# limitations under the License.
#
-include_recipe "stateofthemap"
-include_recipe "ruby"
+include_recipe "apache"
+include_recipe "podman"
-package %w[
- gcc
- g++
- make
- libssl-dev
- zlib1g-dev
- pkg-config
-]
-
-apache_module "expires"
-apache_module "rewrite"
+apache_module "proxy_http"
%w[2016 2017 2018 2019 2020 2021 2022].each do |year|
- git "/srv/#{year}.stateofthemap.org" do
- action :sync
- repository "https://github.com/openstreetmap/stateofthemap-#{year}.git"
- depth 1
- user "root"
- group "root"
- notifies :run, "bundle_install[/srv/#{year}.stateofthemap.org]"
- end
-
- directory "/srv/#{year}.stateofthemap.org/_site" do
- mode "755"
- owner "nobody"
- group "nogroup"
- end
-
- directory "/srv/#{year}.stateofthemap.org/vendor" do
- mode "755"
- owner "nobody"
- group "nogroup"
- end
-
- bundle_install "/srv/#{year}.stateofthemap.org" do
- action :nothing
- user "nobody"
- group "nogroup"
- environment "BUNDLE_FROZEN" => "true",
- "BUNDLE_WITHOUT" => "development:test",
- "BUNDLE_PATH" => "vendor/bundle",
- "BUNDLE_DEPLOYMENT" => "1",
- "BUNDLE_JOBS" => node.cpu_cores.to_s
- notifies :run, "bundle_exec[/srv/#{year}.stateofthemap.org]"
- only_if { ::File.exist?("/srv/#{year}.stateofthemap.org/Gemfile") }
- end
+ docker_external_port = 6080 + year.to_i # 8096+
- bundle_exec "/srv/#{year}.stateofthemap.org" do
- action :nothing
- command "jekyll build --trace --disable-disk-cache --baseurl=https://#{year}.stateofthemap.org"
- user "nobody"
- group "nogroup"
- environment "LANG" => "C.UTF-8",
- "BUNDLE_PATH" => "vendor/bundle",
- "BUNDLE_DEPLOYMENT" => "1"
+ podman_service "#{year}.stateofthemap.org" do
+ description "Container service for #{year}.stateofthemap.org"
+ image "ghcr.io/openstreetmap/stateofthemap-#{year}:latest"
+ ports docker_external_port => "8080"
end
ssl_certificate "#{year}.stateofthemap.org" do
apache_site "#{year}.stateofthemap.org" do
template "apache.jekyll.erb"
- directory "/srv/#{year}.stateofthemap.org/_site"
- variables :year => year
+ variables :docker_external_port => docker_external_port, :aliases => ["#{year}.stateofthemap.com", "#{year}.sotm.org"]
end
end
# DO NOT EDIT - This file is being maintained by Chef
<VirtualHost *:80>
- ServerName <%= @year %>.stateofthemap.org
- ServerAlias <%= @year %>.stateofthemap.com <%= @year %>.sotm.org
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @year %>.stateofthemap.org-access.log combined
- ErrorLog /var/log/apache2/<%= @year %>.stateofthemap.org-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
- RedirectPermanent / https://<%= @year %>.stateofthemap.org/
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
</VirtualHost>
+<% unless @aliases.empty? -%>
<VirtualHost *:443>
- ServerName <%= @year %>.stateofthemap.com
- ServerAlias <%= @year %>.sotm.org
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @year %>.stateofthemap.org-access.log combined
- ErrorLog /var/log/apache2/<%= @year %>.stateofthemap.org-error.log
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @year %>.stateofthemap.org.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @year %>.stateofthemap.org.key
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- RedirectPermanent / https://<%= @year %>.stateofthemap.org/
+ RedirectPermanent / https://<%= @name %>/
</VirtualHost>
+<% end -%>
<VirtualHost *:443>
- ServerName <%= @year %>.stateofthemap.org
- ServerAdmin webmaster@openstreetmap.org
+ ServerName <%= @name %>
+ ServerAdmin webmaster@openstreetmap.org
- CustomLog /var/log/apache2/<%= @year %>.stateofthemap.org-access.log combined
- ErrorLog /var/log/apache2/<%= @year %>.stateofthemap.org-error.log
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/<%= @year %>.stateofthemap.org.pem
- SSLCertificateKeyFile /etc/ssl/private/<%= @year %>.stateofthemap.org.key
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
- DocumentRoot /srv/<%= @year %>.stateofthemap.org/_site
+ # Let the backend know we are using HTTPS
+ RequestHeader set X-Forwarded-Proto "https"
+ RequestHeader set X-Forwarded-Port "443"
- ErrorDocument 404 /404.html
-
- ExpiresActive On
- ExpiresDefault "access plus 10 minutes"
+ ProxyPass / http://localhost:<%= @docker_external_port %>/
+ ProxyPreserveHost on
</VirtualHost>
-
-<Directory /srv/<%= @year %>.stateofthemap.org/_site>
- Require all granted
-</Directory>
projects / chef.git / commitdiff