From 42700d8d0aef46c63e655bb1b3bdbbca46891ddf Mon Sep 17 00:00:00 2001
From: William Mantly <wmantly@gmail.com>
Date: Tue, 10 Dec 2019 16:50:32 -0500
Subject: [PATCH] vagrant up

---
 Vagrantfile                                   | 24 +++---
 nodejs/models/hosts.js                        |  7 +-
 nodejs/routes/routes.js                       | 10 ++-
 .../vendor/t42-common/attributes/openresty.rb |  1 +
 ops/cookbooks/vendor/t42-common/metadata.json |  2 +-
 ops/cookbooks/vendor/t42-common/metadata.rb   |  2 +-
 .../vendor/t42-common/recipes/nodejs.rb       | 23 +++---
 .../vendor/t42-common/recipes/openresty.rb    | 10 ++-
 .../templates/openresty/010-proxy.conf.erb    | 77 +++++++++++++++++++
 9 files changed, 124 insertions(+), 32 deletions(-)
 create mode 100644 ops/cookbooks/vendor/t42-common/attributes/openresty.rb
 create mode 100644 ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb

diff --git a/Vagrantfile b/Vagrantfile
index ec662bd..696bb71 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -42,6 +42,7 @@ Vagrant.configure("2") do |config|
   # accessing "localhost:8080" will access port 80 on the guest machine.
   # NOTE: This will enable public access to the opened port
   config.vm.network "forwarded_port", guest: 80, host: 8000
+  config.vm.network "forwarded_port", guest: 443, host: 8443
   config.vm.network "forwarded_port", guest: 3000, host: 8300
 
 
@@ -52,6 +53,7 @@ Vagrant.configure("2") do |config|
   config.vm.provider 'virtualbox' do |vb|
     # Customize the amount of memory on the VM:
     vb.memory = '1024'
+    vb.cpus = "2"
     # vb.default_nic_type = "virtio"
     vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
   end
@@ -70,22 +72,21 @@ Vagrant.configure("2") do |config|
     fi
 
     if ! which berks >/dev/null; then
-      gem install berkshelf --no-ri --no-rdoc
+      gem install ruby-shadow berkshelf --no-ri --no-rdoc
       # ln -s /opt/chef/embedded/bin/berks /usr/local/bin/berks
     fi
 
     cd /vagrant
-    # git submodule update --init --recursive
 
-    # cd /vagrant/ops/cookbooks
-    # rm -rf vendor
-    # rm -rf $HOME/.berksfile
-    # if [ -f ".Berksfile.lock" ]; then
-    #   berks update
-    # else 
-    #   berks install
-    # fi
-    # berks vendor vendor
+    cd /vagrant/ops/cookbooks
+    rm -rf vendor
+    rm -rf $HOME/.berksfile
+    if [ -f ".Berksfile.lock" ]; then
+      berks update
+    else 
+      berks install
+    fi
+    berks vendor vendor
   SHELL
 
   config.vm.provision 'chef_solo' do |chef|
@@ -122,6 +123,7 @@ Vagrant.configure("2") do |config|
       'web':{
         'admin_email': 'admin2342@example.com',
         'do_ssl': true,
+        't42-proxy': true
       },
     }.deep_merge(secrets);
   end
diff --git a/nodejs/models/hosts.js b/nodejs/models/hosts.js
index 9477d12..24575fc 100755
--- a/nodejs/models/hosts.js
+++ b/nodejs/models/hosts.js
@@ -21,13 +21,18 @@ async function listAll(){
 
 
 async function add(data){
+
 	try{
 		await client.SADD('hosts', data.host);
 		await client.HSET('host_' + data.host, 'ip', data.ip);
 		await client.HSET('host_' + data.host, 'updated', (new Date).getTime());
 		await client.HSET('host_' + data.host, 'username', data.username);
+		await client.HSET('host_' + data.host, 'targetPort', data.targetPort);
 		if(data.forceSSL !== undefined){
-			await client.HSET('host_' + data.host, 'force_ssl', !!data.forceSSL);
+			await client.HSET('host_' + data.host, 'forcessl', !!data.forceSSL);
+		}
+		if(data.targetSSL !== undefined){
+			await client.HSET('host_' + data.host, 'targetssl', !!data.targetSSL);
 		}
 	} catch (error){
 		
diff --git a/nodejs/routes/routes.js b/nodejs/routes/routes.js
index 2ee23a8..ffeffee 100755
--- a/nodejs/routes/routes.js
+++ b/nodejs/routes/routes.js
@@ -27,17 +27,19 @@ router.get('/', async function(req, res){
 router.post('/', async function(req, res){
 	let ip = req.body.ip;
 	let host = req.body.host;
+	let targetPort = req.body.targetPort;
 
-	if(!host || !ip){
+	if(!host || !ip || !targetPort ){
 		return res.status(400).json({
-			message: `Missing fields: ${!host ? 'host' : ''} ${!ip ? 'ip' : ''}` 
+			message: `Missing fields: ${!host ? 'host' : ''} ${!ip ? 'ip' : ''} ${!targetPort ? 'targetPort' : ''}` 
 		});
 	}
 
 	try{
-		await Host.add({host, ip,
+		await Host.add({host, ip, targetPort,
 			  username: req.user.username,
-			  forceSSL: req.body.forceSSL
+			  forceSSL: req.body.forceSSL,
+			  targetSSL: req.body.targetSSL,
 		});
 
 		return res.json({
diff --git a/ops/cookbooks/vendor/t42-common/attributes/openresty.rb b/ops/cookbooks/vendor/t42-common/attributes/openresty.rb
new file mode 100644
index 0000000..874104b
--- /dev/null
+++ b/ops/cookbooks/vendor/t42-common/attributes/openresty.rb
@@ -0,0 +1 @@
+node.default['web']['t42-proxy'] = false
diff --git a/ops/cookbooks/vendor/t42-common/metadata.json b/ops/cookbooks/vendor/t42-common/metadata.json
index 191614d..83f8064 100644
--- a/ops/cookbooks/vendor/t42-common/metadata.json
+++ b/ops/cookbooks/vendor/t42-common/metadata.json
@@ -19,7 +19,7 @@
   "recipes": {
 
