Move Gitea and Drone CI to new VMs #396

Merged
raucao merged 8 commits from chore/move_gitea_and_drone into master 2022-03-17 19:38:04 +00:00
28 changed files with 332 additions and 118 deletions

4
clients/drone-1.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "drone-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DLEt7jfKPH7X7pBknG3\nWoB6Q6Vffl6Q0GRxQiMJ1uRC79dulKH097CYfLzIXFZD9gRRP4K78vW5BA2spXVV\nn3qrak9JT6BGgdFrkBEdMNGZyz814aMiyhPZrQUrmIzyH8R04xZgv7UH86qdNQ5p\nPeIXS7gU7/0PmwRgEBiM1KLq+Kba6pYdGefKqxx5D59xweH+yE+rbd5ac9xn2GP7\nyOiZoG2sMuksq7d3O4SeTS2lBAmG5IeiP2iWvHWpZD48PTr78ItkTgIbaqZU2PXV\ng+2OcJPTel5xISooe5FvW8gdpC9SYoBPvgJuJ6czc1+LdUSK7pE7577eAJNDlh+H\nRwIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/gitea-1.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "gitea-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bp4I/f5dLL22GRHanLV\nw57sNBEWT3Vx32B24hScKNP5nYDW0dIRkt1c7SLEpe+diNgyIwk7JlI20Vl+oaVo\njdCpmHSB18yXxQT2Ub6aI8ApwFLECVA6SckekcwxLJc/oGRMB52PonI8opJOVbPa\nF+heZ5NNDiMvn3E8qODdMWSjDiJNSVLJgsCPFHAt32aJgLaXQTqG5lrmltaamscW\njGlFqiBJw/5saCkKBPdPwdX4RcDqvGX1FdE1LVB42cskv8CrnvEVFLBxKXAhAr6s\nNhOhenzLGHpy58tNoUoUw3v4WiPRtcnlNxeSVG5LKkjaK04f2oxeZx3SiSU/1naY\nkwIDAQAB\n-----END PUBLIC KEY-----\n"
}

View File

@ -1,23 +1,37 @@
{
"id": "drone",
"client_id": {
"encrypted_data": "PHC6f0UJwuaxnhMhxUVhHMqauCu9aYDp3IFqVzsxEoEodKhg8pgTWS14T5E7\nVm4xlcR/CuLcOA==\n",
"iv": "on4hNp3g6pLsvfTE\n",
"auth_tag": "ytx40h2fsBHhDpyhwKbHog==\n",
"encrypted_data": "bfwxBJt+xNihifwXmjWK3dMDCcjZ1XgiWvqvK0Dj3zd8ZuDRZUwt++xdr/bT\n1wwz1i3udaxZqQ==\n",
"iv": "0Bioz/6QbDo5w8Ay\n",
"auth_tag": "lF8gragaEIrfR1g+Ka1Wnw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"client_secret": {
"encrypted_data": "HAKFqsrbL447wgropHz2rgHmyRl3G2d24svTT+TYMI0jtQFTQPZLxNZkl3ki\n42n7baNrfXN3IJeQRyxyihw0\n",
"iv": "pmdiLiFgSPNNP7dl\n",
"auth_tag": "4j98l+lZ0k4mLioJHS5VJw==\n",
"encrypted_data": "1TKFuk54DqP/5kAPIfjI2PNriOIJ0NdwV2ETZdF1O7Gt55WXvHSTupQLu0NG\nQkrSXXqdgDKvW2/P+d1W0NTQ\n",
"iv": "nBqEog1s/Z2cHnqU\n",
"auth_tag": "yBjz6GQ6K6bowih970e37w==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"rpc_secret": {
"encrypted_data": "ll4f3ECLQTgJj47aeqnP0Ci1ncMYTwwFw1J46Qx3gPloA2YGPwlfa82Uck1k\neSHCTSNW\n",
"iv": "hP5Iq9zOjELUb9d8\n",
"auth_tag": "WJlme717tpgbWPcXwFzyvQ==\n",
"encrypted_data": "KBJHpfjw6aEuMoOJevkNRFA6NVF8w4cAxRsPRchN+qlLXPT1Kxql2uug8c0P\n1DdKeaZq\n",
"iv": "qj9C1PqC1OlDX6YR\n",
"auth_tag": "vgI5nxBEYnhwgJATykISJA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"database_secret": {
"encrypted_data": "W+tSV89+1Ue/sNm6+dOW06jFGrmPTt4RVR8A0GUJXZhGbqBBie3jWNW3ZeKg\nfEQTYP1j\n",
"iv": "Of9fVasrPT7451HD\n",
"auth_tag": "fuY65GQr4s3vR6E3OuZdzQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"postgresql_password": {
"encrypted_data": "KqoUOOkqBy9Sfrg5THVWyOdgd21aDjXlEqxVhX1OIcsv\n",
"iv": "iPDmnzOO1TWA1bO1\n",
"auth_tag": "8o+0nRewMEGeoH5/ZfGUuQ==\n",
"version": 3,
"cipher": "aes-256-gcm"
}

