vagrant up

2019-12-10 16:50:32 -05:00 · 2019-12-10 16:50:32 -05:00 · 42700d8d0a
commit 42700d8d0a
parent 729b6ecaba
9 changed files with 124 additions and 32 deletions
--- a/24
+++ b/24
@ -42,6 +42,7 @@ Vagrant.configure("2") do |config|
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  config.vm.network "forwarded_port", guest: 80, host: 8000
+  config.vm.network "forwarded_port", guest: 443, host: 8443
  config.vm.network "forwarded_port", guest: 3000, host: 8300


@ -52,6 +53,7 @@ Vagrant.configure("2") do |config|
  config.vm.provider 'virtualbox' do |vb|
    # Customize the amount of memory on the VM:
    vb.memory = '1024'
+    vb.cpus = "2"
    # vb.default_nic_type = "virtio"
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
  end
@ -70,22 +72,21 @@ Vagrant.configure("2") do |config|
    fi

    if ! which berks >/dev/null; then
-      gem install berkshelf --no-ri --no-rdoc
+      gem install ruby-shadow berkshelf --no-ri --no-rdoc
      # ln -s /opt/chef/embedded/bin/berks /usr/local/bin/berks
    fi

    cd /vagrant
-    # git submodule update --init --recursive

-    # cd /vagrant/ops/cookbooks
-    # rm -rf vendor
-    # rm -rf $HOME/.berksfile
-    # if [ -f ".Berksfile.lock" ]; then
-    #   berks update
-    # else 
-    #   berks install
-    # fi
-    # berks vendor vendor
+    cd /vagrant/ops/cookbooks
+    rm -rf vendor
+    rm -rf $HOME/.berksfile
+    if [ -f ".Berksfile.lock" ]; then
+      berks update
+    else 
+      berks install
+    fi
+    berks vendor vendor
  SHELL

  config.vm.provision 'chef_solo' do |chef|
@ -122,6 +123,7 @@ Vagrant.configure("2") do |config|
      'web':{
        'admin_email': 'admin2342@example.com',
        'do_ssl': true,
+        't42-proxy': true
      },
    }.deep_merge(secrets);
  end
--- a/nodejs/models/hosts.js
+++ b/nodejs/models/hosts.js
@ -21,13 +21,18 @@ async function listAll(){


 async function add(data){
+
 	try{
 		await client.SADD('hosts', data.host);
 		await client.HSET('host_' + data.host, 'ip', data.ip);
 		await client.HSET('host_' + data.host, 'updated', (new Date).getTime());
 		await client.HSET('host_' + data.host, 'username', data.username);
+		await client.HSET('host_' + data.host, 'targetPort', data.targetPort);
 		if(data.forceSSL !== undefined){
-			await client.HSET('host_' + data.host, 'force_ssl', !!data.forceSSL);
+			await client.HSET('host_' + data.host, 'forcessl', !!data.forceSSL);
+		}
+		if(data.targetSSL !== undefined){
+			await client.HSET('host_' + data.host, 'targetssl', !!data.targetSSL);
 		}
 	} catch (error){
 		
--- a/nodejs/routes/routes.js
+++ b/nodejs/routes/routes.js
@ -27,17 +27,19 @@ router.get('/', async function(req, res){
 router.post('/', async function(req, res){
 	let ip = req.body.ip;
 	let host = req.body.host;
+	let targetPort = req.body.targetPort;

-	if(!host || !ip){
+	if(!host || !ip || !targetPort ){
 		return res.status(400).json({
-			message: `Missing fields: ${!host ? 'host' : ''} ${!ip ? 'ip' : ''}` 
+			message: `Missing fields: ${!host ? 'host' : ''} ${!ip ? 'ip' : ''} ${!targetPort ? 'targetPort' : ''}` 
 		});
 	}

 	try{
-		await Host.add({host, ip,
+		await Host.add({host, ip, targetPort,
 			  username: req.user.username,
-			  forceSSL: req.body.forceSSL
+			  forceSSL: req.body.forceSSL,
+			  targetSSL: req.body.targetSSL,
 		});

 		return res.json({
--- a/ops/cookbooks/vendor/t42-common/attributes/openresty.rb
+++ b/ops/cookbooks/vendor/t42-common/attributes/openresty.rb
@ -0,0 +1 @@
+node.default['web']['t42-proxy'] = false
--- a/ops/cookbooks/vendor/t42-common/metadata.json
+++ b/ops/cookbooks/vendor/t42-common/metadata.json
@ -19,7 +19,7 @@
  "recipes": {

