From: Tom Hughes Date: Wed, 15 Feb 2023 12:13:54 +0000 (+0000) Subject: Merge remote-tracking branch 'github/pull/580' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/3c0e4bb2d443fb393e85976937be0a4225e13ad3?hp=ac3a6637b58ae70c2d3a52f55a08ba1ea40575d9 Merge remote-tracking branch 'github/pull/580' --- diff --git a/cookbooks/foundation/recipes/owg.rb b/cookbooks/foundation/recipes/owg.rb index 60878e22c..7054ec14a 100644 --- a/cookbooks/foundation/recipes/owg.rb +++ b/cookbooks/foundation/recipes/owg.rb @@ -17,25 +17,9 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -docker_external_port = 8091 - -podman_service "operations.osmfoundation.org" do - description "Container service for operations.osmfoundation.org" +podman_site "operations.osmfoundation.org" do image "ghcr.io/openstreetmap/owg-website:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "operations.osmfoundation.org" do - domains ["operations.osmfoundation.org", "operations.openstreetmap.org", "operations.osm.org"] - notifies :reload, "service[apache2]" -end - -apache_module "proxy_http" - -apache_site "operations.osmfoundation.org" do - template "apache.owg.erb" - variables :docker_external_port => docker_external_port, :aliases => ["operations.openstreetmap.org", "operations.osm.org"] + aliases ["operations.openstreetmap.org", "operations.osm.org"] end diff --git a/cookbooks/foundation/recipes/welcome.rb b/cookbooks/foundation/recipes/welcome.rb index fd8416bf4..30f58f9c2 100644 --- a/cookbooks/foundation/recipes/welcome.rb +++ b/cookbooks/foundation/recipes/welcome.rb @@ -17,25 +17,9 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -docker_external_port = 8090 - -podman_service "welcome-mat" do - description "Container service for welcome.openstreetmap.org" +podman_site "welcome.openstreetmap.org" do image "ghcr.io/osmfoundation/welcome-mat:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "welcome.openstreetmap.org" do - domains ["welcome.openstreetmap.org", "welcome.osm.org"] - notifies :reload, "service[apache2]" -end - -apache_module "proxy_http" - -apache_site "welcome.openstreetmap.org" do - template "apache.welcome.erb" - variables :docker_external_port => docker_external_port, :aliases => ["welcome.osm.org"] + aliases ["welcome.osm.org"] end diff --git a/cookbooks/foundation/templates/default/apache.owg.erb b/cookbooks/foundation/templates/default/apache.owg.erb deleted file mode 100644 index 55dc39c18..000000000 --- a/cookbooks/foundation/templates/default/apache.owg.erb +++ /dev/null @@ -1,52 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ProxyPass / http://localhost:<%= @docker_external_port %>/ - ProxyPreserveHost on - diff --git a/cookbooks/foundation/templates/default/apache.welcome.erb b/cookbooks/foundation/templates/default/apache.welcome.erb deleted file mode 100644 index 55dc39c18..000000000 --- a/cookbooks/foundation/templates/default/apache.welcome.erb +++ /dev/null @@ -1,52 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ProxyPass / http://localhost:<%= @docker_external_port %>/ - ProxyPreserveHost on - diff --git a/cookbooks/irc/metadata.rb b/cookbooks/irc/metadata.rb index 755e6f9c7..80523f6b4 100644 --- a/cookbooks/irc/metadata.rb +++ b/cookbooks/irc/metadata.rb @@ -6,5 +6,4 @@ description "Configures irc.openstreetmap.org" version "1.0.0" supports "ubuntu" -depends "apache" depends "podman" diff --git a/cookbooks/irc/recipes/default.rb b/cookbooks/irc/recipes/default.rb index ef6332dce..7ebcfc7ba 100644 --- a/cookbooks/irc/recipes/default.rb +++ b/cookbooks/irc/recipes/default.rb @@ -17,25 +17,9 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -docker_external_port = 8092 - -podman_service "irc.openstreetmap.org" do - description "Container service