View File

@ -14,7 +14,6 @@
"roles": [
"gitea",
"postgresql_client",
"discourse",
"drone"
],
"recipes": [
@ -26,8 +25,6 @@
"kosmos_gitea",
"kosmos_gitea::default",
"kosmos_gitea::backup",
"kosmos_discourse",
"kosmos_discourse::default",
"kosmos_drone",
"kosmos_drone::default",
"kosmos_assets::nginx_site",
@ -36,7 +33,6 @@
"kosmos_website",
"kosmos_website::default",
"kosmos_zerotier::firewall",
"sockethub::_firewall",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -82,13 +78,10 @@
"run_list": [
"recipe[kosmos-base]",
"recipe[kosmos_encfs]",
"role[gitea]",
"role[drone]",
"recipe[kosmos_assets::nginx_site]",
"recipe[kosmos_kvm::host]",
"recipe[kosmos-ejabberd::firewall]",
"recipe[kosmos_website::default]",
"recipe[kosmos_zerotier::firewall]",
"recipe[sockethub::_firewall]"
"recipe[kosmos_zerotier::firewall]"
]
}

58
nodes/drone-1.json Normal file
View File

@ -0,0 +1,58 @@
{
"name": "drone-1",
"normal": {
"knife_zero": {
"host": "10.1.1.128"
}
},
"automatic": {
"fqdn": "drone-1",
"os": "linux",
"os_version": "5.4.0-1058-kvm",
"hostname": "drone-1",
"ipaddress": "192.168.122.200",
"roles": [
"drone",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_postgresql::hostsfile",
"kosmos_drone",
"kosmos_drone::default",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "17.9.52",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib",
"chef_effortless": null
},
"ohai": {
"version": "17.9.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
}
}
},
"run_list": [
"recipe[kosmos-base]",
"role[drone]"
]
}

View File

@ -19,6 +19,8 @@
"kosmos-base::default",
"kosmos_kvm::host",
"kosmos_discourse::nginx",
"kosmos_gitea::nginx",
"kosmos_drone::nginx",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@ -63,6 +65,6 @@
"run_list": [
"recipe[kosmos-base]",
"recipe[kosmos_kvm::host]",
"recipe[kosmos_discourse::nginx]"
"role[nginx_proxy]"
]
}

61
nodes/gitea-1.json Normal file
View File

@ -0,0 +1,61 @@
{
"name": "gitea-1",
"normal": {
"knife_zero": {
"host": "10.1.1.36"
}
},
"automatic": {
"fqdn": "gitea-1",
"os": "linux",
"os_version": "5.4.0-1058-kvm",
"hostname": "gitea-1",
"ipaddress": "192.168.122.218",
"roles": [
"gitea",
"postgresql_client"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_postgresql::hostsfile",
"kosmos_gitea",
"kosmos_gitea::default",
"kosmos_gitea::backup",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"backup::default",
"logrotate::default"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "17.9.52",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.9.52/lib",
"chef_effortless": null
},
"ohai": {
"version": "17.9.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
}
}
},
"run_list": [
"recipe[kosmos-base]",
"role[gitea]"
]
}

View File

@ -19,6 +19,8 @@
"kosmos-base::default",
"kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos_gitea::pg_db",
"kosmos_drone::pg_db",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",

View File

@ -1,5 +1,6 @@
name "drone"
run_list %w(
role[postgresql_client]
kosmos_drone::default
)

13
roles/nginx_proxy.rb Normal file
View File

@ -0,0 +1,13 @@
name "nginx_proxy"
default_run_list = %w(
kosmos_discourse::nginx
kosmos_gitea::nginx
kosmos_drone::nginx
)
env_run_lists(
'_default' => default_run_list,
'development' => [],
'production' => default_run_list
)

View File

@ -3,4 +3,6 @@ name "postgresql_primary"
run_list %w(
kosmos_postgresql::primary
kosmos_postgresql::firewall
kosmos_gitea::pg_db
kosmos_drone::pg_db
)

View File

@ -2,27 +2,6 @@
# Cookbook Name:: kosmos-nginx
# Recipe:: default
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
node.override['nginx']['default_site_enabled'] = false
node.override['nginx']['server_tokens'] = 'off'

View File

@ -0,0 +1,2 @@
node.default["kosmos_drone"]["domain"] = "drone.kosmos.org"
node.default["kosmos_drone"]["upstream_port"] = 80

