Compare commits
11 Commits
2dff7cf850
...
chore/ejab
| Author | SHA1 | Date | |
|---|---|---|---|
9f79077bcf
|
|||
| d048bbb297 | |||
|
61bd121709
|
|||
| ec9b912e45 | |||
|
d53ba42a1d
|
|||
|
a99f7f7574
|
|||
|
1c8ee14bb3
|
|||
| cdedf49be3 | |||
|
5e727ec279
|
|||
|
9d928298d2
|
|||
|
1174661b46
|
@@ -57,6 +57,7 @@
|
|||||||
"kosmos_strfry::nginx",
|
"kosmos_strfry::nginx",
|
||||||
"kosmos_website",
|
"kosmos_website",
|
||||||
"kosmos_website::default",
|
"kosmos_website::default",
|
||||||
|
"kosmos_website::redirects",
|
||||||
"kosmos-akkounts::nginx",
|
"kosmos-akkounts::nginx",
|
||||||
"kosmos-akkounts::nginx_api",
|
"kosmos-akkounts::nginx_api",
|
||||||
"kosmos-bitcoin::nginx_lndhub",
|
"kosmos-bitcoin::nginx_lndhub",
|
||||||
|
|||||||
@@ -51,6 +51,7 @@
|
|||||||
"kosmos_strfry::nginx",
|
"kosmos_strfry::nginx",
|
||||||
"kosmos_website",
|
"kosmos_website",
|
||||||
"kosmos_website::default",
|
"kosmos_website::default",
|
||||||
|
"kosmos_website::redirects",
|
||||||
"kosmos-akkounts::nginx",
|
"kosmos-akkounts::nginx",
|
||||||
"kosmos-akkounts::nginx_api",
|
"kosmos-akkounts::nginx_api",
|
||||||
"kosmos-bitcoin::nginx_lndhub",
|
"kosmos-bitcoin::nginx_lndhub",
|
||||||
|
|||||||
@@ -30,6 +30,7 @@ production_run_list = %w(
|
|||||||
kosmos_rsk::nginx_mainnet
|
kosmos_rsk::nginx_mainnet
|
||||||
kosmos_strfry::nginx
|
kosmos_strfry::nginx
|
||||||
kosmos_website::default
|
kosmos_website::default
|
||||||
|
kosmos_website::redirects
|
||||||
kosmos-akkounts::nginx
|
kosmos-akkounts::nginx
|
||||||
kosmos-akkounts::nginx_api
|
kosmos-akkounts::nginx_api
|
||||||
kosmos-bitcoin::nginx_lndhub
|
kosmos-bitcoin::nginx_lndhub
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@@ -216,7 +216,7 @@ modules:
|
|||||||
access_createnode: pubsub_createnode
|
access_createnode: pubsub_createnode
|
||||||
ignore_pep_from_offline: false
|
ignore_pep_from_offline: false
|
||||||
last_item_cache: false
|
last_item_cache: false
|
||||||
max_items_node: 10
|
max_items_node: 1000
|
||||||
plugins:
|
plugins:
|
||||||
- "flat"
|
- "flat"
|
||||||
- "pep" # pep requires mod_caps
|
- "pep" # pep requires mod_caps
|
||||||
@@ -258,8 +258,6 @@ modules:
|
|||||||
type: turns
|
type: turns
|
||||||
transport: tcp
|
transport: tcp
|
||||||
restricted: true
|
restricted: true
|
||||||
mod_vcard:
|
|
||||||
search: false
|
|
||||||
mod_vcard_xupdate: {}
|
mod_vcard_xupdate: {}
|
||||||
mod_avatar: {}
|
mod_avatar: {}
|
||||||
mod_version: {}
|
mod_version: {}
|
||||||
|
|||||||
@@ -28,7 +28,9 @@ template "#{node['openresty']['dir']}/snippets/mastodon.conf" do
|
|||||||
owner 'www-data'
|
owner 'www-data'
|
||||||
mode 0640
|
mode 0640
|
||||||
variables web_root_dir: web_root_dir,
|
variables web_root_dir: web_root_dir,
|
||||||
server_name: server_name
|
server_name: server_name,
|
||||||
|
s3_private_url: "#{node["kosmos-mastodon"]["s3_endpoint"]}/#{node["kosmos-mastodon"]["s3_bucket"]}/",
|
||||||
|
s3_public_url: "https://#{node["kosmos-mastodon"]["s3_alias_host"]}/"
|
||||||
notifies :reload, 'service[openresty]', :delayed
|
notifies :reload, 'service[openresty]', :delayed
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
@@ -108,11 +108,13 @@ location @proxy {
|
|||||||
|
|
||||||
proxy_pass http://mastodon_app;
|
proxy_pass http://mastodon_app;
|
||||||
proxy_buffering on;
|
proxy_buffering on;
|
||||||
proxy_redirect off;
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection $connection_upgrade;
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
|
||||||
|
# https://github.com/mastodon/mastodon/issues/24380
|
||||||
|
proxy_redirect <%= @s3_private_url %> <%= @s3_public_url %>;
|
||||||
|
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
node.default["gitea"]["version"] = "1.22.0"
|
node.default["gitea"]["version"] = "1.22.1"
|
||||||
node.default["gitea"]["checksum"] = "a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d"
|
node.default["gitea"]["checksum"] = "b8043324545eec269fc8f18c22b49fc365ed367e0dd41e081b79832de2570f9c"
|
||||||
node.default["gitea"]["working_directory"] = "/var/lib/gitea"
|
node.default["gitea"]["working_directory"] = "/var/lib/gitea"
|
||||||
node.default["gitea"]["port"] = 3000
|
node.default["gitea"]["port"] = 3000
|
||||||
node.default["gitea"]["postgresql_host"] = "localhost:5432"
|
node.default["gitea"]["postgresql_host"] = "localhost:5432"
|
||||||
|
|||||||
@@ -21,8 +21,13 @@ server {
|
|||||||
location ~ ^/(avatars|repo-avatars)/.*$ {
|
location ~ ^/(avatars|repo-avatars)/.*$ {
|
||||||
proxy_buffers 1024 8k;
|
proxy_buffers 1024 8k;
|
||||||
proxy_pass http://_gitea_web;
|
proxy_pass http://_gitea_web;
|
||||||
proxy_http_version 1.1;
|
|
||||||
expires 30d;
|
expires 30d;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Docker registry
|
# Docker registry
|
||||||
@@ -30,12 +35,22 @@ server {
|
|||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_buffers 1024 8k;
