# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-docker_external_port = 8091
-
-podman_service "operations.osmfoundation.org" do
- description "Container service for operations.osmfoundation.org"
+podman_site "operations.osmfoundation.org" do
image "ghcr.io/openstreetmap/owg-website:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "operations.osmfoundation.org" do
- domains ["operations.osmfoundation.org", "operations.openstreetmap.org", "operations.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_module "proxy_http"
-
-apache_site "operations.osmfoundation.org" do
- template "apache.owg.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["operations.openstreetmap.org", "operations.osm.org"]
+ aliases ["operations.openstreetmap.org", "operations.osm.org"]
end
# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-docker_external_port = 8090
-
-podman_service "welcome-mat" do
- description "Container service for welcome.openstreetmap.org"
+podman_site "welcome.openstreetmap.org" do
image "ghcr.io/osmfoundation/welcome-mat:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "welcome.openstreetmap.org" do
- domains ["welcome.openstreetmap.org", "welcome.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_module "proxy_http"
-
-apache_site "welcome.openstreetmap.org" do
- template "apache.welcome.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["welcome.osm.org"]
+ aliases ["welcome.osm.org"]
end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
- ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ProxyPass / http://localhost:<%= @docker_external_port %>/
- ProxyPreserveHost on
-</VirtualHost>
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
- ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ProxyPass / http://localhost:<%= @docker_external_port %>/
- ProxyPreserveHost on
-</VirtualHost>
version "1.0.0"
supports "ubuntu"
-depends "apache"
depends "podman"
# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-docker_external_port = 8092
-
-podman_service "irc.openstreetmap.org" do
- description "Container service for irc.openstreetmap.org"
+podman_site "irc.openstreetmap.org" do
image "ghcr.io/openstreetmap/irc:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "irc.openstreetmap.org" do
- domains ["irc.openstreetmap.org", "irc.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_module "proxy_http"
-
-apache_site "irc.openstreetmap.org" do
- template "apache.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["irc.osm.org"]
+ aliases ["irc.osm.org"]
end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
- ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ProxyPass / http://localhost:<%= @docker_external_port %>/
- ProxyPreserveHost on
-</VirtualHost>
--- /dev/null
+default[:podman][:ports] = {}
version "1.0.0"
supports "ubuntu"
+depends "apache"
depends "systemd"
--- /dev/null
+#
+# Cookbook:: podman
+# Recipe:: apache
+#
+# Copyright:: 2023, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "podman"
+include_recipe "apache"
+
+apache_module "proxy_http"
--- /dev/null
+#
+# Cookbook:: podman
+# Resource:: podman_site
+#
+# Copyright:: 2023, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "yaml"
+
+unified_mode true
+
+default_action :create
+
+property :site, String, :name_property => true
+property :image, String, :required => true
+property :port, Integer, :default => 8080
+property :aliases, :kind_of => Array, :default => []
+
+action :create do
+ podman_service new_resource.site do
+ description "Container service for #{new_resource.site}"
+ image new_resource.image
+ ports external_port => new_resource.port
+ end
+
+ ssl_certificate new_resource.site do
+ domains Array(new_resource.site) + new_resource.aliases
+ end
+
+ apache_site new_resource.site do
+ cookbook "podman"
+ template "apache.erb"
+ variables :port => external_port, :aliases => new_resource.aliases
+ end
+end
+
+action :delete do
+ apache_site new_resource.site do
+ action [:disable, :delete]
+ end
+
+ podman_service new_resource.site do
+ action :delete
+ end
+
+ node.rm_normal(:podman, :ports, new_resource.site)
+end
+
+action_class do
+ def ports_file
+ "#{Chef::Config[:file_cache_path]}/podman-ports.yml"
+ end
+
+ def ports
+ @ports ||= if ::File.exist?(ports_file)
+ YAML.safe_load(::File.read(ports_file))
+ else
+ {}
+ end
+ end
+
+ def external_port
+ unless ports.include?(new_resource.site)
+ port = 40000
+
+ port += 1 while ports.values.include?(port)
+
+ ports[new_resource.site] = port
+
+ ::File.write(ports_file, YAML.dump(ports))
+ end
+
+ ports[new_resource.site]
+ end
+end
+
+def after_created
+ notifies :reload, "service[apache2]"
+end
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
- ProxyPass / http://localhost:<%= @docker_external_port %>/
+ ProxyPass / http://localhost:<%= @port %>/
ProxyPreserveHost on
</VirtualHost>
# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-apache_module "proxy_http"
-
-docker_external_port = 8096
-
-podman_service "www.stateofthemap.org" do