View File

@ -7,5 +7,6 @@ long_description 'Installs/Configures kosmos_drone'
version '0.1.0'
chef_version '>= 14.0'
depends "firewall"
depends "kosmos-nginx"
depends "kosmos_gitea"

View File

@ -4,10 +4,17 @@
#
package "docker-compose"
domain = "drone.kosmos.org"
deploy_path = "/opt/drone"
upstream_port = 3002
credentials = data_bag_item("credentials", "drone")
drone_credentials = data_bag_item('credentials', 'drone')
postgres_config = {
username: "drone",
password: drone_credentials["postgresql_password"],
host: "pg.kosmos.local",
port: 5432,
database: "drone"
}
directory deploy_path do
action :create
@ -17,13 +24,16 @@ template "#{deploy_path}/docker-compose.yml" do
source "docker-compose.yml.erb"
sensitive true
mode 0640
variables upstream_port: upstream_port,
domain: domain,
variables domain: node["kosmos_drone"]["domain"],
upstream_port: node["kosmos_drone"]["upstream_port"],
gitea_server: "https://#{node["kosmos_gitea"]["nginx"]["domain"]}",
client_id: credentials['client_id'],
client_secret: credentials['client_secret'],
rpc_secret: credentials['rpc_secret'],
database_secret: credentials['database_secret'],
postgres: postgres_config,
max_procs: 4
notifies :restart, "systemd_unit[drone.service]", :delayed
end
systemd_unit "drone.service" do
@ -45,20 +55,9 @@ systemd_unit "drone.service" do
action [:create, :enable, :start]
end
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: upstream_port
notifies :reload, 'service[nginx]', :delayed
firewall_rule 'drone' do
port [node["kosmos_drone"]["upstream_port"]]
source "10.1.1.0/24" # TODO only allow nginx proxy IPs
protocol :tcp
command :allow
end
nginx_site domain do
action :enable
end
nginx_certbot_site domain

View File

@ -0,0 +1,32 @@
#
# Cookbook:: kosmos_drone
# Recipe:: nginx
#
domain = node["kosmos_drone"]["domain"]
upstream_ip_addresses = []
search(:node, "role:drone").each do |n|
upstream_ip_addresses << n["knife_zero"]["host"]
end
# No Discourse host, stop here
return if upstream_ip_addresses.empty?
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
upstream_ip_addresses: upstream_ip_addresses,
upstream_port: node["kosmos_drone"]["upstream_port"],
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end

View File

@ -0,0 +1,16 @@
#
# Cookbook:: kosmos_drone
# Recipe:: pg_db
#
drone_credentials = data_bag_item("credentials", "drone")
postgresql_user "drone" do
action :create
password drone_credentials["postgresql_password"]
end
postgresql_database "drone" do
owner "drone"
action :create
end

View File

@ -2,7 +2,7 @@ version: '3'
services:
drone-server:
image: drone/drone:2.5
image: drone/drone:2.11
ports:
- "<%= @upstream_port %>:80"
@ -17,6 +17,9 @@ services:
- DRONE_SERVER_HOST=<%= @domain %>
- DRONE_SERVER_PROTO=https # required for the Redirect URI to be built correctly
- DRONE_RPC_SECRET=<%= @rpc_secret %>
- DRONE_DATABASE_DRIVER=postgres
- DRONE_DATABASE_DATASOURCE=postgres://<%= @postgres[:username] %>:<%= @postgres[:password] %>@<%= @postgres[:host] %>:<%= @postgres[:port] %>/<%= @postgres[:database] %>?sslmode=disable
- DRONE_DATABASE_SECRET=<%= @database_secret %>
drone-runner:
image: drone/drone-runner-docker:1.8

View File

@ -1,7 +1,9 @@
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
# Generated by Chef
upstream _drone {
server localhost:<%= @upstream_port %>;
<% @upstream_ip_addresses.each do |upstream_ip_address| -%>
server <%= upstream_ip_address %>:<%= @upstream_port %>;
<% end -%>
}
server {

View File

@ -1,9 +1,10 @@
gitea_version = "1.16.1"
gitea_version = "1.16.3"
node.default["kosmos_gitea"]["version"] = gitea_version
node.default["kosmos_gitea"]["binary_url"] = "https://dl.gitea.io/gitea/#{gitea_version}/gitea-#{gitea_version}-linux-amd64"
node.default["kosmos_gitea"]["binary_checksum"] = "f03f3a3c4dccc2219351cde5c9af372715b2ec3e88a821779702bc6f38084c97"
node.default["kosmos_gitea"]["binary_checksum"] = "626c7da554efcfd3abd88b0355e3adf55d7f0941a01e058b2d4f5923d0d5b7c3"
node.default["kosmos_gitea"]["nginx"]["domain"] = "gitea.kosmos.org"
node.default["kosmos_gitea"]["working_directory"] = "/var/lib/gitea"
node.default["kosmos_gitea"]["port"] = 3000
node.default["kosmos_gitea"]["config"] = {
"webhook": {

