos-hubot::_user" # Needed for hubot-kredits include_recipe "kosmos-ipfs" +unless node.chef_environment == "development" + include_recipe 'firewall' + firewall_rule 'ipfs_swarm_p2p' do + port 4001 + protocol :tcp + command :allow + end +end + application app_path do data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name) @@ -119,18 +128,27 @@ application app_path do end end +# +# Nginx reverse proxy +# unless node.chef_environment == "development" - include_recipe 'firewall' + include_recipe "kosmos-base::letsencrypt" + include_recipe "kosmos-nginx" - firewall_rule "hubot_express_#{app_name}" do - port node[app_name]['http_port'] - protocol :tcp - command :allow + template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do + source 'nginx_conf_hubot.erb' + owner node["nginx"]["user"] + mode 0640 + variables express_port: node[app_name]['http_port'], + server_name: node[app_name]['domain'], + ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem" + notifies :reload, 'service[nginx]', :delayed end - firewall_rule 'ipfs_swarm_p2p' do - port 4001 - protocol :tcp - command :allow + nginx_site node[app_name]['domain'] do + action :enable end + + nginx_certbot_site node[app_name]['domain'] end