62 lines
1.6 KiB
Ruby
62 lines
1.6 KiB
Ruby
#
|
|
# Cookbook Name:: kosmos-ipfs
|
|
# Recipe:: nginx_public_gateway
|
|
#
|
|
|
|
include_recipe "kosmos-nginx"
|
|
include_recipe 'firewall'
|
|
|
|
domain = node["kosmos-ipfs"]["nginx"]["domain"]
|
|
|
|
ipfs_node_ip_addresses = []
|
|
search(:node, "role:ipfs_gateway").each do |node|
|
|
ipfs_node_ip_addresses << node["knife_zero"]["host"]
|
|
end
|
|
|
|
nginx_certbot_site domain
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
|
source "nginx_conf_#{domain}.erb"
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables server_name: domain,
|
|
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
|
ipfs_api_port: node['kosmos-ipfs']['api_port'],
|
|
ipfs_gateway_port: node['kosmos-ipfs']['gateway_port'],
|
|
ipfs_external_api_port: node['kosmos-ipfs']['nginx']['external_api_port'],
|
|
upstream_hosts: ipfs_node_ip_addresses
|
|
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_site domain do
|
|
action :enable
|
|
end
|
|
|
|
firewall_rule 'ipfs_api' do
|
|
port node['kosmos-ipfs']['nginx']['external_api_port']
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
|
|
node.normal['fail2ban']['filters'] = {
|
|
'nginx-ipfs-404' => {
|
|
'failregex' => ['^<HOST> -.*"(GET|POST|PUT|DELETE|OPTIONS|HEAD).*HTTP.*" 404'],
|
|
'ignoreregex' => []
|
|
}
|
|
}
|
|
|
|
node.normal['fail2ban']['services'] = {
|
|
'nginx-ipfs' => {
|
|
'enabled' => 'true',
|
|
'filter' => 'nginx-ipfs-404',
|
|
'logpath' => "/var/log/nginx/#{domain}.access.log",
|
|
'maxretry' => '10',
|
|
'bantime' => '1440m',
|
|
'findtime' => '1440m'
|
|
}
|
|
}
|
|
|
|
include_recipe "fail2ban"
|