chef/site-cookbooks/kosmos-wordpress/recipes/nginx.rb

#
# Cookbook Name:: kosmos-wordpress
# Recipe:: nginx
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#

node.set_unless['php-fpm']['pools'] = []

include_recipe "php-fpm::configure"
include_recipe 'php-fpm::repository' unless node['php-fpm']['skip_repository_install']
include_recipe "kosmos-base::letsencrypt"

php_fpm_package_name = if node['php-fpm']['package_name'].nil?
                         if platform_family?("rhel")
                           "php-fpm"
                         else
                           "php5-fpm"
                         end
                       else
                         node['php-fpm']['package_name']
                       end

package php_fpm_package_name do
  action :upgrade
end

php_fpm_service_name = if node['php-fpm']['service_name'].nil?
                         php_fpm_package_name
                       else
                         node['php-fpm']['service_name']
                       end

service "php-fpm" do
  service_name php_fpm_service_name
  supports     start: true, stop: true, restart: true, reload: true
  action       [:enable, :start]
end

php_fpm_pool "www" do
  enable false
end

php_fpm_pool "wordpress" do
  listen "127.0.0.1:9001"
  user node['wordpress']['install']['user']
  group node['wordpress']['install']['group']
  if node['platform'] == 'ubuntu' && node['platform_version'] == '10.04'
    process_manager 'dynamic'
  end
  listen_owner node['wordpress']['install']['user']
  listen_group node['wordpress']['install']['group']
  php_options node['wordpress']['php_options']
  start_servers 5
  enable true
end

include_recipe "php::module_mysql"

include_recipe "kosmos-nginx"

include_recipe "wordpress::app"

execute "letsencrypt cert for blog.kosmos.org" do
  command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['wordpress']['dir']} -d blog.kosmos.org -n"
  cwd "/usr/local/certbot"
  not_if { File.exist? "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem" }
  notifies :reload, "service[nginx]", :delayed
end

template "#{node['nginx']['dir']}/sites-available/wordpress" do
  source "nginx.conf.erb"
  variables(
    docroot:        node['wordpress']['dir'],
    server_name:    node['wordpress']['server_name'],
    server_aliases: node['wordpress']['server_aliases'],
    server_port:    node['wordpress']['server_port'],
    ssl_cert:       "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem",
    ssl_key:        "/etc/letsencrypt/live/blog.kosmos.org/privkey.pem"
  )
  action :create
  notifies :reload, "service[nginx]", :delayed
end

nginx_site 'wordpress' do
  enable true
end