Use operations.osmfoundation.org container

diff --git a/cookbooks/foundation/metadata.rb b/cookbooks/foundation/metadata.rb
index 8839ce22dec647fefb3d93683b881bb0cc72c00b..8c581fe93f04c50deff1d60bcd784929bbe789b7 100644 (file)
--- a/cookbooks/foundation/metadata.rb
+++ b/cookbooks/foundation/metadata.rb
@@ -7,7 +7,5 @@ description       "Installs and configures foundation services"
 version           "1.0.0"
 supports          "ubuntu"
 depends           "apache"
-depends           "git"
 depends           "mediawiki"
 depends           "podman"
-depends           "ruby"

diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb
index 6c637c62aa684eddc97ca014092dcebd4127c546..60878e22c55c987f74deee2d80da0042c738b94d 100644 (file)
--- a/cookbooks/foundation/recipes/owg.rb
+++ b/cookbooks/foundation/recipes/owg.rb
@@ -18,62 +18,24 @@
 #
 
 include_recipe "apache"
-include_recipe "git"
-include_recipe "ruby"
+include_recipe "podman"
 
-package %W[
-  gcc
-  g++
-  make
-  libssl-dev
-  zlib1g-dev
-  pkg-config
-]
+docker_external_port = 8091
 
-git "/srv/operations.osmfoundation.org" do
-  action :sync
-  repository "https://github.com/openstreetmap/owg-website.git"
-  depth 1
-  user "root"
-  group "root"
-  notifies :run, "bundle_install[/srv/operations.osmfoundation.org]"
-end
-
-directory "/srv/operations.osmfoundation.org/_site" do
-  mode "755"
-  owner "nobody"
-  group "nogroup"
-end
-
-# Workaround https://github.com/jekyll/jekyll/issues/7804
-# by creating a .jekyll-cache folder
-directory "/srv/operations.osmfoundation.org/.jekyll-cache" do
-  mode "755"
-  owner "nobody"
-  group "nogroup"
-end
-
-bundle_install "/srv/operations.osmfoundation.org" do
-  action :nothing
-  options "--deployment"
-  user "root"
-  group "root"
-  notifies :run, "bundle_exec[/srv/operations.osmfoundation.org]"
-end
-
-bundle_exec "/srv/operations.osmfoundation.org" do
-  action :nothing
-  command "jekyll build --trace"
-  user "nobody"
-  group "nogroup"
+podman_service "operations.osmfoundation.org" do
+  description "Container service for operations.osmfoundation.org"
+  image "ghcr.io/openstreetmap/owg-website:latest"
+  ports docker_external_port => "8080"
 end
 
 ssl_certificate "operations.osmfoundation.org" do
-  domains "operations.osmfoundation.org"
+  domains ["operations.osmfoundation.org", "operations.openstreetmap.org", "operations.osm.org"]
   notifies :reload, "service[apache2]"
 end
 
+apache_module "proxy_http"
+
 apache_site "operations.osmfoundation.org" do
   template "apache.owg.erb"
-  directory "/srv/operations.osmfoundation.org/_site"
+  variables :docker_external_port => docker_external_port, :aliases => ["operations.openstreetmap.org", "operations.osm.org"]
 end

diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb
index 1e40674c69ec3a1f6062a5d286b0731fa42b5fa6..55dc39c18b1f37a6cb9448932af0b2bf18bc13ec 100644 (file)
--- a/cookbooks/foundation/templates/default/apache.owg.erb
+++ b/cookbooks/foundation/templates/default/apache.owg.erb
@@ -1,30 +1,52 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
+<VirtualHost *:80>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
+
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% unless @aliases.empty? -%>
+
 <VirtualHost *:443>
-   ServerName <%= @name %>
-   ServerAdmin webmaster@openstreetmap.org
+  ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   SSLEngine on
-   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
-   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
-   DocumentRoot <%= @directory %>
+  RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
+<% end -%>
 
-<VirtualHost *:80>
-   ServerName <%= @name %>
-   ServerAdmin webmaster@openstreetmap.org
+<VirtualHost *:443>
+  ServerName <%= @name %>
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-   RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
-<Directory <%= @directory %>>
-   Require all granted
-</Directory>
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Port "443"
+
+  ProxyPass / http://localhost:<%= @docker_external_port %>/
+  ProxyPreserveHost on
+</VirtualHost>