46 lines
1.2 KiB
Ruby
46 lines
1.2 KiB
Ruby
#
|
|
# Cookbook Name:: sockethub
|
|
# Recipe:: proxy
|
|
#
|
|
|
|
include_recipe 'kosmos-nginx'
|
|
include_recipe "kosmos-base::firewall"
|
|
|
|
server_name = node['sockethub']['nginx']['server_name']
|
|
|
|
nginx_certbot_site server_name
|
|
|
|
upstream_hosts = []
|
|
search(:node, "role:sockethub").each do |n|
|
|
upstream_hosts << "#{n["knife_zero"]["host"]}:#{node['sockethub']['port']}"
|
|
end
|
|
|
|
if upstream_hosts.empty?
|
|
Chef::Log.warn('No server with "sockethub" role. Stopping here.')
|
|
return
|
|
end
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
|
source 'nginx_conf_sockethub.erb'
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables server_name: server_name,
|
|
upstream_hosts: upstream_hosts,
|
|
sockethub_external_port: node['sockethub']['external_port'],
|
|
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_site server_name do
|
|
action :enable
|
|
end
|
|
|
|
unless node.chef_environment == "development"
|
|
firewall_rule 'sockethub' do
|
|
port node['sockethub']['external_port'].to_i
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
end
|