kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:bugfix/substr_url_matching
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
...
compare: kosmos:e9dff826283f79e9fb04b20508ea9d6d6dd1c2be
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

7 Commits
bugfix/sub ... e9dff82628

Author SHA1 Message Date
Râu Cao
e9dff82628 Merge pull request 'Add IPv6 support for all OpenResty sites' (#618) from feature/614-ipv6 into master 
Reviewed-on: #618
 2026-02-12 13:09:25 +00:00
Râu Cao
0933e9caa0 Add IPv6 to all OpenResty sites 
Co-authored-by: Greg Karékinian <greg@karekinian.com>
 2026-02-12 17:05:14 +04:00
Greg
9f862a89cc Merge pull request 'Enable Gitea SSH via IPv6' (#613) from chore/612-enable_ipv6_ssh into master 
Reviewed-on: #613
Reviewed-by: Greg <greg@kosmos.org>
 2026-01-11 13:19:33 +00:00
Râu Cao
039dbdf091 Enable Gitea SSH via IPv6 
closes #612
 2026-01-09 13:43:06 +07:00
Râu Cao
e3559119be Update node info 2025-11-25 10:56:35 +00:00
Râu Cao
16f95170ef Remove old node 2025-11-25 10:55:04 +00:00
Râu Cao
36f5903271 Merge pull request 'Fix URL matcher for substr (vs strfry)' (#608) from bugfix/substr_url_matching into master 
Reviewed-on: #608
 2025-11-17 11:03:48 +00:00
35 changed files with 117 additions and 43 deletions
Expand all files Collapse all files

4
clients/garage-14.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "garage-14",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNY8AuaM4byhaTZacfRJ\nv/qyHxcDJOMX/ElF1H908spdbB2ZiLXHOH1Ucw1d+NV6/QUtWk+ikKFPpasnatD7\nmjE57noH+H47Rll0nD7oT+in+fOBDHF9R0P6/qyRSdJbJkHOh0iC0MG4LcUfv0AY\nnVBW5iLZSe/PC3+PvhCv7yrx3ikSs0mg1ZWppw0ka5Ek3ZCZp5FB4L6++GYWpM+1\n6YI0CjMoRcXsaEQsJWhxHXT8/KDhW0BR8woZUGm0/Yn4teLYJzioxRfBep3lbygx\nOIsDN9IJzo2zVTGPDZQLXhVemIhzaepqTC77ibH7F0gN/1vsQBc/qf7UhbwaF4rR\ndQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/postgres-7.json
View File

@@ -1,4 +0,0 @@
{
"name": "postgres-7",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArraIm6mXi0qgK4oWDs2I\nOIx+g/LPnfRd5aBXhoHcekGiJKttQTi5dRdN4+T6qVEC2h4Cc9qN47h2TZPLDh/M\neIZvu0AyicpectzXf6DtDZh0hFCnv47RDi9927op9tjMXk0SV1tLel7MN0dawATw\ny0vQkkr/5a3ZdiP4dFv+bdfVrj+Tuh85BYPVyX2mxq9F7Efxrt6rzVBiqr6uJLUY\nStpeB3CCalC4zQApKX2xrdtr2k8aJbqC6C//LiKbb7VKn+ZuZJ32L/+9HDEzQoFC\no0ZZPMhfnjcU+iSHYZuPMTJTNbwgRuOgpn9O8kZ239qYc59z7HEXwwWiYPDevbiM\nCQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/postgres-9.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "postgres-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dcE9HH0r5TBb/FGj2+e\nOw8ssoxeB61JmR4/psdZ6oPR08gxyqOY0ODziCmyIdXwFhjIcC44HjxCbcB8TU8G\nWGqlmfqWWIJW0x/2xOycHobAWDn5fC5ttTXkR3HC1TutX/2mH26mtfz9UjNdPaTo\nVZFMcxeaBCFSNlYC7hPUQ5f/qBdhhpLxP9uyzU+YFPqtwLP7g8EAUQObM4L+m6Q8\nqE7xgYpnhgaNrPsmvaVuoNylMGwyK0j1whOkcik8UgLprD70ISNSNxxcLehbvA3G\nPQPQRRuFF36fu2gECWGopbrFKwQGNfgJguQoXM1RQZQMQqWHPS933k5i6bi5pnhp\nzwIDAQAB\n-----END PUBLIC KEY-----\n"
}

2
nodes/akkounts-1.json
View File

@@ -9,7 +9,7 @@
"automatic": { "automatic": {
"fqdn": "akkounts-1", "fqdn": "akkounts-1",
"os": "linux", "os": "linux",
"os_version": "5.4.0-216-generic", "os_version": "5.4.0-223-generic",
"hostname": "akkounts-1", "hostname": "akkounts-1",
"ipaddress": "192.168.122.160", "ipaddress": "192.168.122.160",
"roles": [ "roles": [