   },
-  "version": "0.6.1",
+  "version": "0.7.0",
   "source_url": "",
   "issues_url": "",
   "privacy": false,
diff --git a/ops/cookbooks/vendor/t42-common/metadata.rb b/ops/cookbooks/vendor/t42-common/metadata.rb
index 29c59fb..274f04d 100644
--- a/ops/cookbooks/vendor/t42-common/metadata.rb
+++ b/ops/cookbooks/vendor/t42-common/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'you@example.com'
 license 'All Rights Reserved'
 description 'Installs/Configures t42-common'
 long_description 'Installs/Configures t42-common'
-version '0.6.1'
+version '0.7.0'
 chef_version '>= 13.0'
 
 depends 'nodejs'
diff --git a/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb b/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
index 401c792..dd7aa81 100644
--- a/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
+++ b/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
@@ -78,20 +78,19 @@ end
 if node['nodejs']['service']
 	systemd_unit "node-#{node['app']['name']}.service" do
 	  content <<~EOU
-	    [Unit]
-	    Description=NodeJS app for #{node['app']['name']}
-	    After=network.target
+		[Unit]
+		Description=NodeJS app for #{node['app']['name']}
+		After=redis-server.target
 
-	    [Service]
-	    Environment=NODE_PORT=#{node['nodejs']['port']}
-	    Environment=NODE_PATH=#{node['nodejs']['env_path']}/node_modules/
-	    Type=simple
-	    WorkingDirectory=#{node['nodejs']['working-dir']}
-	    ExecStart=/usr/bin/env node #{node['nodejs']['working-dir']}/#{node['nodejs']['exec_file']}
-	    Restart=on-failure
+		[Service]
+		Environment=NODE_PORT=#{node['nodejs']['port']}
+		Environment=NODE_PATH=#{node['nodejs']['env_path']}/node_modules/
+		Type=simple
+		WorkingDirectory=#{node['nodejs']['working-dir']}
+		ExecStart=/usr/bin/env node #{node['nodejs']['working-dir']}/#{node['nodejs']['exec_file']}
+		Restart=on-failure
 
-	    [Install]
-	    WantedBy=multi-user.target
+		[Install]
 	  EOU
 	  action [:create, :enable, :start]
 	end
diff --git a/ops/cookbooks/vendor/t42-common/recipes/openresty.rb b/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
index 50dd782..5b5bee0 100644
--- a/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
+++ b/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
@@ -55,8 +55,14 @@ directory '/var/log/nginx/' do
 	action :create
 end
 
-template '/etc/openresty/sites-enabled/host.conf' do
-	source 'openresty/simple-proxy.conf.erb'
+if node['web']['t42-proxy']
+	template '/etc/openresty/sites-enabled/proxy.conf' do
+		source 'openresty/010-proxy.conf.erb'
+	end
+else
+	template '/etc/openresty/sites-enabled/host.conf' do
+		source 'openresty/simple-proxy.conf.erb'
+	end
 end
 
 systemd_unit 'openresty' do
diff --git a/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb b/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb
new file mode 100644
index 0000000..5276f04
--- /dev/null
+++ b/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb
@@ -0,0 +1,77 @@
+server {
+  listen 80;
+  listen 443 ssl;
+
+  include autossl.conf;
+
+  location / {
+
+	set $target '';
+	set $target_scheme 'http';
+	set $target_port '';
+	access_by_lua '
+		local host = ngx.var.host
+		local uri = ngx.var.uri
+		local scheme = ngx.var.scheme
+
+		if not host then
+			ngx.log(ngx.ERR, "no host header found")
+			return ngx.exit(499)
+		end
+
+		local redis = require "resty.redis"
+		local red = redis:new()
+
+		red:set_timeout(1000) -- 1 second
+
+		local ok, err = red:connect("127.0.0.1", 6379)
+		if not ok then
+			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
+			return ngx.exit(598)
+		end
+
+		local res, err = red:hgetall("proxy_host_"..host)
+		local res = red:array_to_hash(res)
+
+		if not res["ip"] then
+			ngx.log(ngx.ERR, "no host found for key ", host)
+			return ngx.exit(406)
+		end
+
+		if scheme == "http" then
+			if res["forcessl"] == "true" then
+				return ngx.redirect("https://"..host..uri, 301)
+			end
+		end
+
+		if res["targetssl"] == "true" then
+			ngx.var.target_scheme = "https"
+		end
+	  
+		ngx.var.target = res["ip"]
+		ngx.var.target_port = res["targetPort"]
+	';
+
+
+	resolver 10.0.3.1;  #8.8.4.4;  # use Google's open DNS server
+	proxy_set_header Host $target;
+	proxy_set_header X-Forwarded-Proto $target_scheme;
+	proxy_set_header Upgrade-Insecure-Requests 0;
+	proxy_set_header User-Agent $http_user_agent;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header Accept-Encoding "";
+	proxy_set_header Accept-Language $http_accept_language;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header Referer $target_scheme://$target;
+
+	proxy_pass $target_scheme://$target:$target_port;
+	proxy_ssl_session_reuse on;
+	proxy_pass_request_headers	on;
+    proxy_intercept_errors on;
+
+    sub_filter $target $host;
+    sub_filter_once off;
+  }
+}