  },
-  "version": "0.6.1",
+  "version": "0.7.0",
  "source_url": "",
  "issues_url": "",
  "privacy": false,
--- a/ops/cookbooks/vendor/t42-common/metadata.rb
+++ b/ops/cookbooks/vendor/t42-common/metadata.rb
@ -4,7 +4,7 @@ maintainer_email 'you@example.com'
 license 'All Rights Reserved'
 description 'Installs/Configures t42-common'
 long_description 'Installs/Configures t42-common'
-version '0.6.1'
+version '0.7.0'
 chef_version '>= 13.0'

 depends 'nodejs'
--- a/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
+++ b/ops/cookbooks/vendor/t42-common/recipes/nodejs.rb
@ -80,7 +80,7 @@ if node['nodejs']['service']
 	  content <<~EOU
 		[Unit]
 		Description=NodeJS app for #{node['app']['name']}
-	    After=network.target
+		After=redis-server.target

 		[Service]
 		Environment=NODE_PORT=#{node['nodejs']['port']}
@ -91,7 +91,6 @@ if node['nodejs']['service']
 		Restart=on-failure

 		[Install]
-	    WantedBy=multi-user.target
 	  EOU
 	  action [:create, :enable, :start]
 	end
--- a/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
+++ b/ops/cookbooks/vendor/t42-common/recipes/openresty.rb
@ -55,9 +55,15 @@ directory '/var/log/nginx/' do
 	action :create
 end

+if node['web']['t42-proxy']
+	template '/etc/openresty/sites-enabled/proxy.conf' do
+		source 'openresty/010-proxy.conf.erb'
+	end
+else
 	template '/etc/openresty/sites-enabled/host.conf' do
 		source 'openresty/simple-proxy.conf.erb'
 	end
+end

 systemd_unit 'openresty' do
 	action :reload
--- a/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb
+++ b/ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb
@ -0,0 +1,77 @@
+server {
+  listen 80;
+  listen 443 ssl;
+
+  include autossl.conf;
+
+  location / {
+
+	set $target '';
+	set $target_scheme 'http';
+	set $target_port '';
+	access_by_lua '
+		local host = ngx.var.host
+		local uri = ngx.var.uri
+		local scheme = ngx.var.scheme
+
+		if not host then
+			ngx.log(ngx.ERR, "no host header found")
+			return ngx.exit(499)
+		end
+
+		local redis = require "resty.redis"
+		local red = redis:new()
+
+		red:set_timeout(1000) -- 1 second
+
+		local ok, err = red:connect("127.0.0.1", 6379)
+		if not ok then
+			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
+			return ngx.exit(598)
+		end
+
+		local res, err = red:hgetall("proxy_host_"..host)
+		local res = red:array_to_hash(res)
+
+		if not res["ip"] then
+			ngx.log(ngx.ERR, "no host found for key ", host)
+			return ngx.exit(406)
+		end
+
+		if scheme == "http" then
+			if res["forcessl"] == "true" then
+				return ngx.redirect("https://"..host..uri, 301)
+			end
+		end
+
+		if res["targetssl"] == "true" then
+			ngx.var.target_scheme = "https"
+		end
+	  
+		ngx.var.target = res["ip"]
+		ngx.var.target_port = res["targetPort"]
+	';
+
+
+	resolver 10.0.3.1;  #8.8.4.4;  # use Google's open DNS server
+	proxy_set_header Host $target;
+	proxy_set_header X-Forwarded-Proto $target_scheme;
+	proxy_set_header Upgrade-Insecure-Requests 0;
+	proxy_set_header User-Agent $http_user_agent;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header Accept-Encoding "";
+	proxy_set_header Accept-Language $http_accept_language;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	proxy_set_header Upgrade $http_upgrade;
+	proxy_set_header Connection "upgrade";
+	proxy_set_header Referer $target_scheme://$target;
+
+	proxy_pass $target_scheme://$target:$target_port;
+	proxy_ssl_session_reuse on;
+	proxy_pass_request_headers	on;
+    proxy_intercept_errors on;
+
+    sub_filter $target $host;
+    sub_filter_once off;
+  }
+}