50 lines
1.4 KiB
Ruby
50 lines
1.4 KiB
Ruby
#
|
|
# Cookbook Name:: sockethub
|
|
# Recipe:: proxy
|
|
#
|
|
# Copyright 2015, Kosmos
|
|
#
|
|
# All rights reserved - Do Not Redistribute
|
|
#
|
|
|
|
include_recipe "kosmos-base::letsencrypt"
|
|
|
|
firewall_rule 'sockethub' do
|
|
port node['sockethub']['external_port'].to_i
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
|
|
include_recipe 'kosmos-nginx'
|
|
|
|
directory "/var/www/sockethub" do
|
|
owner node["nginx"]["user"]
|
|
group node["nginx"]["group"]
|
|
action :create
|
|
end
|
|
|
|
include_recipe 'kosmos-nginx'
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/sockethub" do
|
|
source 'nginx_conf_sockethub.erb'
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables sockethub_port: node['sockethub']['port'],
|
|
sockethub_external_port: node['sockethub']['external_port'],
|
|
server_name: 'sockethub.kosmos.org',
|
|
ssl_cert: "/etc/letsencrypt/live/sockethub.kosmos.org/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/sockethub.kosmos.org/privkey.pem"
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
execute "letsencrypt cert for sockethub.kosmos.org" do
|
|
command "./letsencrypt-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/sockethub -d sockethub.kosmos.org"
|
|
cwd "/usr/local/letsencrypt"
|
|
not_if { File.exist? "/etc/letsencrypt/live/sockethub.kosmos.org/fullchain.pem" }
|
|
notifies :reload, "service[nginx]", :delayed
|
|
end
|
|
|
|
nginx_site 'sockethub' do
|
|
enable true
|
|
end
|