]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bc9585f)
Set SECRET_KEY_BASE for production web servers
authorTom Hughes <tom@compton.nu>
Thu, 10 Jul 2014 20:13:00 +0000 (21:13 +0100)
committerTom Hughes <tom@compton.nu>
Thu, 10 Jul 2014 20:13:00 +0000 (21:13 +0100)
cookbooks/web/recipes/backend.rb patch | blob | history
cookbooks/web/recipes/frontend.rb patch | blob | history
cookbooks/web/templates/default/apache.backend.erb patch | blob | history
cookbooks/web/templates/default/apache.frontend.erb patch | blob | history

diff --git a/cookbooks/web/recipes/backend.rb b/cookbooks/web/recipes/backend.rb
index 6898b42be54e14ff729ebf30cecf126018faa943..b059d4f4435a7e126c28ec3987933c08594ef3c9 100644 (file)
--- a/cookbooks/web/recipes/backend.rb
+++ b/cookbooks/web/recipes/backend.rb
@@ -22,6 +22,8 @@ include_recipe "apache::ssl"
 include_recipe "web::rails"
 include_recipe "web::cgimap"
 
+web_passwords = data_bag_item("web", "passwords")
+
 apache_module "fastcgi-handler"
 apache_module "remoteip"
 apache_module "rewrite"
@@ -32,6 +34,7 @@ end
 
 apache_site "www.openstreetmap.org" do
   template "apache.backend.erb"
+  variables :secret_key_base => web_passwords["secret_key_base"]
 end
 
 node.set[:memcached][:ip_address] = node.internal_ipaddress
diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb
index 8ed2db77b0fb4eaadd7c8b0f51233aed1b4d420c..b6146eb8cc01cd831ab4972ed6806a6416a583de 100644 (file)
--- a/cookbooks/web/recipes/frontend.rb
+++ b/cookbooks/web/recipes/frontend.rb
@@ -20,6 +20,8 @@
 include_recipe "apache::ssl"
 include_recipe "web::rails"
 
+web_passwords = data_bag_item("web", "passwords")
+
 apache_module "alias"
 apache_module "deflate"
 apache_module "expires"
@@ -34,6 +36,7 @@ end
 
 apache_site "www.openstreetmap.org" do
   template "apache.frontend.erb"
+  variables :secret_key_base => web_passwords["secret_key_base"]
 end
 
 gem_package "hpricot"
diff --git a/cookbooks/web/templates/default/apache.backend.erb b/cookbooks/web/templates/default/apache.backend.erb
index e1e65bee45df6afd9397bea4e6158444eb87dc03..7f3c3977b497a504eb8eb6f055c696b571f660f4 100644 (file)
--- a/cookbooks/web/templates/default/apache.backend.erb
+++ b/cookbooks/web/templates/default/apache.backend.erb
@@ -36,6 +36,7 @@
   PassengerMinInstances 3
   PassengerMaxRequests 500
   PassengerPreStart http://www.openstreetmap.org/
+  SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
 
   #
   # Get the real remote IP for requests via a trusted proxy
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index a3102d4b9d458fba29bab9c6e80eaa5bdb69235a..7bfe6a3e23e7eb5ca8eb975f98760366d77bbbac 100644 (file)
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -137,6 +137,7 @@
   PassengerMinInstances 10
   PassengerMaxRequests 5000
   PassengerPreStart http://www.openstreetmap.org/
+  SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
   Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/images/favicon.ico
   Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers
   Alias /stats /store/rails/stats
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.