From: Tom Hughes Date: Sun, 12 Feb 2023 19:01:02 +0000 (+0000) Subject: Merge remote-tracking branch 'github/pull/573' X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/a92d5e4c564dbef801efbe791c2e6200f8c5967e?hp=2f3e72b70cb401b318aafce1d1f7f22cc503eccc Merge remote-tracking branch 'github/pull/573' --- diff --git a/cookbooks/foundation/metadata.rb b/cookbooks/foundation/metadata.rb index 8839ce22d..8c581fe93 100644 --- a/cookbooks/foundation/metadata.rb +++ b/cookbooks/foundation/metadata.rb @@ -7,7 +7,5 @@ description "Installs and configures foundation services" version "1.0.0" supports "ubuntu" depends "apache" -depends "git" depends "mediawiki" depends "podman" -depends "ruby" diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb index 6c637c62a..60878e22c 100644 --- a/cookbooks/foundation/recipes/owg.rb +++ b/cookbooks/foundation/recipes/owg.rb @@ -18,62 +18,24 @@ # include_recipe "apache" -include_recipe "git" -include_recipe "ruby" +include_recipe "podman" -package %W[ - gcc - g++ - make - libssl-dev - zlib1g-dev - pkg-config -] +docker_external_port = 8091 -git "/srv/operations.osmfoundation.org" do - action :sync - repository "https://github.com/openstreetmap/owg-website.git" - depth 1 - user "root" - group "root" - notifies :run, "bundle_install[/srv/operations.osmfoundation.org]" -end - -directory "/srv/operations.osmfoundation.org/_site" do - mode "755" - owner "nobody" - group "nogroup" -end - -# Workaround https://github.com/jekyll/jekyll/issues/7804 -# by creating a .jekyll-cache folder -directory "/srv/operations.osmfoundation.org/.jekyll-cache" do - mode "755" - owner "nobody" - group "nogroup" -end - -bundle_install "/srv/operations.osmfoundation.org" do - action :nothing - options "--deployment" - user "root" - group "root" - notifies :run, "bundle_exec[/srv/operations.osmfoundation.org]" -end - -bundle_exec "/srv/operations.osmfoundation.org" do - action :nothing - command "jekyll build --trace" - user "nobody" - group "nogroup" +podman_service "operations.osmfoundation.org" do + description "Container service for operations.osmfoundation.org" + image "ghcr.io/openstreetmap/owg-website:latest" + ports docker_external_port => "8080" end ssl_certificate "operations.osmfoundation.org" do - domains "operations.osmfoundation.org" + domains ["operations.osmfoundation.org", "operations.openstreetmap.org", "operations.osm.org"] notifies :reload, "service[apache2]" end +apache_module "proxy_http" + apache_site "operations.osmfoundation.org" do template "apache.owg.erb" - directory "/srv/operations.osmfoundation.org/_site" + variables :docker_external_port => docker_external_port, :aliases => ["operations.openstreetmap.org", "operations.osm.org"] end diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb index 1e40674c6..55dc39c18 100644 --- a/cookbooks/foundation/templates/default/apache.owg.erb +++ b/cookbooks/foundation/templates/default/apache.owg.erb @@ -1,30 +1,52 @@ # DO NOT EDIT - This file is being maintained by Chef + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + +<% unless @aliases.empty? -%> + - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - DocumentRoot <%= @directory %> + RedirectPermanent / https://<%= @name %>/ +<% end -%> - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key -> - Require all granted - + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" + + ProxyPass / http://localhost:<%= @docker_external_port %>/ + ProxyPreserveHost on + diff --git a/roles/foundation.rb b/roles/foundation.rb index 95b72429a..fb8024291 100644 --- a/roles/foundation.rb +++ b/roles/foundation.rb @@ -32,6 +32,5 @@ run_list( "recipe[foundation::wiki]", "recipe[foundation::board]", "recipe[foundation::dwg]", - "recipe[foundation::mwg]", - "recipe[foundation::owg]" + "recipe[foundation::mwg]" ) diff --git a/roles/naga.rb b/roles/naga.rb index 9710563c4..3e01e2768 100644 --- a/roles/naga.rb +++ b/roles/naga.rb @@ -40,6 +40,7 @@ run_list( "role[irc]", "role[blogs]", "role[munin]", + "recipe[foundation::owg]", "recipe[foundation::welcome]", "recipe[stateofthemap::container]" )