- name: foundation-owg
run_list:
- recipe[foundation::owg]
+ - name: foundation-welcome
+ run_list:
+ - recipe[foundation::welcome]
- name: foundation-wiki
run_list:
- recipe[foundation::wiki]
depends "apache"
depends "git"
depends "mediawiki"
+depends "podman"
depends "ruby"
--- /dev/null
+#
+# Cookbook:: foundation
+# Recipe:: welcome
+#
+# Copyright:: 2023, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache"
+include_recipe "podman"
+
+docker_external_port = 8090
+
+podman_service "welcome-mat" do
+ description "Container service for welcome.openstreetmap.org"
+ image "ghcr.io/osmfoundation/welcome-mat:latest"
+ ports docker_external_port => "8080"
+end
+
+ssl_certificate "welcome.openstreetmap.org" do
+ domains ["welcome.openstreetmap.org", "welcome.osm.org"]
+ notifies :reload, "service[apache2]"
+end
+
+apache_module "proxy_http"
+
+apache_site "welcome.openstreetmap.org" do
+ template "apache.welcome.erb"
+ variables :docker_external_port => docker_external_port, :aliases => ["welcome.osm.org"]
+end
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+<VirtualHost *:443>
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ # Let the backend know we are using HTTPS
+ RequestHeader set X-Forwarded-Proto “https”
+ RequestHeader set X-Forwarded-Port “443”
+
+ ProxyPass / http://localhost:<%= @docker_external_port %>/
+ ProxyPreserveHost on
+
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
--- /dev/null
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+ it { should be_installed }
+end
+
+describe service("apache2") do
+ it { should be_enabled }
+ it { should be_running }
+end
+
+describe port(80) do
+ it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+ it { should be_listening.with("tcp") }
+end
projects / chef.git / commitdiff