for irc.openstreetmap.org" +podman_site "irc.openstreetmap.org" do image "ghcr.io/openstreetmap/irc:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "irc.openstreetmap.org" do - domains ["irc.openstreetmap.org", "irc.osm.org"] - notifies :reload, "service[apache2]" -end - -apache_module "proxy_http" - -apache_site "irc.openstreetmap.org" do - template "apache.erb" - variables :docker_external_port => docker_external_port, :aliases => ["irc.osm.org"] + aliases ["irc.osm.org"] end diff --git a/cookbooks/irc/templates/default/apache.erb b/cookbooks/irc/templates/default/apache.erb deleted file mode 100644 index 55dc39c18..000000000 --- a/cookbooks/irc/templates/default/apache.erb +++ /dev/null @@ -1,52 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ProxyPass / http://localhost:<%= @docker_external_port %>/ - ProxyPreserveHost on - diff --git a/cookbooks/podman/attributes/default.rb b/cookbooks/podman/attributes/default.rb new file mode 100644 index 000000000..0d4f407c4 --- /dev/null +++ b/cookbooks/podman/attributes/default.rb @@ -0,0 +1 @@ +default[:podman][:ports] = {} diff --git a/cookbooks/podman/metadata.rb b/cookbooks/podman/metadata.rb index e1039e85d..d44ad30bd 100644 --- a/cookbooks/podman/metadata.rb +++ b/cookbooks/podman/metadata.rb @@ -6,4 +6,5 @@ description "Installs and configures podman" version "1.0.0" supports "ubuntu" +depends "apache" depends "systemd" diff --git a/cookbooks/podman/recipes/apache.rb b/cookbooks/podman/recipes/apache.rb new file mode 100644 index 000000000..b63bfe4a8 --- /dev/null +++ b/cookbooks/podman/recipes/apache.rb @@ -0,0 +1,23 @@ +# +# Cookbook:: podman +# Recipe:: apache +# +# Copyright:: 2023, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "podman" +include_recipe "apache" + +apache_module "proxy_http" diff --git a/cookbooks/podman/resources/site.rb b/cookbooks/podman/resources/site.rb new file mode 100644 index 000000000..e0b0f8ce2 --- /dev/null +++ b/cookbooks/podman/resources/site.rb @@ -0,0 +1,91 @@ +# +# Cookbook:: podman +# Resource:: podman_site +# +# Copyright:: 2023, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "yaml" + +unified_mode true + +default_action :create + +property :site, String, :name_property => true +property :image, String, :required => true +property :port, Integer, :default => 8080 +property :aliases, :kind_of => Array, :default => [] + +action :create do + podman_service new_resource.site do + description "Container service for #{new_resource.site}" + image new_resource.image + ports external_port => new_resource.port + end + + ssl_certificate new_resource.site do + domains Array(new_resource.site) + new_resource.aliases + end + + apache_site new_resource.site do + cookbook "podman" + template "apache.erb" + variables :port => external_port, :aliases => new_resource.aliases + end +end + +action :delete do + apache_site new_resource.site do + action [:disable, :delete] + end + + podman_service new_resource.site do + action :delete + end + + node.rm_normal(:podman, :ports, new_resource.site) +end + +action_class do + def ports_file + "#{Chef::Config[:file_cache_path]}/podman-ports.yml" + end + + def ports + @ports ||= if ::File.exist?(ports_file) + YAML.safe_load(::File.read(ports_file)) + else + {} + end + end + + def external_port + unless ports.include?(new_resource.site) + port = 40000 + + port += 1 while ports.values.include?