vagrant up

2019-12-10 16:50:32 -05:00
parent 729b6ecaba
commit 42700d8d0a
9 changed files with 124 additions and 32 deletions
--- a/ops/cookbooks/vendor/t42-common/attributes/openresty.rb
+++ b/ops/cookbooks/vendor/t42-common/attributes/openresty.rb
@ -0,0 +1 @@
+node.default['web']['t42-proxy'] = false
--- a/ops/cookbooks/vendor/t42-common/metadata.json
+++ b/ops/cookbooks/vendor/t42-common/metadata.json
@ -19,7 +19,7 @@
  "recipes": {

  },
-  "version": "0.6.1",
+  "version": "0.7.0",
  "source_url": "",
  "issues_url": "",
  "privacy": false,
--- a/ops/cookbooks/vendor/t42-common/metadata.rb
+++ b/ops/cookbooks/vendor/t42-common/metadata.rb
@ -4,7 +4,7 @@ maintainer_email 'you@example.com'
 license 'All Rights Reserved'
 description 'Installs/Configures t42-common'
 long_description 'Installs/Configures t42-common'
-version '0.6.1'
+version '0.7.0'
 chef_version '>= 13.0'

 depends 'nodejs'
--- a/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
+++ b/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
@ -78,20 +78,19 @@ end
 if node['nodejs']['service']
 	systemd_unit "node-#{node['app']['name']}.service" do
 	  content <<~EOU
-	    [Unit]
-	    Description=NodeJS app for #{node['app']['name']}
-	    After=network.target
+		[Unit]
+		Description=NodeJS app for #{node['app']['name']}
+		After=redis-server.target

-	    [Service]
-	    Environment=NODE_PORT=#{node['nodejs']['port']}
-	    Environment=NODE_PATH=#{node['nodejs']['env_path']}/node_modules/
-	    Type=simple
-	    WorkingDirectory=#{node['nodejs']['working-dir']}
-	    ExecStart=/usr/bin/env node #{node['nodejs']['working-dir']}/#{node['nodejs']['exec_file']}
-	    Restart=on-failure
+		[Service]
+		Environment=NODE_PORT=#{node['nodejs']['port']}
+		Environment=NODE_PATH=#{node['nodejs']['env_path']}/node_modules/
+		Type=simple
+		WorkingDirectory=#{node['nodejs']['working-dir']}
+		ExecStart=/usr/bin/env node #{node['nodejs']['working-dir']}/#{node['nodejs']['exec_file']}
+		Restart=on-failure

-	    [Install]
-	    WantedBy=multi-user.target
+		[Install]
 	  EOU
 	  action [:create, :enable, :start]
 	end
--- a/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
+++ b/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
@ -55,8 +55,14 @@ directory '/var/log/nginx/' do
 	action :create
 end

-template '/etc/openresty/sites-enabled/host.conf' do
-	source 'openresty/simple-proxy.conf.erb'
+if node['web']['t42-proxy']
+	template '/etc/openresty/sites-enabled/proxy.conf' do
+		source 'openresty/010-proxy.conf.erb'
+	end
+else
+	template '/etc/openresty/sites-enabled/host.conf' do
+		source 'openresty/simple-proxy.conf.erb'
+	end
 end

 systemd_unit 'openresty' do
--- a/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb
+++ b/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb
@ -0,0 +1,77 @@
+server {
+  listen 80;
+  listen 443 ssl;
+
+  include autossl.conf;
+
+  location / {
+
+	set $target '';
+	set $target_scheme 'http';
+	set $target_port '';
+	access_by_lua '
+		local host = ngx.var.host
+		local uri = ngx.var.uri
+		local scheme = ngx.var.scheme
+
+		if not host then
+			ngx.log(ngx.ERR, "no host header found")
+			return ngx.exit(499)
+		end
+
+		local redis = require "resty.redis"
+		local red = redis:new()
+
+		red:set_timeout(1000) -- 1 second
+
+		local ok, err = red:connect("127.0.0.1", 6379)
+		if not ok then
+			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
+			return ngx.exit(598)
+		end
+
+		local res, err = red:hgetall("proxy_host_"..host)
+		local res = red:array_to_hash(res)
+
+		if not res["ip"] then
+			ngx.log(ngx.ERR, "no host found for key ", host)
+			return ngx.exit(406)
+		end
+
+		if scheme == "http" then
+			if res["forcessl"] == "true" then
+				return ngx.redirect("https://"..host..uri, 301)
+			end
+		end
+
+		if res["targetssl"] == "true" then
+			ngx.var.target_scheme = "https"
+		end
+	  
+		ngx.var.target = res["ip"]
+		ngx.var.target_port = res["targetPort"]
+	';
+
+
+	resolver 10.0.3.1;  #8.8.4.4;  # use Google's open DNS server
+	proxy_set_header Host $target;
+	proxy_set_header X-Forwarded-Proto $target_scheme;
+	proxy_set_header Upgrade-Insecure-Requests 0;
+	proxy_set_header User-Agent $http_user_agent;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header Accept-Encoding "";
+	proxy_set_header Accept-Language $http_accept_language;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header Referer $target_scheme://$target;
+
+	proxy_pass $target_scheme://$target:$target_port;
+	proxy_ssl_session_reuse on;
+	proxy_pass_request_headers	on;
+    proxy_intercept_errors on;
+
+    sub_filter $target $host;
+    sub_filter_once off;
+  }
+}