65d71d6a73
In addition to installing and configuring the new module, this also enables public access to the S3 API via `bucket-name.s3.kosmos.org` as well as Web access on `bucket-name.web.s3.kosmos.org` (when enabled). Also includes some drive-by improvements to Chef attribute naming and usage. Co-authored-by: Greg Karékinian <greg@karekinian.com>
56 lines
1.3 KiB
Ruby
56 lines
1.3 KiB
Ruby
#
|
|
# Cookbook Name:: kosmos_garage
|
|
# Recipe:: nginx_web
|
|
#
|
|
|
|
file "#{node['openresty']['dir']}/conf.d/garage.conf" do
|
|
content <<-EOF
|
|
upstream garage_web {
|
|
server localhost:3902;
|
|
}
|
|
|
|
proxy_cache_path #{node['openresty']['cache_dir']}/garage
|
|
levels=1:2 keys_zone=garage_cache:10m
|
|
max_size=1g inactive=60m use_temp_path=off;
|
|
EOF
|
|
end
|
|
|
|
#
|
|
# Root domain for public Web access via bucket-name.root-domain.tld
|
|
#
|
|
|
|
domain_name = node['garage']['s3_web_root_domain']
|
|
server_name = "*.#{domain_name}"
|
|
|
|
tls_cert_for server_name do
|
|
auth "gandi_dns"
|
|
action :create
|
|
end
|
|
|
|
openresty_site domain_name do
|
|
template "nginx_conf_web.erb"
|
|
variables server_name: server_name,
|
|
domain_name: domain_name,
|
|
ssl_cert: "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
|
|
end
|
|
|
|
#
|
|
# Custom domains for public Web access
|
|
#
|
|
|
|
node['garage']['s3_web_domains'].each do |domain_name|
|
|
tls_cert_for domain_name do
|
|
auth "gandi_dns"
|
|
action :create
|
|
end
|
|
|
|
openresty_site domain_name do
|
|
template "nginx_conf_web.erb"
|
|
variables server_name: domain_name,
|
|
domain_name: domain_name,
|
|
ssl_cert: "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
|
|
end
|
|
end
|