(port) + + ports[new_resource.site] = port + + ::File.write(ports_file, YAML.dump(ports)) + end + + ports[new_resource.site] + end +end + +def after_created + notifies :reload, "service[apache2]" +end diff --git a/cookbooks/subversion/templates/default/apache.erb b/cookbooks/podman/templates/default/apache.erb similarity index 96% rename from cookbooks/subversion/templates/default/apache.erb rename to cookbooks/podman/templates/default/apache.erb index 55dc39c18..3c1f510c2 100644 --- a/cookbooks/subversion/templates/default/apache.erb +++ b/cookbooks/podman/templates/default/apache.erb @@ -47,6 +47,6 @@ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" - ProxyPass / http://localhost:<%= @docker_external_port %>/ + ProxyPass / http://localhost:<%= @port %>/ ProxyPreserveHost on diff --git a/cookbooks/stateofthemap/recipes/container.rb b/cookbooks/stateofthemap/recipes/container.rb index 5a7de8d52..2d49ba6c5 100644 --- a/cookbooks/stateofthemap/recipes/container.rb +++ b/cookbooks/stateofthemap/recipes/container.rb @@ -17,47 +17,16 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -apache_module "proxy_http" - -docker_external_port = 8096 - -podman_service "www.stateofthemap.org" do - description "Container service for www.stateofthemap.org" +podman_site "www.stateofthemap.org" do image "ghcr.io/openstreetmap/stateofthemap-website:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "stateofthemap.org" do - domains ["stateofthemap.org", "www.stateofthemap.org", - "stateofthemap.com", "www.stateofthemap.com", - "sotm.org", "www.sotm.org"] - notifies :reload, "service[apache2]" -end - -apache_site "stateofthemap.org" do - template "apache.container.erb" - variables :docker_external_port => docker_external_port, :aliases => ["www.stateofthemap.org", "stateofthemap.com", "www.stateofthemap.com", "sotm.org", "www.sotm.org"] + aliases ["www.stateofthemap.org", "stateofthemap.com", "www.stateofthemap.com", "sotm.org", "www.sotm.org"] end %w[2013 2016 2017 2018 2019 2020 2021 2022].each do |year| - docker_external_port = 6180 + year.to_i # 8193+ - - podman_service "#{year}.stateofthemap.org" do - description "Container service for #{year}.stateofthemap.org" + podman_site "#{year}.stateofthemap.org" do image "ghcr.io/openstreetmap/stateofthemap-#{year}:latest" - ports docker_external_port => "8080" - end - - ssl_certificate "#{year}.stateofthemap.org" do - domains ["#{year}.stateofthemap.org", "#{year}.stateofthemap.com", "#{year}.sotm.org"] - notifies :reload, "service[apache2]" - end - - apache_site "#{year}.stateofthemap.org" do - template "apache.container.erb" - variables :docker_external_port => docker_external_port, :aliases => ["#{year}.stateofthemap.com", "#{year}.sotm.org"] + aliases ["#{year}.stateofthemap.com", "#{year}.sotm.org"] end end diff --git a/cookbooks/stateofthemap/templates/default/apache.container.erb b/cookbooks/stateofthemap/templates/default/apache.container.erb deleted file mode 100644 index 55dc39c18..000000000 --- a/cookbooks/stateofthemap/templates/default/apache.container.erb +++ /dev/null @@ -1,52 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ProxyPass / http://localhost:<%= @docker_external_port %>/ - ProxyPreserveHost on - diff --git a/cookbooks/subversion/metadata.rb b/cookbooks/subversion/metadata.rb index 571e49b22..1d376481c 100644 --- a/cookbooks/subversion/metadata.rb +++ b/cookbooks/subversion/metadata.rb @@ -6,5 +6,4 @@ description "Installs and configures subversion servers" version "1.0.0" supports "ubuntu" -depends "apache" depends "podman" diff --git a/cookbooks/subversion/recipes/default.rb b/cookbooks/subversion/recipes/default.rb index 0e71c9733..3ce35840b 100644 --- a/cookbooks/subversion/recipes/default.rb +++ b/cookbooks/subversion/recipes/default.rb @@ -17,25 +17,9 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -docker_external_port = 8095 - -podman_service "svn.openstreetmap.org" do - description "Container service for svn.openstreetmap.org" +podman_site "svn.openstreetmap.org" do image "ghcr.io/openstreetmap/svn-website:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "svn.openstreetmap.org" do - domains ["svn.openstreetmap.org", "svn.osm.org"] - notifies :reload, "service[apache2]" -end - -apache_module "proxy_http" - -apache_site "svn.openstreetmap.org" do - template "apache.erb" - variables :docker_external_port => docker_external_port, :aliases => ["svn.osm.org"] + aliases ["svn.osm.org"] end diff --git a/cookbooks/switch2osm/metadata.rb b/cookbooks/switch2osm/metadata.rb index 890fd07ef..40f3aa308 100644 --- a/cookbooks/switch2osm/metadata.rb +++ b/cookbooks/switch2osm/metadata.rb @@ -6,5 +6,4 @@ description "Installs and configures servers for switch2osm" version "1.0.0" supports "ubuntu" -depends "apache" depends "podman" diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb index 78ca5ea6b..d4eb9eeec 100644 --- a/cookbooks/switch2osm/recipes/default.rb +++ b/cookbooks/switch2osm/recipes/default.rb @@ -17,26 +17,9 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -docker_external_port = 8093 - -podman_service "switch2osm.org" do - description "Container service for switch2osm.org" +podman_site "switch2osm.org" do image "ghcr.io/switch2osm/switch2osm:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "switch2osm.org" do - domains ["switch2osm.org", - "www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"] - notifies :reload, "service[apache2]" -end - -apache_module "proxy_http" - -apache_site "switch2osm.org" do - template "apache.erb" - variables :docker_external_port => docker_external_port, :aliases => ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"] + aliases ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"] end diff --git a/cookbooks/switch2osm/templates/default/apache.erb b/cookbooks/switch2osm/templates/default/apache.erb deleted file mode 100644 index 55dc39c18..000000000 --- a/cookbooks/switch2osm/templates/default/apache.erb +++ /dev/null @@ -1,52 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ProxyPass / http://localhost:<%= @docker_external_port %>/ - ProxyPreserveHost on - diff --git a/cookbooks/trac/metadata.rb b/cookbooks/trac/metadata.rb index 44c984f1c..e78163826 100644 --- a/cookbooks/trac/metadata.rb +++ b/cookbooks/trac/metadata.rb @@ -6,5 +6,4 @@ description "Installs and configures trac servers" version "1.0.0" supports "ubuntu" -depends "apache" depends "podman" diff --git a/cookbooks/trac/recipes/default.rb b/cookbooks/trac/recipes/default.rb index 953efeaef..4099810f1 100644 --- a/cookbooks/trac/recipes/default.rb +++ b/cookbooks/trac/recipes/default.rb @@ -17,25 +17,9 @@ # limitations under the License. # -include_recipe "apache" -include_recipe "podman" +include_recipe "podman::apache" -docker_external_port = 8094 - -podman_service "trac.openstreetmap.org" do - description "Container service for trac.openstreetmap.org" +podman_site "trac.openstreetmap.org" do image "ghcr.io/openstreetmap/trac-website:latest" - ports docker_external_port => "8080" -end - -ssl_certificate "trac.openstreetmap.org" do - domains ["trac.openstreetmap.org", "trac.osm.org"] - notifies :reload, "service[apache2]" -end - -apache_module "proxy_http" - -apache_site "trac.openstreetmap.org" do - template "apache.erb" - variables :docker_external_port => docker_external_port, :aliases => ["trac.osm.org"] + aliases ["trac.osm.org"] end diff --git a/cookbooks/trac/templates/default/apache.erb b/cookbooks/trac/templates/default/apache.erb deleted file mode 100644 index 55dc39c18..000000000 --- a/cookbooks/trac/templates/default/apache.erb +++ /dev/null @@ -1,52 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - RequestHeader set X-Forwarded-Proto "https" - RequestHeader set X-Forwarded-Port "443" - - ProxyPass / http://localhost:<%= @docker_external_port %>/ - ProxyPreserveHost on -