View File

@ -19,6 +19,7 @@ chef_version '>= 14.0'
#
# source_url 'https://github.com/<insert_org_here>/kosmos_gitea'
depends "firewall"
depends "kosmos-nginx"
depends "kosmos_postgresql"
depends "backup"

View File

@ -4,26 +4,7 @@
#
# The MIT License (MIT)
#
# Copyright:: 2020, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
unless node.chef_environment == "development"
# backup the data dir and the config files
node.override["backup"]["archives"]["gitea"] = [node["kosmos_gitea"]["working_directory"]]

View File

@ -3,9 +3,6 @@
# Recipe:: default
#
include_recipe "kosmos-nginx"
domain = node["kosmos_gitea"]["nginx"]["domain"]
working_directory = node["kosmos_gitea"]["working_directory"]
git_home_directory = "/home/git"
repository_root_directory = "#{git_home_directory}/gitea-repositories"
@ -63,15 +60,17 @@ directory config_directory do
mode "0750"
end
# Copy the self-signed root certificate to the system certificate store. Gitea
# will find it there automatically
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt"
file root_cert_path do
content postgresql_data_bag_item['ssl_root_cert']
mode "0644"
nginx_proxy_ip_addresses = []
search(:node, "role:nginx_proxy").each do |node|
nginx_proxy_ip_addresses << node["knife_zero"]["host"]
end
node.default["kosmos_gitea"]["config"] = {
"webhook": {
"allowed_host_list" => "external,#{nginx_proxy_ip_addresses.join(",")}"
}
}
template "#{config_directory}/app.ini" do
source "app.ini.erb"
owner "git"
@ -119,20 +118,9 @@ service "gitea" do
action [:enable, :start]
end
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: 3000
notifies :reload, 'service[nginx]', :delayed
firewall_rule 'gitea' do
port [node["kosmos_gitea"]["port"]]
source "10.1.1.0/24" # TODO only allow nginx proxy IPs
protocol :tcp
command :allow
end
nginx_site domain do
action :enable
end
nginx_certbot_site domain

View File

@ -0,0 +1,52 @@
#
# Cookbook:: kosmos_gitea
# Recipe:: nginx
#
include_recipe "kosmos-nginx"
domain = node["kosmos_gitea"]["nginx"]["domain"]
# upstream_ip_addresses = []
# search(:node, "role:gitea").each do |n|
# upstream_ip_addresses << n["knife_zero"]["host"]
# end
begin
upstream_ip_address = search(:node, "role:gitea").first["knife_zero"]["host"]
rescue
Chef::Log.warn('No server with "gitea" role. Stopping here.')
return
end
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf_web.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_host: upstream_ip_address,
upstream_port: node["kosmos_gitea"]["port"]
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end
template "#{node['nginx']['dir']}/streams-available/ssh" do
source "nginx_conf_ssh.erb"
owner 'www-data'
mode 0640
variables domain: domain,
upstream_host: upstream_ip_address
notifies :reload, 'service[nginx]', :delayed
end
nginx_stream "ssh" do
action :enable
end

View File

@ -2,7 +2,6 @@
# Cookbook:: kosmos_gitea
# Recipe:: pg_db
#
# Copyright:: 2020, Kosmos Developers, All Rights Reserved.
gitea_data_bag_item = data_bag_item("credentials", "gitea")

View File

@ -44,10 +44,6 @@ FROM = gitea@kosmos.org
USER = <%= @smtp_user %>
PASSWD = <%= @smtp_password %>
[oauth2]
JWT_SECRET = <%= @jwt_secret %>
JWT_SIGNING_ALGORITHM = HS256
[security]
INTERNAL_TOKEN = <%= @internal_token %>
INSTALL_LOCK = true

View File

@ -0,0 +1,8 @@
upstream _gitea_ssh {
server <%= @upstream_host %>:22;
}
server {
listen 148.251.83.201:22;
proxy_pass _gitea_ssh;
}

View File

@ -1,6 +1,6 @@
# Generated by Chef
upstream _gitea {
server localhost:<%= @upstream_port %>;
upstream _gitea_web {
server <%= @upstream_host %>:<%= @upstream_port %>;
}
server {
@ -26,14 +26,14 @@ server {
location ~ ^/(avatars|repo-avatars)/.*$ {
proxy_buffers 1024 8k;
proxy_pass http://_gitea;
proxy_pass http://_gitea_web;
proxy_http_version 1.1;
expires 30d;
}
location / {
proxy_buffers 1024 8k;
proxy_pass http://_gitea;
proxy_pass http://_gitea_web;
proxy_http_version 1.1;
}
}