From: Grant Slater Date: Sun, 12 Feb 2023 22:13:48 +0000 (+0000) Subject: switch2osm: Use container X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/e94cd7b094fb07cdf4d804b2ee30af65e04bfffd switch2osm: Use container Signed-off-by: Grant Slater --- diff --git a/cookbooks/switch2osm/metadata.rb b/cookbooks/switch2osm/metadata.rb index 2002653b7..890fd07ef 100644 --- a/cookbooks/switch2osm/metadata.rb +++ b/cookbooks/switch2osm/metadata.rb @@ -7,5 +7,4 @@ description "Installs and configures servers for switch2osm" version "1.0.0" supports "ubuntu" depends "apache" -depends "git" -depends "ruby" +depends "podman" diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb index a2345be08..78ca5ea6b 100644 --- a/cookbooks/switch2osm/recipes/default.rb +++ b/cookbooks/switch2osm/recipes/default.rb @@ -18,57 +18,14 @@ # include_recipe "apache" -include_recipe "git" -include_recipe "ruby" +include_recipe "podman" -package %w[ - gcc - g++ - make - libssl-dev - zlib1g-dev - pkg-config -] +docker_external_port = 8093 -apache_module "expires" -apache_module "rewrite" - -git "/srv/switch2osm.org" do - action :sync - repository "https://github.com/switch2osm/switch2osm.github.io.git" - depth 1 - user "root" - group "root" - notifies :run, "bundle_install[/srv/switch2osm.org]" -end - -directory "/srv/switch2osm.org/_site" do - mode "755" - owner "nobody" - group "nogroup" -end - -# Workaround https://github.com/jekyll/jekyll/issues/7804 -# by creating a .jekyll-cache folder -directory "/srv/switch2osm.org/.jekyll-cache" do - mode "755" - owner "nobody" - group "nogroup" -end - -bundle_install "/srv/switch2osm.org" do - action :nothing - options "--deployment" - user "root" - group "root" - notifies :run, "bundle_exec[/srv/switch2osm.org]" -end - -bundle_exec "/srv/switch2osm.org" do - action :nothing - command "jekyll build --trace --config _config.yml,_config_osm.yml" - user "nobody" - group "nogroup" +podman_service "switch2osm.org" do + description "Container service for switch2osm.org" + image "ghcr.io/switch2osm/switch2osm:latest" + ports docker_external_port => "8080" end ssl_certificate "switch2osm.org" do @@ -77,7 +34,9 @@ ssl_certificate "switch2osm.org" do notifies :reload, "service[apache2]" end +apache_module "proxy_http" + apache_site "switch2osm.org" do template "apache.erb" - directory "/srv/switch2osm.org/_site" + variables :docker_external_port => docker_external_port, :aliases => ["www.switch2osm.org", "switch2osm.com", "www.switch2osm.com"] end diff --git a/cookbooks/switch2osm/templates/default/apache.erb b/cookbooks/switch2osm/templates/default/apache.erb index e355c814c..55dc39c18 100644 --- a/cookbooks/switch2osm/templates/default/apache.erb +++ b/cookbooks/switch2osm/templates/default/apache.erb @@ -1,41 +1,52 @@ # DO NOT EDIT - This file is being maintained by Chef - - ServerName <%= @name %> - ServerAlias www.switch2osm.org - ServerAlias switch2osm.com - ServerAlias www.switch2osm.com - ServerAdmin webmaster@openstreetmap.org + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://<%= @name %>/ + +<% unless @aliases.empty? -%> + + + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org - DocumentRoot <%= @directory %> + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - ErrorDocument 404 /404.html + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - ExpiresActive On - ExpiresDefault "access plus 10 minutes" + RedirectPermanent / https://<%= @name %>/ +<% end -%> - - ServerName <%= @name %> - ServerAlias www.switch2osm.org - ServerAlias switch2osm.com - ServerAlias www.switch2osm.com - ServerAdmin webmaster@openstreetmap.org + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org - CustomLog /var/log/apache2/<%= @name %>-access.log combined - ErrorLog /var/log/apache2/<%= @name %>-error.log + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key -> - Require all granted - + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" + + ProxyPass / http://localhost:<%= @docker_external_port %>/ + ProxyPreserveHost on +