kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests 1 Projects 2 Activity

Compare commits

base: kosmos:79f623de4ee502f70b77cf04ac024dcd1753cb29
Branches Tags
kosmos:master kosmos:feature/blossom_server kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg
...
compare: kosmos:5b2ae82ce6bf185bc8e25c0863a8c596fa496fb6
Branches Tags
kosmos:feature/blossom_server kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg

3 Commits
79f623de4e ... 5b2ae82ce6

Author SHA1 Message Date
Sebastian Kippe
5b2ae82ce6 Remove obsolete IP from nginx config 2022-02-18 12:23:37 -06:00
Sebastian Kippe
910817a7d4 Create certbot site before normal site 2022-02-18 12:23:14 -06:00
Sebastian Kippe
163b12efbc Add firewall rule for Discourse 2022-02-18 12:22:15 -06:00
4 changed files with 12 additions and 3 deletions
Expand all files Collapse all files

1
site-cookbooks/kosmos_discourse/metadata.rb
View File

@@ -8,3 +8,4 @@ version '0.1.0'
chef_version '>= 14.0' chef_version '>= 14.0'
depends "kosmos-nginx" depends "kosmos-nginx"
depends 'firewall'

9
site-cookbooks/kosmos_discourse/recipes/default.rb
View File

@@ -32,3 +32,12 @@ systemd_unit "discourse.service" do
}}) }})
action [:create, :enable] action [:create, :enable]
end end
include_recipe 'firewall'
firewall_rule 'discourse' do
port [3001]
source "10.1.1.0/24"
protocol :tcp
command :allow
end

4
site-cookbooks/kosmos_discourse/recipes/nginx.rb
View File

@@ -12,6 +12,8 @@ end
# No Discourse host, stop here # No Discourse host, stop here
return if upstream_ip_addresses.empty? return if upstream_ip_addresses.empty?
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb" source "nginx_conf.erb"
owner 'www-data' owner 'www-data'
@@ -28,5 +30,3 @@ end
nginx_site domain do nginx_site domain do
action :enable action :enable
end end
nginx_certbot_site domain

1
site-cookbooks/kosmos_discourse/templates/nginx_conf.erb
View File

@@ -18,7 +18,6 @@ server {
# Send real IP to the Docker container # Send real IP to the Docker container
set_real_ip_from 127.0.0.1; set_real_ip_from 127.0.0.1;
set_real_ip_from 172.17.0.1;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
client_max_body_size 20M; client_max_body_size 20M;