|
proxy_buffers 1024 8k;
|
||||||
proxy_pass http://_gitea_web;
|
proxy_pass http://_gitea_web;
|
||||||
proxy_http_version 1.1;
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_buffers 1024 8k;
|
proxy_buffers 1024 8k;
|
||||||
proxy_pass http://_gitea_web;
|
proxy_pass http://_gitea_web;
|
||||||
proxy_http_version 1.1;
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||||
node.default["kosmos_website"]["revision"] = "chore/content"
|
node.default["kosmos_website"]["revision"] = "chore/content"
|
||||||
|
node.default["kosmos_website"]["accounts_url"] = "https://accounts.kosmos.org"
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ end
|
|||||||
openresty_site domain do
|
openresty_site domain do
|
||||||
template "nginx_conf_website.erb"
|
template "nginx_conf_website.erb"
|
||||||
variables domain: domain,
|
variables domain: domain,
|
||||||
|
accounts_url: node.default["kosmos_website"]["accounts_url"],
|
||||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||||
end
|
end
|
||||||
|
|||||||
35
site-cookbooks/kosmos_website/recipes/redirects.rb
Normal file
35
site-cookbooks/kosmos_website/recipes/redirects.rb
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
#
|
||||||
|
# Cookbook:: kosmos_website
|
||||||
|
# Recipe:: redirects
|
||||||
|
#
|
||||||
|
|
||||||
|
redirects = [
|
||||||
|
{
|
||||||
|
domain: "kosmos.chat",
|
||||||
|
target: "https://kosmos.org",
|
||||||
|
http_status: 307
|
||||||
|
},
|
||||||
|
{
|
||||||
|
domain: "kosmos.cash",
|
||||||
|
acme_domain: "letsencrypt.kosmos.org",
|
||||||
|
target: "https://kosmos.org",
|
||||||
|
http_status: 307
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
redirects.each do |redirect|
|
||||||
|
tls_cert_for redirect[:domain] do
|
||||||
|
auth "gandi_dns"
|
||||||
|
acme_domain redirect[:acme_domain] unless redirect[:acme_domain].nil?
|
||||||
|
action :create
|
||||||
|
end
|
||||||
|
|
||||||
|
openresty_site redirect[:domain] do
|
||||||
|
template "nginx_conf_redirect.erb"
|
||||||
|
variables domain: redirect[:domain],
|
||||||
|
target: redirect[:target],
|
||||||
|
http_status: redirect[:http_status],
|
||||||
|
ssl_cert: "/etc/letsencrypt/live/#{redirect[:domain]}/fullchain.pem",
|
||||||
|
ssl_key: "/etc/letsencrypt/live/#{redirect[:domain]}/privkey.pem"
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
# Generated by Chef
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name <%= @domain %>;
|
||||||
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
|
||||||
|
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||||
|
|
||||||
|
gzip_static on;
|
||||||
|
gzip_comp_level 5;
|
||||||
|
|
||||||
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
|
ssl_certificate_key <%= @ssl_key %>;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return <%= @http_status || 301 %> <%= @target %>;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
# Generated by Chef
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name <%= @domain %>;
|
||||||
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
root /var/www/<%= @domain %>/public;
|
||||||
|
|
||||||
|
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
|
||||||
|
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||||
|
|
||||||
|
gzip_static on;
|
||||||
|
gzip_comp_level 5;
|
||||||
|
|
||||||
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
|
ssl_certificate_key <%= @ssl_key %>;
|
||||||
|
}
|
||||||
@@ -1,9 +1,18 @@
|
|||||||
# Generated by Chef
|
# Generated by Chef
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name _;
|
||||||
|
listen 80 default_server;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://<%= @domain %>;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name <%= @domain %>;
|
server_name <%= @domain %>;
|
||||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2 default_server;
|
||||||
|
|
||||||
root /var/www/<%= @domain %>/public;
|
root /var/www/<%= @domain %>/public;
|
||||||
|
|
||||||
@@ -18,8 +27,10 @@ server {
|
|||||||
ssl_certificate <%= @ssl_cert %>;
|
ssl_certificate <%= @ssl_cert %>;
|
||||||
ssl_certificate_key <%= @ssl_key %>;
|
ssl_certificate_key <%= @ssl_key %>;
|
||||||
|
|
||||||
|
<% if @accounts_url %>
|
||||||
location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) {
|
location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) {
|
||||||
proxy_ssl_server_name on;
|
proxy_ssl_server_name on;
|
||||||
proxy_pass https://accounts.kosmos.org;
|
proxy_pass https://accounts.kosmos.org;
|
||||||
}
|
}
|
||||||
|
<% end %>
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -18,6 +18,7 @@ end
|
|||||||
|
|
||||||
tls_cert_for domain do
|
tls_cert_for domain do
|
||||||
auth "gandi_dns"
|
auth "gandi_dns"
|
||||||
|
acme_domain "letsencrypt.kosmos.org"
|
||||||
action :create
|
action :create
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user