community: fix the acme redirect templating madness

[chef.git] / cookbooks / community / templates / default / web_only.yml.erb
diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb

index 2764f03b7d139aa77c1bc23ab1523b8781acc146..cdced0a8a349de8cf443dfadf2fa7711819c9191 100644 (file)
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -19,7 +19,8 @@ links:
  # any extra arguments for Docker?
  # docker_args:
  
  # any extra arguments for Docker?
  # docker_args:
  
-# Latest Version v3.2.2
+# Latest Version v3.4.0
+# Discourse only support tests-passed and stable branches
  params:
    version: stable
  
  params:
    version: stable
  
@@ -65,8 +66,8 @@ env:
    ## The maxmind geolocation IP address key for IP address lookup
    ## see https://meta.discourse.org/t/-/137387/23 for details
  <% if @license_keys -%>
    ## The maxmind geolocation IP address key for IP address lookup
    ## see https://meta.discourse.org/t/-/137387/23 for details
  <% if @license_keys -%>
-  DISCOURSE_MAXMIND_ACCOUNT_ID: '<%= node[:geoipupdate][:account] %>'
-  DISCOURSE_MAXMIND_LICENSE_KEY: '<%= @license_keys[node[:geoipupdate][:account]] %>'
+  # DISCOURSE_MAXMIND_ACCOUNT_ID: '<%= node[:geoipupdate][:account] %>'
+  # DISCOURSE_MAXMIND_LICENSE_KEY: '<%= @license_keys[node[:geoipupdate][:account]] %>'
  <% end -%>
  
    # Allow list for prometheus metric collection
  <% end -%>
  
    # Allow list for prometheus metric collection
@@ -115,20 +116,20 @@ hooks:
          cmd:
            - sudo -H -E -u discourse cp /shared/feeds/update-feeds.atom public/update-feeds.atom
    after_ssl:
          cmd:
            - sudo -H -E -u discourse cp /shared/feeds/update-feeds.atom public/update-feeds.atom
    after_ssl:
-    - replace:
-        filename: "/etc/nginx/conf.d/discourse.conf"
-        from: /listen 80;/
-        to: |
-          listen 80;
-          listen [::]:80;
-          rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
-
      - replace:
          filename: "/etc/nginx/conf.d/discourse.conf"
          from: /add_header.+/
          to: |
            add_header Strict-Transport-Security 'max-age=63072000' always;
            ssl_stapling on;
      - replace:
          filename: "/etc/nginx/conf.d/discourse.conf"
          from: /add_header.+/
          to: |
            add_header Strict-Transport-Security 'max-age=63072000' always;
            ssl_stapling on;
-          resolver <%= node[:networking][:nameservers].join(" ") %>;
+          resolver <%= @resolvers.join(" ") %>;
            resolver_timeout 5s;
            ssl_dhparam /shared/ssl/dhparam.pem;
            resolver_timeout 5s;
            ssl_dhparam /shared/ssl/dhparam.pem;
+
+run:
+  - replace:
+      filename: "/etc/nginx/conf.d/discourse.conf"
+      from: /return 301.+/
+      to: |
+        rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent;
+        return 301 https://$$ENV_DISCOURSE_HOSTNAME$request_uri;