switch2osm: Use container

Signed-off-by: Grant Slater <github@firefishy.com>

diff --git a/cookbooks/switch2osm/metadata.rb b/cookbooks/switch2osm/metadata.rb
index 2002653b7e47fdce4eaaad156fe91c6cfda32f37..890fd07effac49c0ed69cde4a5fe04a5fe24c83a 100644 (file)
--- a/cookbooks/switch2osm/metadata.rb
+++ b/cookbooks/switch2osm/metadata.rb
@@ -7,5 +7,4 @@ description       "Installs and configures servers for switch2osm"
 version           "1.0.0"
 supports          "ubuntu"
 depends           "apache"
-depends           "git"
-depends           "ruby"
+depends           "podman"

diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb
index a2345be08c4e837b95e87823115217cffa0985d7..78ca5ea6b9cef5294325b82ebf1d94cd1ab90813 100644 (file)
--- a/cookbooks/switch2osm/recipes/default.rb
+++ b/cookbooks/switch2osm/recipes/default.rb
@@ -18,57 +18,14 @@
 #
 
 include_recipe "apache"
-include_recipe "git"
-include_recipe "ruby"
+include_recipe "podman"
 
-package %w[
-  gcc
-  g++
-  make
-  libssl-dev
-  zlib1g-dev
-  pkg-config
-]
+docker_external_port = 8093
 
-apache_module "expires"
-apache_module "rewrite"
-
-git "/srv/switch2osm.org" do
-  action :sync
-  repository "https://github.com/switch2osm/switch2osm.github.io.git"
-  depth 1
-  user "root"
-  group "root"
-  notifies :run, "bundle_install[/srv/switch2osm.org]"
-end
-
-directory "/srv/switch2osm.org/_site" do
-  mode "755"
-  owner "nobody"
-  group "nogroup"
-end
-
-# Workaround https://github.com/jekyll/jekyll/issues/7804
-# by creating a .jekyll-cache folder
-directory "/srv/switch2osm.org/.jekyll-cache" do
-  mode "755"
-  owner "nobody"
-  group "nogroup"
-end
-
-bundle_install "/srv/switch2osm.org" do
-  action :nothing
-  options "--deployment"
-  user "root"
-  group "root"
-  notifies :run, "bundle_exec[/srv/switch2osm.org]"
-end
-
-bundle_exec "/srv/switch2osm.org" do
-  action :nothing
-  command "jekyll build --trace --config _config.yml,_config_osm.yml"
-  user "nobody"
-  group "nogroup"
+podman_service "switch2osm.org" do
+  description "Container service for switch2osm.org"
+  image "ghcr.io/switch2osm/switch2osm:latest"
+  ports docker_external_port => "8080"
 end
 
 ssl_certificate "switch2osm.org" do
@@ -77,7 +34,9 @@ ssl_certificate "switch2osm.org" do
   notifies :reload, "service[apache2]"
 end
 
+apache_module "proxy_http"
+
 apache_site "switch2osm.org" do
   template "apache.erb"
-  directory "/srv/switch2osm.org/_site"
+  variables :docker_external_port => docker_external_port, :aliases => ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"]
 end

diff --git a/cookbooks/switch2osm/templates/default/apache.erb b/cookbooks/switch2osm/templates/default/apache.erb
index e355c814c23a98c23a165f5b8c943c02ebe5026c..55dc39c18b1f37a6cb9448932af0b2bf18bc13ec 100644 (file)
--- a/cookbooks/switch2osm/templates/default/apache.erb
+++ b/cookbooks/switch2osm/templates/default/apache.erb
@@ -1,41 +1,52 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-<VirtualHost *:443>
-   ServerName <%= @name %>
-   ServerAlias www.switch2osm.org
-   ServerAlias switch2osm.com
-   ServerAlias www.switch2osm.com
-   ServerAdmin webmaster@openstreetmap.org
+<VirtualHost *:80>
+  ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   SSLEngine on
-   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
-   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% unless @aliases.empty? -%>
+
+<VirtualHost *:443>
+  ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+  ServerAlias <%= alias_name %>
+<% end -%>
+  ServerAdmin webmaster@openstreetmap.org
 
-   DocumentRoot <%= @directory %>
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   ErrorDocument 404 /404.html
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
-   ExpiresActive On
-   ExpiresDefault "access plus 10 minutes"
+  RedirectPermanent / https://<%= @name %>/
 </VirtualHost>
+<% end -%>
 
-<VirtualHost *:80>
-   ServerName <%= @name %>
-   ServerAlias www.switch2osm.org
-   ServerAlias switch2osm.com
-   ServerAlias www.switch2osm.com
-   ServerAdmin webmaster@openstreetmap.org
+<VirtualHost *:443>
+  ServerName <%= @name %>
+  ServerAdmin webmaster@openstreetmap.org
 
-   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-   ErrorLog /var/log/apache2/<%= @name %>-error.log
+  CustomLog /var/log/apache2/<%= @name %>-access.log combined
+  ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-   RedirectPermanent / https://<%= @name %>/
-</VirtualHost>
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+  SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
-<Directory <%= @directory %>>
-   Require all granted
-</Directory>
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Port "443"
+
+  ProxyPass / http://localhost:<%= @docker_external_port %>/
+  ProxyPreserveHost on
+</VirtualHost>