From b1a139d155110a79941a53ff2141d799e81cc002 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Sat, 11 Feb 2023 22:49:47 +0000 Subject: [PATCH] sotm: Switch to using containers for jekyll sites Signed-off-by: Grant Slater --- cookbooks/stateofthemap/metadata.rb | 2 +- cookbooks/stateofthemap/recipes/jekyll.rb | 65 +++--------------- .../templates/default/apache.jekyll.erb | 66 ++++++++++--------- 3 files changed, 44 insertions(+), 89 deletions(-) diff --git a/cookbooks/stateofthemap/metadata.rb b/cookbooks/stateofthemap/metadata.rb index 206bddd07..4844cef30 100644 --- a/cookbooks/stateofthemap/metadata.rb +++ b/cookbooks/stateofthemap/metadata.rb @@ -8,5 +8,5 @@ version "1.0.0" supports "ubuntu" depends "apache" depends "git" -depends "ruby" +depends "podman" depends "wordpress" diff --git a/cookbooks/stateofthemap/recipes/jekyll.rb b/cookbooks/stateofthemap/recipes/jekyll.rb index 28744d615..c4e008016 100644 --- a/cookbooks/stateofthemap/recipes/jekyll.rb +++ b/cookbooks/stateofthemap/recipes/jekyll.rb @@ -17,64 +17,18 @@ # limitations under the License. # -include_recipe "stateofthemap" -include_recipe "ruby" +include_recipe "apache" +include_recipe "podman" -package %w[ - gcc - g++ - make - libssl-dev - zlib1g-dev - pkg-config -] - -apache_module "expires" -apache_module "rewrite" +apache_module "proxy_http" %w[2016 2017 2018 2019 2020 2021 2022].each do |year| - git "/srv/#{year}.stateofthemap.org" do - action :sync - repository "https://github.com/openstreetmap/stateofthemap-#{year}.git" - depth 1 - user "root" - group "root" - notifies :run, "bundle_install[/srv/#{year}.stateofthemap.org]" - end - - directory "/srv/#{year}.stateofthemap.org/_site" do - mode "755" - owner "nobody" - group "nogroup" - end - - directory "/srv/#{year}.stateofthemap.org/vendor" do - mode "755" - owner "nobody" - group "nogroup" - end - - bundle_install "/srv/#{year}.stateofthemap.org" do - action :nothing - user "nobody" - group "nogroup" - environment "BUNDLE_FROZEN" => "true", - "BUNDLE_WITHOUT" => "development:test", - "BUNDLE_PATH" => "vendor/bundle", - "BUNDLE_DEPLOYMENT" => "1", - "BUNDLE_JOBS" => node.cpu_cores.to_s - notifies :run, "bundle_exec[/srv/#{year}.stateofthemap.org]" - only_if { ::File.exist?("/srv/#{year}.stateofthemap.org/Gemfile") } - end + docker_external_port = 6080 + year.to_i # 8096+ - bundle_exec "/srv/#{year}.stateofthemap.org" do - action :nothing - command "jekyll build --trace --disable-disk-cache --baseurl=https://#{year}.stateofthemap.org" - user "nobody" - group "nogroup" - environment "LANG" => "C.UTF-8", - "BUNDLE_PATH" => "vendor/bundle", - "BUNDLE_DEPLOYMENT" => "1" + podman_service "#{year}.stateofthemap.org" do + description "Container service for #{year}.stateofthemap.org" + image "ghcr.io/openstreetmap/stateofthemap-#{year}:latest" + ports docker_external_port => "8080" end ssl_certificate "#{year}.stateofthemap.org" do @@ -84,7 +38,6 @@ apache_module "rewrite" apache_site "#{year}.stateofthemap.org" do template "apache.jekyll.erb" - directory "/srv/#{year}.stateofthemap.org/_site" - variables :year => year + variables :docker_external_port => docker_external_port, :aliases => ["#{year}.stateofthemap.com", "#{year}.sotm.org"] end end diff --git a/cookbooks/stateofthemap/templates/default/apache.jekyll.erb b/cookbooks/stateofthemap/templates/default/apache.jekyll.erb index 504003df6..586526085 100644 --- a/cookbooks/stateofthemap/templates/default/apache.jekyll.erb +++ b/cookbooks/stateofthemap/templates/default/apache.jekyll.erb @@ -1,51 +1,53 @@ # DO NOT EDIT - This file is being maintained by Chef - ServerName <%= @year %>.stateofthemap.org - ServerAlias <%= @year %>.stateofthemap.com <%= @year %>.sotm.org - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @year %>.stateofthemap.org-access.log combined - ErrorLog /var/log/apache2/<%= @year %>.stateofthemap.org-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @year %>.stateofthemap.org/ + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @year %>.stateofthemap.com - ServerAlias <%= @year %>.sotm.org - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @year %>.stateofthemap.org-access.log combined - ErrorLog /var/log/apache2/<%= @year %>.stateofthemap.org-error.log + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @year %>.stateofthemap.org.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @year %>.stateofthemap.org.key + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent / https://<%= @year %>.stateofthemap.org/ + RedirectPermanent / https://<%= @name %>/ +<% end -%> - ServerName <%= @year %>.stateofthemap.org - ServerAdmin webmaster@openstreetmap.org + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @year %>.stateofthemap.org-access.log combined - ErrorLog /var/log/apache2/<%= @year %>.stateofthemap.org-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @year %>.stateofthemap.org.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @year %>.stateofthemap.org.key + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - DocumentRoot /srv/<%= @year %>.stateofthemap.org/_site + # Let the backend know we are using HTTPS + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" - ErrorDocument 404 /404.html - - ExpiresActive On - ExpiresDefault "access plus 10 minutes" + ProxyPass / http://localhost:<%= @docker_external_port %>/ + ProxyPreserveHost on - -.stateofthemap.org/_site> - Require all granted - -- 2.39.5