17f1b2a20a
It creates a folder, the nginx vhost for certbot and HTTP redirects, and also runs certbot and recreates the nginx vhost that includes the TLS cert
44 lines
1.1 KiB
Ruby
44 lines
1.1 KiB
Ruby
#
|
|
# Cookbook Name:: sockethub
|
|
# Recipe:: proxy
|
|
#
|
|
# Copyright 2015-2019, Kosmos
|
|
#
|
|
# All rights reserved - Do Not Redistribute
|
|
#
|
|
|
|
unless node.chef_environment == "development"
|
|
include_recipe "firewall"
|
|
firewall_rule 'sockethub' do
|
|
port node['sockethub']['external_port'].to_i
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
end
|
|
|
|
include_recipe 'kosmos-nginx'
|
|
server_name = node['sockethub']['nginx']['server_name']
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
|
source 'nginx_conf_sockethub.erb'
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables sockethub_port: node['sockethub']['port'],
|
|
sockethub_external_port: node['sockethub']['external_port'],
|
|
server_name: server_name,
|
|
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
# Legacy vhost
|
|
nginx_site "sockethub" do
|
|
action :disable
|
|
end
|
|
|
|
nginx_site server_name do
|
|
action :enable
|
|
end
|
|
|
|
nginx_certbot_site server_name
|