kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity

Improve ejabberd HTTP API configs and access #483

Merged
greg merged 1 commits from bugfix/ejabberd_api_access into master 2023-04-03 16:03:04 +00:00
Conversation 1 Commits 1 Files Changed 3 +18 -3
3 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
site-cookbooks/kosmos-akkounts/recipes/default.rb
View File

@ -84,7 +84,7 @@ end
ejabberd_private_ip_addresses.each do |ip_address|
IPAddr.new ip_address
hostsfile_entry ip_address do
hostname 'xmpp.kosmos.org'
hostname 'xmpp.kosmos.local'
action :create
end
rescue IPAddr::InvalidAddressError
@ -93,7 +93,7 @@ rescue IPAddr::InvalidAddressError
end
if ejabberd_private_ip_addresses.size > 0
env[:ejabberd_api_url] = 'https://xmpp.kosmos.org:5443/api'
env[:ejabberd_api_url] = "http://xmpp.kosmos.local/api"
end
systemd_unit "akkounts.service" do

8
site-cookbooks/kosmos-ejabberd/recipes/default.rb
View File

@ -186,6 +186,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
turn_max_port: node["kosmos-ejabberd"]["turn_max_port"],
private_ip_address: node["knife_zero"]["host"],
akkounts_ip_addresses: akkounts_ip_addresses
notifies :reload, "service[ejabberd]", :delayed
end
@ -198,6 +199,13 @@ unless node.chef_environment == "development"
include_recipe "kosmos-ejabberd::firewall"
end
firewall_rule 'ejabberd_http' do
port [80]
source "10.1.1.0/24"
protocol :tcp
command :allow
end
#
# Tor hidden service
#

9
site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
View File

@ -61,6 +61,14 @@ listen:
use_proxy_protocol: true
max_stanza_size: 131072
shaper: s2s_shaper
-
port: 80
ip: "<%= @private_ip_address %>"
module: ejabberd_http
request_handlers:
"/api": mod_http_api
tls: false
captcha: false
-
port: 5443
ip: "::"
@ -69,7 +77,6 @@ listen:
request_handlers:
"/ws": ejabberd_http_ws
"/bosh": mod_bosh
"/api": mod_http_api
"/upload": mod_http_upload
"/admin": ejabberd_web_admin
custom_headers: