removed chef vendor

ops/cookbooks/vendor/t42-common/metadata.json

@@ -19,7 +19,7 @@
   "recipes": {
 
   },
-  "version": "0.7.0",
+  "version": "0.7.1",
   "source_url": "",
   "issues_url": "",
   "privacy": false,

ops/cookbooks/vendor/t42-common/metadata.rb

@@ -4,7 +4,7 @@ maintainer_email 'you@example.com'
 license 'All Rights Reserved'
 description 'Installs/Configures t42-common'
 long_description 'Installs/Configures t42-common'
-version '0.7.0'
+version '0.7.1'
 chef_version '>= 13.0'
 
 depends 'nodejs'

ops/cookbooks/vendor/t42-common/recipes/nodejs.rb

@@ -13,6 +13,11 @@ version_map = {
 		'version' => '12.9.1',
 		'url' => 'https://nodejs.org/dist/v12.9.1/node-v12.9.1-linux-x64.tar.gz',
 		'checksum' => '5488e9d9e860eb344726aabdc8f90d09e36602da38da3d16a7ee852fd9fbd91f'
+	},
+	13 => {
+		'version' => '13.12.0',
+		'url' => 'https://nodejs.org/dist/v13.12.0/node-v13.12.0-linux-x64.tar.gz',
+		'checksum' => '3e66b14bbeb9ea1ba129fae7c65374844f4ddaf1e48e2bc19b3b2570e158e362'
 	}
 }
 

ops/cookbooks/vendor/t42-common/recipes/openresty.rb

@@ -36,6 +36,11 @@ if node['web']['do_ssl']
 		command "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl'   -keyout /etc/ssl/resty-auto-ssl-fallback.key   -out /etc/ssl/resty-auto-ssl-fallback.crt"
 	end
 
+# 	execute 'dhparam.pem 4096' do
+# 		command "openssl dhparam -out /etc/nginx/dhparam.pem 4096"
+# 	end
+	
+	
 	template '/etc/openresty/autossl.conf' do
 		source 'openresty/autossl.conf.erb'
 	end

ops/cookbooks/vendor/t42-common/templates/openresty/010-proxy.conf.erb

@@ -1,77 +1,93 @@
+map $http_upgrade $connection_upgrade {
+  default Upgrade;
+  '' close;
+}
+
 server {
   listen 80;
-  listen 443 ssl;
 
   include autossl.conf;
 
+  set_real_ip_from 192.168.1.0/24;
+  real_ip_header X-Real-IP;
+  real_ip_recursive on;
+
   location / {
 
-	set $target '';
-	set $target_scheme 'http';
-	set $target_port '';
-	access_by_lua '
-		local host = ngx.var.host
-		local uri = ngx.var.uri
-		local scheme = ngx.var.scheme
+        set $target '';
+        set $target_scheme 'http';
+        set $target_port '';
+        set $header_host $host;
 
-		if not host then
-			ngx.log(ngx.ERR, "no host header found")
-			return ngx.exit(499)
-		end
+        access_by_lua '
+                local host = ngx.var.host
+                local uri = ngx.var.uri
+                local scheme = ngx.var.scheme
 
-		local redis = require "resty.redis"
-		local red = redis:new()
+                if not host then
+                        ngx.log(ngx.ERR, "no host header found")
+                        return ngx.exit(499)
+                end
 
-		red:set_timeout(1000) -- 1 second
+                local redis = require "resty.redis"
+                local red = redis:new()
 
-		local ok, err = red:connect("127.0.0.1", 6379)
-		if not ok then
-			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
-			return ngx.exit(598)
-		end
+                red:set_timeout(1000) -- 1 second
 
-		local res, err = red:hgetall("proxy_host_"..host)
-		local res = red:array_to_hash(res)
+                local ok, err = red:connect("127.0.0.1", 6379)
+                if not ok then
+                        ngx.log(ngx.ERR, "failed to connect to redis: ", err)
+                        return ngx.exit(598)
+                end
 
-		if not res["ip"] then
-			ngx.log(ngx.ERR, "no host found for key ", host)
-			return ngx.exit(406)
-		end
+                local res, err = red:hgetall("proxy_host_"..host)
+                local res = red:array_to_hash(res)
 
-		if scheme == "http" then
-			if res["forcessl"] == "true" then
-				return ngx.redirect("https://"..host..uri, 301)
-			end
-		end
+                if not res["ip"] then
+                        ngx.log(ngx.ERR, "no host found for key ", host)
+                        return ngx.exit(406)
+                end
 
-		if res["targetssl"] == "true" then
-			ngx.var.target_scheme = "https"
-		end
-	  
-		ngx.var.target = res["ip"]
-		ngx.var.target_port = res["targetPort"]
-	';
+                if scheme == "http" then
+                        if res["forcessl"] == "true" then
+                                return ngx.redirect("https://"..host..uri, 301)
+                        end
+                end
+
+                if res["targetssl"] == "true" then
+                        ngx.var.target_scheme = "https"
+                end
+
+                if res["host-pass-though"] == "false" then
+                        ngx.var.header_host = res["ip"]
+                end
+          
+                ngx.var.target = res["ip"]
+                ngx.var.target_port = res["targetPort"]
+        ';
 
 
-	resolver 10.0.3.1;  #8.8.4.4;  # use Google's open DNS server
-	proxy_set_header Host $target;
-	proxy_set_header X-Forwarded-Proto $target_scheme;
-	proxy_set_header Upgrade-Insecure-Requests 0;
-	proxy_set_header User-Agent $http_user_agent;
-	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header Accept-Encoding "";
-	proxy_set_header Accept-Language $http_accept_language;
-	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection "upgrade";
-	proxy_set_header Referer $target_scheme://$target;
+        resolver 192.168.1.1 ipv6=off;  #8.8.4.4;  # use Google's open DNS server
 
-	proxy_pass $target_scheme://$target:$target_port;
-	proxy_ssl_session_reuse on;
-	proxy_pass_request_headers	on;
-    proxy_intercept_errors on;
+        proxy_http_version 1.1;
+        proxy_pass_request_headers on;
+        proxy_pass $target_scheme://$target:$target_port;
 
-    sub_filter $target $host;
-    sub_filter_once off;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_ssl_session_reuse on;
+        proxy_intercept_errors off;
+
+        proxy_set_header Host $header_host;
+        add_header X-Target-Host $target;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $target_scheme;
+        proxy_set_header Referer $target_scheme://$header_host;
+        proxy_set_header Accept-Language $http_accept_language;
+        proxy_set_header User-Agent $http_user_agent;
+
+        sub_filter $target $host;
+        sub_filter_once off;
   }
 }

ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb

@@ -1,17 +1,19 @@
-  ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
-  ssl_prefer_server_ciphers  on;
-  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+listen 443 ssl http2;
+listen 4443 ssl;
 
-  ssl_certificate_by_lua_block {
+ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+ssl_prefer_server_ciphers  on;
+ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+
+ssl_certificate_by_lua_block {
     auto_ssl:ssl_certificate()
-  }
+}
 
-  location /.well-known/acme-challenge/ {
+location /.well-known/acme-challenge/ {
     content_by_lua_block {
-      auto_ssl:challenge_server()
+        auto_ssl:challenge_server()
     }
-  }
+}
 
-  ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
-  ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
-  
+ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb

@@ -1,8 +1,5 @@
 server {
     listen   80;
-    <% if node['web']['do_ssl'] %>
-    listen  443 ssl;
-    <% end %>
     server_name <%= node['app']['domain'] %>;
 
     <% if node['web']['do_ssl'] %>