Compare commits
11 Commits
2dff7cf850
...
chore/ejab
| Author | SHA1 | Date | |
|---|---|---|---|
9f79077bcf
|
|||
| d048bbb297 | |||
|
61bd121709
|
|||
| ec9b912e45 | |||
|
d53ba42a1d
|
|||
|
a99f7f7574
|
|||
|
1c8ee14bb3
|
|||
| cdedf49be3 | |||
|
5e727ec279
|
|||
|
9d928298d2
|
|||
|
1174661b46
|
@@ -57,6 +57,7 @@
|
||||
"kosmos_strfry::nginx",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos_website::redirects",
|
||||
"kosmos-akkounts::nginx",
|
||||
"kosmos-akkounts::nginx_api",
|
||||
"kosmos-bitcoin::nginx_lndhub",
|
||||
|
||||
@@ -51,6 +51,7 @@
|
||||
"kosmos_strfry::nginx",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos_website::redirects",
|
||||
"kosmos-akkounts::nginx",
|
||||
"kosmos-akkounts::nginx_api",
|
||||
"kosmos-bitcoin::nginx_lndhub",
|
||||
|
||||
@@ -30,6 +30,7 @@ production_run_list = %w(
|
||||
kosmos_rsk::nginx_mainnet
|
||||
kosmos_strfry::nginx
|
||||
kosmos_website::default
|
||||
kosmos_website::redirects
|
||||
kosmos-akkounts::nginx
|
||||
kosmos-akkounts::nginx_api
|
||||
kosmos-bitcoin::nginx_lndhub
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -216,7 +216,7 @@ modules:
|
||||
access_createnode: pubsub_createnode
|
||||
ignore_pep_from_offline: false
|
||||
last_item_cache: false
|
||||
max_items_node: 10
|
||||
max_items_node: 1000
|
||||
plugins:
|
||||
- "flat"
|
||||
- "pep" # pep requires mod_caps
|
||||
@@ -258,8 +258,6 @@ modules:
|
||||
type: turns
|
||||
transport: tcp
|
||||
restricted: true
|
||||
mod_vcard:
|
||||
search: false
|
||||
mod_vcard_xupdate: {}
|
||||
mod_avatar: {}
|
||||
mod_version: {}
|
||||
|
||||
@@ -28,7 +28,9 @@ template "#{node['openresty']['dir']}/snippets/mastodon.conf" do
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables web_root_dir: web_root_dir,
|
||||
server_name: server_name
|
||||
server_name: server_name,
|
||||
s3_private_url: "#{node["kosmos-mastodon"]["s3_endpoint"]}/#{node["kosmos-mastodon"]["s3_bucket"]}/",
|
||||
s3_public_url: "https://#{node["kosmos-mastodon"]["s3_alias_host"]}/"
|
||||
notifies :reload, 'service[openresty]', :delayed
|
||||
end
|
||||
|
||||
|
||||
@@ -108,11 +108,13 @@ location @proxy {
|
||||
|
||||
proxy_pass http://mastodon_app;
|
||||
proxy_buffering on;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
# https://github.com/mastodon/mastodon/issues/24380
|
||||
proxy_redirect <%= @s3_private_url %> <%= @s3_public_url %>;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
node.default["gitea"]["version"] = "1.22.0"
|
||||
node.default["gitea"]["checksum"] = "a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d"
|
||||
node.default["gitea"]["version"] = "1.22.1"
|
||||
node.default["gitea"]["checksum"] = "b8043324545eec269fc8f18c22b49fc365ed367e0dd41e081b79832de2570f9c"
|
||||
node.default["gitea"]["working_directory"] = "/var/lib/gitea"
|
||||
node.default["gitea"]["port"] = 3000
|
||||
node.default["gitea"]["postgresql_host"] = "localhost:5432"
|
||||
|
||||
@@ -21,8 +21,13 @@ server {
|
||||
location ~ ^/(avatars|repo-avatars)/.*$ {
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_http_version 1.1;
|
||||
expires 30d;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
# Docker registry
|
||||
@@ -30,12 +35,22 @@ server {
|
||||
client_max_body_size 0;
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_buffers 1024 8k;
|
||||
proxy_pass http://_gitea_web;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||
node.default["kosmos_website"]["revision"] = "chore/content"
|
||||
node.default["kosmos_website"]["domain"] = "kosmos.org"
|
||||
node.default["kosmos_website"]["repo"] = "https://gitea.kosmos.org/kosmos/website.git"
|
||||
node.default["kosmos_website"]["revision"] = "chore/content"
|
||||
node.default["kosmos_website"]["accounts_url"] = "https://accounts.kosmos.org"
|
||||
|
||||
@@ -23,6 +23,7 @@ end
|
||||
openresty_site domain do
|
||||
template "nginx_conf_website.erb"
|
||||
variables domain: domain,
|
||||
accounts_url: node.default["kosmos_website"]["accounts_url"],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
|
||||
end
|
||||
|
||||
35
site-cookbooks/kosmos_website/recipes/redirects.rb
Normal file
35
site-cookbooks/kosmos_website/recipes/redirects.rb
Normal file
@@ -0,0 +1,35 @@
|
||||
#
|
||||
# Cookbook:: kosmos_website
|
||||
# Recipe:: redirects
|
||||
#
|
||||
|
||||
redirects = [
|
||||
{
|
||||
domain: "kosmos.chat",
|
||||
target: "https://kosmos.org",
|
||||
http_status: 307
|
||||
},
|
||||
{
|
||||
domain: "kosmos.cash",
|
||||
acme_domain: "letsencrypt.kosmos.org",
|
||||
target: "https://kosmos.org",
|
||||
http_status: 307
|
||||
}
|
||||
]
|
||||
|
||||
redirects.each do |redirect|
|
||||
tls_cert_for redirect[:domain] do
|
||||
auth "gandi_dns"
|
||||
acme_domain redirect[:acme_domain] unless redirect[:acme_domain].nil?
|
||||
action :create
|
||||
end
|
||||
|
||||
openresty_site redirect[:domain] do
|
||||
template "nginx_conf_redirect.erb"
|
||||
variables domain: redirect[:domain],
|
||||
target: redirect[:target],
|
||||
http_status: redirect[:http_status],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{redirect[:domain]}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{redirect[:domain]}/privkey.pem"
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,20 @@
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
server_name <%= @domain %>;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
|
||||
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
location / {
|
||||
return <%= @http_status || 301 %> <%= @target %>;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,18 @@
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
server_name <%= @domain %>;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
root /var/www/<%= @domain %>/public;
|
||||
|
||||
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
|
||||
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||
|
||||
gzip_static on;
|
||||
gzip_comp_level 5;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
||||
@@ -1,9 +1,18 @@
|
||||
# Generated by Chef
|
||||
|
||||
server {
|
||||
server_name _;
|
||||
listen 80 default_server;
|
||||
|
||||
location / {
|
||||
return 301 https://<%= @domain %>;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name <%= @domain %>;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
|
||||
root /var/www/<%= @domain %>/public;
|
||||
|
||||
@@ -18,8 +27,10 @@ server {
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
<% if @accounts_url %>
|
||||
location ~ ^/.well-known/(webfinger|nostr|lnurlp|keysend) {
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass https://accounts.kosmos.org;
|
||||
}
|
||||
<% end %>
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@ end
|
||||
|
||||
tls_cert_for domain do
|
||||
auth "gandi_dns"
|
||||
acme_domain "letsencrypt.kosmos.org"
|
||||
action :create
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user