- description "Container service for www.stateofthemap.org"
+podman_site "www.stateofthemap.org" do
image "ghcr.io/openstreetmap/stateofthemap-website:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "stateofthemap.org" do
- domains ["stateofthemap.org", "www.stateofthemap.org",
- "stateofthemap.com", "www.stateofthemap.com",
- "sotm.org", "www.sotm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_site "stateofthemap.org" do
- template "apache.container.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["www.stateofthemap.org", "stateofthemap.com", "www.stateofthemap.com", "sotm.org", "www.sotm.org"]
+ aliases ["www.stateofthemap.org", "stateofthemap.com", "www.stateofthemap.com", "sotm.org", "www.sotm.org"]
end
%w[2013 2016 2017 2018 2019 2020 2021 2022].each do |year|
- docker_external_port = 6180 + year.to_i # 8193+
-
- podman_service "#{year}.stateofthemap.org" do
- description "Container service for #{year}.stateofthemap.org"
+ podman_site "#{year}.stateofthemap.org" do
image "ghcr.io/openstreetmap/stateofthemap-#{year}:latest"
- ports docker_external_port => "8080"
- end
-
- ssl_certificate "#{year}.stateofthemap.org" do
- domains ["#{year}.stateofthemap.org", "#{year}.stateofthemap.com", "#{year}.sotm.org"]
- notifies :reload, "service[apache2]"
- end
-
- apache_site "#{year}.stateofthemap.org" do
- template "apache.container.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["#{year}.stateofthemap.com", "#{year}.sotm.org"]
+ aliases ["#{year}.stateofthemap.com", "#{year}.sotm.org"]
end
end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
- ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ProxyPass / http://localhost:<%= @docker_external_port %>/
- ProxyPreserveHost on
-</VirtualHost>
version "1.0.0"
supports "ubuntu"
-depends "apache"
depends "podman"
# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-docker_external_port = 8095
-
-podman_service "svn.openstreetmap.org" do
- description "Container service for svn.openstreetmap.org"
+podman_site "svn.openstreetmap.org" do
image "ghcr.io/openstreetmap/svn-website:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "svn.openstreetmap.org" do
- domains ["svn.openstreetmap.org", "svn.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_module "proxy_http"
-
-apache_site "svn.openstreetmap.org" do
- template "apache.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["svn.osm.org"]
+ aliases ["svn.osm.org"]
end
version "1.0.0"
supports "ubuntu"
-depends "apache"
depends "podman"
# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-docker_external_port = 8093
-
-podman_service "switch2osm.org" do
- description "Container service for switch2osm.org"
+podman_site "switch2osm.org" do
image "ghcr.io/switch2osm/switch2osm:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "switch2osm.org" do
- domains ["switch2osm.org",
- "www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
- notifies :reload, "service[apache2]"
-end
-
-apache_module "proxy_http"
-
-apache_site "switch2osm.org" do
- template "apache.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
+ aliases ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
- ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ProxyPass / http://localhost:<%= @docker_external_port %>/
- ProxyPreserveHost on
-</VirtualHost>
version "1.0.0"
supports "ubuntu"
-depends "apache"
depends "podman"
# limitations under the License.
#
-include_recipe "apache"
-include_recipe "podman"
+include_recipe "podman::apache"
-docker_external_port = 8094
-
-podman_service "trac.openstreetmap.org" do
- description "Container service for trac.openstreetmap.org"
+podman_site "trac.openstreetmap.org" do
image "ghcr.io/openstreetmap/trac-website:latest"
- ports docker_external_port => "8080"
-end
-
-ssl_certificate "trac.openstreetmap.org" do
- domains ["trac.openstreetmap.org", "trac.osm.org"]
- notifies :reload, "service[apache2]"
-end
-
-apache_module "proxy_http"
-
-apache_site "trac.openstreetmap.org" do
- template "apache.erb"
- variables :docker_external_port => docker_external_port, :aliases => ["trac.osm.org"]
+ aliases ["trac.osm.org"]
end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:80>
- ServerName <%= @name %>
-<% @aliases.each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% unless @aliases.empty? -%>
-
-<VirtualHost *:443>
- ServerName <%= @aliases.first %>
-<% @aliases.drop(1).each do |alias_name| -%>
- ServerAlias <%= alias_name %>
-<% end -%>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
-<% end -%>
-
-<VirtualHost *:443>
- ServerName <%= @name %>
- ServerAdmin webmaster@openstreetmap.org
-
- CustomLog /var/log/apache2/<%= @name %>-access.log combined
- ErrorLog /var/log/apache2/<%= @name %>-error.log
-
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
-
- RequestHeader set X-Forwarded-Proto "https"
- RequestHeader set X-Forwarded-Port "443"
-
- ProxyPass / http://localhost:<%= @docker_external_port %>/
- ProxyPreserveHost on
-</VirtualHost>
projects / chef.git / commitdiff