2
nodes/draco.kosmos.org.json
View File

@@ -12,6 +12,7 @@
}, },
"openresty": { "openresty": {
"listen_ip": "148.251.237.111", "listen_ip": "148.251.237.111",
"listen_ipv6": "2a01:4f8:202:804a::2",
"log_formats": { "log_formats": {
"json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}" "json": "{\"ip\":\"$remote_addr\",\"time\":\"$time_local\",\"host\":\"$host\",\"method\":\"$request_method\",\"uri\":\"$uri\",\"status\":$status,\"size\":$body_bytes_sent,\"referer\":\"$http_referer\",\"upstream_addr\":\"$upstream_addr\",\"upstream_response_time\":\"$upstream_response_time\",\"ua\":\"$http_user_agent\"}"
} }
@@ -81,6 +82,7 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",

1
nodes/fornax.kosmos.org.json
View File

@@ -75,6 +75,7 @@
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",

64
nodes/garage-14.json Normal file
View File

@@ -0,0 +1,64 @@
{
"name": "garage-14",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.157"
}
},
"automatic": {
"fqdn": "garage-14",
"os": "linux",
"os_version": "5.15.0-1059-kvm",
"hostname": "garage-14",
"ipaddress": "192.168.122.251",
"roles": [
"base",
"kvm_guest",
"garage_node"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.8.54",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.8.54/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.8",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.8/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[garage_node]"
]
}

22
nodes/postgres-7.json → nodes/postgres-9.json
View File

@@ -1,17 +1,17 @@
{ {
"name": "postgres-7", "name": "postgres-9",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.134" "host": "10.1.1.3"
} }
}, },
"automatic": { "automatic": {
"fqdn": "postgres-7", "fqdn": "postgres-9",
"os": "linux", "os": "linux",
"os_version": "5.4.0-1123-kvm", "os_version": "5.15.0-1059-kvm",
"hostname": "postgres-7", "hostname": "postgres-9",
"ipaddress": "192.168.122.89", "ipaddress": "192.168.122.64",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -41,17 +41,17 @@
"hostname::default" "hostname::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "20.04", "platform_version": "22.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.5.0", "version": "18.8.54",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.8.54/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.1.11", "version": "18.2.8",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.8/lib/ohai"
} }
} }
}, },

4
site-cookbooks/discourse/templates/nginx_conf.erb
View File

@@ -8,8 +8,8 @@ upstream _<%= @upstream_name %> {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen 443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;

2
site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts.erb
View File

@@ -11,7 +11,7 @@ proxy_cache_path <%= node[:openresty][:cache_dir] %>/akkounts levels=1:2
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;
if ($host != $server_name) { if ($host != $server_name) {

2
site-cookbooks/kosmos-akkounts/templates/nginx_conf_akkounts_api.erb
View File

@@ -7,7 +7,7 @@ upstream _akkounts_api {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;

2
site-cookbooks/kosmos-bitcoin/templates/nginx_conf_btcpayserver.erb
View File

@@ -49,7 +49,7 @@ server {
client_max_body_size 100M; client_max_body_size 100M;
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json; access_log <%= node[:nginx][:log_dir] %>/btcpayserver.access.log json;
error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn; error_log <%= node[:nginx][:log_dir] %>/btcpayserver.error.log warn;

2
site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
View File

@@ -7,7 +7,7 @@ upstream _lndhub {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
add_header Strict-Transport-Security "max-age=15768000"; add_header Strict-Transport-Security "max-age=15768000";

2
site-cookbooks/kosmos-btcpayserver/templates/nginx_conf_btcpayserver.erb
View File

@@ -49,7 +49,7 @@ server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
<% else -%> <% else -%>
listen 80; listen 80;
<% end -%> <% end -%>

2
site-cookbooks/kosmos-ejabberd/templates/nginx_conf_upload_service.erb
View File

@@ -3,7 +3,7 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;

2
site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
View File

@@ -7,7 +7,7 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
add_header Strict-Transport-Security "max-age=15768000"; add_header Strict-Transport-Security "max-age=15768000";

2
site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
View File

@@ -12,7 +12,7 @@ upstream _ipfs_api {
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
access_log /var/log/nginx/<%= @server_name %>.access.log; access_log /var/log/nginx/<%= @server_name %>.access.log;
error_log /var/log/nginx/<%= @server_name %>.error.log; error_log /var/log/nginx/<%= @server_name %>.error.log;

