From: Grant Slater Date: Fri, 27 Jan 2023 15:57:25 +0000 (+0000) Subject: Add docker based welcome.openstreetmap.org X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/91328d0cfafb16b6a070be1303492b04e428fe7c Add docker based welcome.openstreetmap.org --- diff --git a/.kitchen.yml b/.kitchen.yml index 7213207ed..2e7ae9638 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -139,6 +139,9 @@ suites: - name: foundation-owg run_list: - recipe[foundation::owg] + - name: foundation-welcome + run_list: + - recipe[foundation::welcome] - name: foundation-wiki run_list: - recipe[foundation::wiki] diff --git a/cookbooks/foundation/metadata.rb b/cookbooks/foundation/metadata.rb index 426a683c7..8839ce22d 100644 --- a/cookbooks/foundation/metadata.rb +++ b/cookbooks/foundation/metadata.rb @@ -9,4 +9,5 @@ supports "ubuntu" depends "apache" depends "git" depends "mediawiki" +depends "podman" depends "ruby" diff --git a/cookbooks/foundation/recipes/welcome.rb b/cookbooks/foundation/recipes/welcome.rb new file mode 100644 index 000000000..fd8416bf4 --- /dev/null +++ b/cookbooks/foundation/recipes/welcome.rb @@ -0,0 +1,41 @@ +# +# Cookbook:: foundation +# Recipe:: welcome +# +# Copyright:: 2023, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache" +include_recipe "podman" + +docker_external_port = 8090 + +podman_service "welcome-mat" do + description "Container service for welcome.openstreetmap.org" + image "ghcr.io/osmfoundation/welcome-mat:latest" + ports docker_external_port => "8080" +end + +ssl_certificate "welcome.openstreetmap.org" do + domains ["welcome.openstreetmap.org", "welcome.osm.org"] + notifies :reload, "service[apache2]" +end + +apache_module "proxy_http" + +apache_site "welcome.openstreetmap.org" do + template "apache.welcome.erb" + variables :docker_external_port => docker_external_port, :aliases => ["welcome.osm.org"] +end diff --git a/cookbooks/foundation/templates/default/apache.welcome.erb b/cookbooks/foundation/templates/default/apache.welcome.erb new file mode 100644 index 000000000..581fb4eab --- /dev/null +++ b/cookbooks/foundation/templates/default/apache.welcome.erb @@ -0,0 +1,38 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + # Let the backend know we are using HTTPS + RequestHeader set X-Forwarded-Proto “https” + RequestHeader set X-Forwarded-Port “443” + + ProxyPass / http://localhost:<%= @docker_external_port %>/ + ProxyPreserveHost on + + + + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + diff --git a/test/integration/foundation-welcome/serverspec/apache_spec.rb b/test/integration/foundation-welcome/serverspec/apache_spec.rb new file mode 100644 index 000000000..446d3b915 --- /dev/null +++ b/test/integration/foundation-welcome/serverspec/apache_spec.rb @@ -0,0 +1,21 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe package("apache2") do + it { should be_installed } +end + +describe service("apache2") do + it { should be_enabled } + it { should be_running } +end + +describe port(80) do + it { should be_listening.with("tcp") } +end + +describe port(443) do + it { should be_listening.with("tcp") } +end