vagrant and chef install everything

2019-09-02 16:48:23 -04:00
parent 4fb554add5
commit f1809bef83
268 changed files with 16021 additions and 7 deletions
--- a/ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb
+++ b/ops/cookbooks/vendor/t42-common/templates/apache/vhost.conf.erb
@ -0,0 +1,85 @@
+<VirtualHost *:80>
+  ServerName www.<%= node['app']['domain'] %>
+  Redirect permanent / http://<%= node['app']['domain'] %>/
+</VirtualHost>
+
+<% if node['web']['do_ssl'] %>
+  <VirtualHost *:443>
+    ServerName www.<%= node['app']['domain'] %>
+    Redirect permanent / https://<%= node['app']['domain'] %>/
+
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/privkey.pem
+  </VirtualHost>
+
+  <VirtualHost *:443>
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/<%= node['app']['domain'] %>/privkey.pem
+
+    <Location /server-status>
+      SetHandler server-status
+      Order Deny,Allow
+      Allow from all
+    </Location>
+
+    <Location /server-info>
+      SetHandler server-info
+      Order Deny,Allow
+      Allow from all
+    </Location>
+<% else %>
+  <VirtualHost *:80>
+<% end %>
+    ServerName <%= node['app']['domain'] %> 
+
+    <IfModule mod_expires.c>
+      <FilesMatch "\.(jpe?g|png|gif|js|css)$">
+        ExpiresActive On
+        ExpiresDefault "access plus 1 week"
+      </FilesMatch>
+    </IfModule>
+
+    <% if node['web']['root'] %>
+    DocumentRoot <%= node['web']['root'] %>
+    <Directory <%= node['web']['root'] %>/>
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+    </Directory>
+    <% end -%>
+
+    <% if node['web']['static'] %>
+    <% node['web']['static'].each do |static| -%>
+    Alias <%= static['uri'] %> <%= node['working-dir'] %>/<%= static['path'] %>
+
+    <% end -%>
+    <% end -%>
+
+    <% if node['web']['wsgi'] %>
+    
+    WSGIDaemonProcess <%= node['app']['name'] %> python-path=<%= node['python']['working-dir'] %> python-home=<%= node['python']['env_path'] %>
+    WSGIProcessGroup <%= node['app']['name'] %>
+    WSGIScriptAlias / <%= node['working-dir'] %>/<%= node['web']['wsgi']['wsgi_path'] %>
+
+    <Directory "<%= node['working-dir'] %>">
+        Require all granted
+    </Directory>
+
+    <% end %>
+
+    <% if node['web']['socket.io'] %>
+    
+    # socket.io conf
+    RewriteEngine On
+    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
+    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
+    RewriteRule .* ws://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>%{REQUEST_URI} [P]
+    RewriteCond %{REQUEST_URI}  ^/socket.io/$1/websocket  [NC]
+    RewriteRule socket.io/(.*)           ws://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io/$1 [P,L]
+    ProxyPass /socket.io http://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io
+    ProxyPassReverse /socket.io http://<%= node['web']['socket.io']['host']%>:<%= node['web']['socket.io']['port']%>/socket.io
+
+    <% end %>
+  </VirtualHost>
--- a/ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb
+++ b/ops/cookbooks/vendor/t42-common/templates/openresty/autossl.conf.erb
@ -0,0 +1,17 @@
+  ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers  on;
+  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+
+  ssl_certificate_by_lua_block {
+    auto_ssl:ssl_certificate()
+  }
+
+  location /.well-known/acme-challenge/ {
+    content_by_lua_block {
+      auto_ssl:challenge_server()
+    }
+  }
+
+  ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+  ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
+  
--- a/ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb
+++ b/ops/cookbooks/vendor/t42-common/templates/openresty/nginx.conf.erb
@ -0,0 +1,75 @@
+#user  nobody;
+worker_processes 4;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    client_max_body_size 4g;
+
+
+    lua_shared_dict auto_ssl 100m;
+    lua_shared_dict auto_ssl_settings 64k;
+
+    resolver 8.8.4.4 8.8.8.8;
+
+    init_by_lua_block {
+        auto_ssl = (require "resty.auto-ssl").new()
+	auto_ssl:set("storage_adapter", "resty.auto-ssl.storage_adapters.redis")
+        auto_ssl:set("allow_domain", function(domain)
+            return true
+        end)
+        auto_ssl:init()
+    }
+
+    init_worker_by_lua_block {
+      auto_ssl:init_worker()
+    }
+
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    server {
+      listen 127.0.0.1:8999;
+
+      # Increase the body buffer size, to ensure the internal POSTs can always
+      # parse the full POST contents into memory.
+      client_body_buffer_size 128k;
+      client_max_body_size 128k;
+
+      location / {
+        content_by_lua_block {
+          auto_ssl:hook_server()
+        }
+      }
+    }
+
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+    include sites-enabled/*;
+
+}
--- a/ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb
+++ b/ops/cookbooks/vendor/t42-common/templates/openresty/simple-proxy.conf.erb
@ -0,0 +1,28 @@
+server {
+    listen   80;
+    <% if node['web']['do_ssl'] %>
+    listen  443 ssl;
+    <% end %>
+    server_name <%= node['app']['domain'] %>;
+
+    <% if node['web']['do_ssl'] %>
+    include autossl.conf;
+    <% end %>
+
+    proxy_set_header X-Forwarded-For $remote_addr;
+
+    location / {
+         proxy_pass         http://localhost:3000;
+         proxy_set_header   Host $host;
+         proxy_set_header   X-Real-IP $remote_addr;
+         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header   X-Forwarded-Host $server_name;
+         proxy_read_timeout  1200s;
+
+         # used for view/edit office file via Office Online Server
+         client_max_body_size 0;
+    }
+
+     access_log      /var/log/nginx/<%= node['app']['name'] %>.access.log;
+     error_log       /var/log/nginx/<%= node['app']['name'] %>.error.log;
+}
--- a/ops/cookbooks/vendor/t42-common/templates/redis/local.conf
+++ b/ops/cookbooks/vendor/t42-common/templates/redis/local.conf
@ -0,0 +1,7 @@
+# Specify the path for the Unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+
+unixsocket <%= node['redis']['unix']['path'] %> 
+unixsocketperm <%= node['redis']['unix']['perm'] %>