chef/site-cookbooks/kosmos-wordpress/recipes/nginx.rb

#
# Cookbook Name:: kosmos-wordpress
# Recipe:: nginx
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#

node.set_unless['php-fpm']['pools'] = []

include_recipe "php-fpm"
include_recipe 'php-fpm::repository' unless node['php-fpm']['skip_repository_install']
include_recipe "php-fpm::install"

php_fpm_pool "www" do
  enable false
end

php_fpm_pool "wordpress" do
  listen "127.0.0.1:9001"
  user node['wordpress']['install']['user']
  group node['wordpress']['install']['group']
  listen_owner node['wordpress']['install']['user']
  listen_group node['wordpress']['install']['group']
  php_options node['wordpress']['php_options']
  start_servers 5
  enable true
end

include_recipe "php::module_mysql"

include_recipe "kosmos-nginx"

include_recipe "wordpress::app"

unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"

  execute "letsencrypt cert for blog.kosmos.org" do
    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['wordpress']['dir']} -d blog.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end
end

ssl_cert = "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem"
ssl_key  = "/etc/letsencrypt/live/blog.kosmos.org/privkey.pem"
template "#{node['nginx']['dir']}/sites-available/wordpress" do
  source "nginx.conf.erb"
  variables(
    docroot:        node['wordpress']['dir'],
    server_name:    node['wordpress']['server_name'],
    server_aliases: node['wordpress']['server_aliases'],
    server_port:    node['wordpress']['server_port'],
    ssl_cert:       ssl_cert,
    ssl_key:        ssl_key
  )
  action :create
  notifies :reload, "service[nginx]", :delayed
end

nginx_site 'wordpress' do
  enable true
end