From 74ce2698c86c5b50d044c1dbd110c9132318bcd6 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Sun, 12 Feb 2023 12:56:42 +0000 Subject: [PATCH] Use operations.osmfoundation.org container --- cookbooks/foundation/metadata.rb | 2 - cookbooks/foundation/recipes/owg.rb | 58 ++++-------------- .../templates/default/apache.owg.erb | 60 +++++++++++++------ 3 files changed, 51 insertions(+), 69 deletions(-) diff --git a/cookbooks/foundation/metadata.rb b/cookbooks/foundation/metadata.rb index 8839ce22d..8c581fe93 100644 --- a/cookbooks/foundation/metadata.rb +++ b/cookbooks/foundation/metadata.rb @@ -7,7 +7,5 @@ description "Installs and configures foundation services" version "1.0.0" supports "ubuntu" depends "apache" -depends "git" depends "mediawiki" depends "podman" -depends "ruby" diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb index 6c637c62a..60878e22c 100644 --- a/cookbooks/foundation/recipes/owg.rb +++ b/cookbooks/foundation/recipes/owg.rb @@ -18,62 +18,24 @@ # include_recipe "apache" -include_recipe "git" -include_recipe "ruby" +include_recipe "podman" -package %W[ - gcc - g++ - make - libssl-dev - zlib1g-dev - pkg-config -] +docker_external_port = 8091 -git "/srv/operations.osmfoundation.org" do - action :sync - repository "https://github.com/openstreetmap/owg-website.git" - depth 1 - user "root" - group "root" - notifies :run, "bundle_install[/srv/operations.osmfoundation.org]" -end - -directory "/srv/operations.osmfoundation.org/_site" do - mode "755" - owner "nobody" - group "nogroup" -end - -# Workaround https://github.com/jekyll/jekyll/issues/7804 -# by creating a .jekyll-cache folder -directory "/srv/operations.osmfoundation.org/.jekyll-cache" do - mode "755" - owner "nobody" - group "nogroup" -end - -bundle_install "/srv/operations.osmfoundation.org" do - action :nothing - options "--deployment" - user "root" - group "root" - notifies :run, "bundle_exec[/srv/operations.osmfoundation.org]" -end - -bundle_exec "/srv/operations.osmfoundation.org" do - action :nothing - command "jekyll build --trace" - user "nobody" - group "nogroup" +podman_service "operations.osmfoundation.org" do + description "Container service for operations.osmfoundation.org" + image "ghcr.io/openstreetmap/owg-website:latest" + ports docker_external_port => "8080" end ssl_certificate "operations.osmfoundation.org" do - domains "operations.osmfoundation.org" + domains ["operations.osmfoundation.org", "operations.openstreetmap.org", "operations.osm.org"] notifies :reload, "service[apache2]" end +apache_module "proxy_http" + apache_site "operations.osmfoundation.org" do template "apache.owg.erb" - directory "/srv/operations.osmfoundation.org/_site" + variables :docker_external_port => docker_external_port, :aliases => ["operations.openstreetmap.org", "operations.osm.org"] end diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb index 1e40674c6..55dc39c18 100644 --- a/cookbooks/foundation/templates/default/apache.owg.erb +++ b/cookbooks/foundation/templates/default/apache.owg.erb @@ -1,30 +1,52 @@ # DO NOT EDIT - This file is being maintained by Chef + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + +<% unless @aliases.empty? -%> + - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - DocumentRoot <%= @directory %> + RedirectPermanent / https://<%= @name %>/ +<% end -%> - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key -> - Require all granted - + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" + + ProxyPass / http://localhost:<%= @docker_external_port %>/ + ProxyPreserveHost on + -- 2.39.5