62 lines
1.6 KiB
Ruby
62 lines
1.6 KiB
Ruby
#
|
|
# Cookbook Name:: kosmos_garage
|
|
# Recipe:: nginx_web
|
|
#
|
|
|
|
gandi_api_credentials = data_bag_item('credentials', 'gandi_api')
|
|
|
|
file "#{node['openresty']['dir']}/conf.d/garage.conf" do
|
|
content <<-EOF
|
|
upstream garage_web {
|
|
server localhost:3902;
|
|
}
|
|
|
|
proxy_cache_path #{node['openresty']['cache_dir']}/garage
|
|
levels=1:2 keys_zone=garage_cache:10m
|
|
max_size=1g inactive=60m use_temp_path=off;
|
|
EOF
|
|
end
|
|
|
|
#
|
|
# Root domain for public Web access via bucket-name.root-domain.tld
|
|
#
|
|
|
|
domain_name = node['garage']['s3_web_root_domain']
|
|
server_name = "*.#{domain_name}"
|
|
|
|
tls_cert_for server_name do
|
|
auth "gandi_dns"
|
|
action :create
|
|
end
|
|
|
|
openresty_site domain_name do
|
|
template "nginx_conf_web.erb"
|
|
variables server_name: server_name,
|
|
domain_name: domain_name,
|
|
ssl_cert: "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
|
|
end
|
|
|
|
#
|
|
# Custom domains for public Web access
|
|
#
|
|
|
|
node['garage']['s3_web_domains'].each do |domain_name|
|
|
second_level_domain = domain_name.match(/(?:.*\.)?([^.]+\.[^.]+)$/) { $1 }
|
|
proxy_validation = !gandi_api_credentials["domains"].include?(second_level_domain)
|
|
|
|
tls_cert_for domain_name do
|
|
auth "gandi_dns"
|
|
acme_domain "letsencrypt.kosmos.org" if proxy_validation
|
|
action :create
|
|
end
|
|
|
|
openresty_site domain_name do
|
|
template "nginx_conf_web.erb"
|
|
variables server_name: domain_name,
|
|
domain_name: domain_name,
|
|
ssl_cert: "/etc/letsencrypt/live/#{domain_name}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{domain_name}/privkey.pem"
|
|
end
|
|
end
|