2
site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
View File

@@ -21,7 +21,7 @@ proxy_cache_path /var/cache/nginx/mastodon levels=1:2
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
include <%= @shared_config_path %>; include <%= @shared_config_path %>;

2
site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
View File

@@ -3,7 +3,7 @@
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;
root /var/www/<%= @domain %>/site; root /var/www/<%= @domain %>/site;

2
site-cookbooks/kosmos_discourse/templates/nginx_conf.erb
View File

@@ -9,7 +9,7 @@ upstream _discourse {
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;

2
site-cookbooks/kosmos_drone/templates/nginx_conf.erb
View File

@@ -8,7 +8,7 @@ upstream _drone {
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;

2
site-cookbooks/kosmos_garage/templates/nginx_conf_s3.erb
View File

@@ -4,7 +4,7 @@ upstream garage_s3 {
server { server {
listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2; listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2;
listen [::]:443 http2 ssl; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;

2
site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb
View File

@@ -1,6 +1,6 @@
server { server {
listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2; listen <%= "#{node[:openresty][:listen_ip]}:" if node[:openresty][:listen_ip] %>443 ssl http2;
listen [::]:443 http2 ssl; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;

1
site-cookbooks/kosmos_gitea/templates/default/nginx_conf_ssh.erb
View File

@@ -4,5 +4,6 @@ upstream _gitea_ssh {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>22; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>22;
listen [::]:22;
proxy_pass _gitea_ssh; proxy_pass _gitea_ssh;
} }

2
site-cookbooks/kosmos_gitea/templates/default/nginx_conf_web.erb
View File

@@ -6,7 +6,7 @@ upstream _gitea_web {
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;

2
site-cookbooks/kosmos_liquor-cabinet/templates/nginx_conf_liquor-cabinet.erb
View File

@@ -12,7 +12,7 @@ upstream _<%= @app_name %> {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet; access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log; # TODO json_liquor_cabinet;

1
site-cookbooks/kosmos_openresty/attributes/default.rb Normal file
View File

@@ -0,0 +1 @@
node.default["openresty"]["listen_ipv6"] = "::"

2
site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb
View File

@@ -6,7 +6,7 @@ upstream _<%= @upstream_name %> {
server { server {
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @domain %>; server_name <%= @domain %>;

2
site-cookbooks/kosmos_strfry/templates/nginx_conf_strfry.erb
View File

@@ -13,7 +13,7 @@ upstream _substr {
server { server {
server_name <%= @domain %>; server_name <%= @domain %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
access_log "/var/log/nginx/<%= @domain %>.access.log"; access_log "/var/log/nginx/<%= @domain %>.access.log";
error_log "/var/log/nginx/<%= @domain %>.error.log"; error_log "/var/log/nginx/<%= @domain %>.error.log";

2
site-cookbooks/kosmos_website/templates/nginx_conf_redirect.erb
View File

@@ -3,7 +3,7 @@
server { server {
server_name <%= @domain %>; server_name <%= @domain %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log; access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log;
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn; error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;

2
site-cookbooks/kosmos_website/templates/nginx_conf_simple.erb
View File

@@ -3,7 +3,7 @@
server { server {
server_name <%= @domain %>; server_name <%= @domain %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
root /var/www/<%= @domain %>/public; root /var/www/<%= @domain %>/public;

3
site-cookbooks/kosmos_website/templates/nginx_conf_website.erb
View File

@@ -3,6 +3,7 @@
server { server {
server_name _; server_name _;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80 default_server; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80 default_server;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:80 default_server;
location / { location / {
return 301 https://<%= @domain %>; return 301 https://<%= @domain %>;
@@ -12,7 +13,7 @@ server {
server { server {
server_name <%= @domain %>; server_name <%= @domain %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2 default_server;
if ($host != $server_name) { if ($host != $server_name) {
return 307 $scheme://$server_name; return 307 $scheme://$server_name;

4
site-cookbooks/kredits-github/templates/default/nginx_conf.erb
View File

@@ -5,8 +5,8 @@ upstream _<%= @app_name %> {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server { server {
listen 443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
server_name <%= @server_name %>; server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json; access_log <%= node[:nginx][:log_dir] %>/<%= @app_name %>.access.log json;

2
site-cookbooks/openresty

Submodule site-cookbooks/openresty updated: bc916b981c...b31d6b0b01

2
site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb
View File

@@ -8,7 +8,7 @@ upstream _rs_discourse {
server { server {
server_name <%= @server_name %>; server_name <%= @server_name %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2; listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen [::]:443 ssl http2; listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
ssl_certificate <%= @ssl_cert %>; ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>; ssl_certificate_key <%= @ssl_key %>;