Add nginx site for hal8000_xmpp

2019-05-09 23:43:21 +02:00 · 2019-05-09 23:43:21 +02:00 · f3f0d0deb2
commit f3f0d0deb2
parent e8f325b41b
1 changed files with 27 additions and 9 deletions
--- a/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
@ -38,6 +38,15 @@ include_recipe "kosmos-hubot::_user"
 # Needed for hubot-kredits
 include_recipe "kosmos-ipfs"

+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+  firewall_rule 'ipfs_swarm_p2p' do
+    port     4001
+    protocol :tcp
+    command  :allow
+  end
+end
+
 application app_path do
  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)

@ -119,18 +128,27 @@ application app_path do
  end
 end

+#
+# Nginx reverse proxy
+#
 unless node.chef_environment == "development"
-  include_recipe 'firewall'
+  include_recipe "kosmos-base::letsencrypt"
+  include_recipe "kosmos-nginx"

-  firewall_rule "hubot_express_#{app_name}" do
-    port     node[app_name]['http_port']
-    protocol :tcp
-    command  :allow
+  template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
+    source 'nginx_conf_hubot.erb'
+    owner node["nginx"]["user"]
+    mode 0640
+    variables express_port: node[app_name]['http_port'],
+              server_name:  node[app_name]['domain'],
+              ssl_cert:     "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
+              ssl_key:      "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
+    notifies :reload, 'service[nginx]', :delayed
  end

-  firewall_rule 'ipfs_swarm_p2p' do
-    port     4001
-    protocol :tcp
-    command  :allow
+  nginx_site node[app_name]['domain'] do
+    action :enable
  end
+
+  nginx_certbot_site node[app_name]['domain']
 end