From 9efaa37d8f7bf4f9a019fc2b6208762b94d4f04c Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 10 Mar 2022 16:15:15 +0000 Subject: [PATCH] community: fix acme cert redirect. Add DB backup --- .../community/templates/default/data.yml.erb | 6 ++++ .../templates/default/mail-receiver.yml.erb | 20 +++++------ .../templates/default/web_only.yml.erb | 36 ++++--------------- 3 files changed, 21 insertions(+), 41 deletions(-) diff --git a/cookbooks/community/templates/default/data.yml.erb b/cookbooks/community/templates/default/data.yml.erb index f18668e3d..2aa4de023 100644 --- a/cookbooks/community/templates/default/data.yml.erb +++ b/cookbooks/community/templates/default/data.yml.erb @@ -42,3 +42,9 @@ hooks: cmd: su - postgres -c 'psql discourse' raise_on_fail: false + - file: + path: /var/spool/cron/crontabs/postgres + contents: | + # m h dom mon dow command + # MAILTO=? + 0 4 * * * /var/lib/postgresql/take-database-backup diff --git a/cookbooks/community/templates/default/mail-receiver.yml.erb b/cookbooks/community/templates/default/mail-receiver.yml.erb index 4460d30f9..da96fcdd8 100644 --- a/cookbooks/community/templates/default/mail-receiver.yml.erb +++ b/cookbooks/community/templates/default/mail-receiver.yml.erb @@ -21,11 +21,9 @@ env: ## Where e-mail to your forum should be sent. In general, it's perfectly fine ## to use the same domain as the forum itself here. MAIL_DOMAIN: community.openstreetmap.org -# uncomment these (and the volume below!) to support TLS -# POSTCONF_smtpd_tls_key_file: /letsencrypt/discourse.example.com/discourse.example.com.key -# POSTCONF_smtpd_tls_cert_file: /letsencrypt/discourse.example.com/fullchain.cer -# POSTCONF_smtpd_tls_security_level: may - + POSTCONF_smtpd_tls_key_file: /shared/ssl/ssl.key + POSTCONF_smtpd_tls_cert_file: /shared/ssl/ssl.crt + POSTCONF_smtpd_tls_security_level: may ## The URL of the mail processing endpoint of your Discourse forum. ## This is simply your forum's base URL, with `/admin/email/handle_mail` @@ -45,9 +43,9 @@ volumes: - volume: host: /srv/community.openstreetmap.org/shared/mail-receiver/postfix-spool guest: /var/spool/postfix -# uncomment to support TLS -# - volume: -# host: /var/discourse/shared/standalone/letsencrypt -# guest: /letsencrypt - - + - volume: + host: /etc/ssl/certs/community.openstreetmap.org.pem + guest: /shared/ssl/ssl.crt + - volume: + host: /etc/ssl/private/community.openstreetmap.org.key + guest: /shared/ssl/ssl.key diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb index ca1b7a8f5..3542aaaa3 100644 --- a/cookbooks/community/templates/default/web_only.yml.erb +++ b/cookbooks/community/templates/default/web_only.yml.erb @@ -99,36 +99,12 @@ hooks: - git fetch --depth=1 origin tag v2.8.1 --no-tags - git checkout v2.8.1 after_ssl: - - file: - path: "/etc/nginx/letsencrypt.conf" - contents: | - user www-data; - worker_processes auto; - daemon on; - - events { - worker_connections 768; - # multi_accept on; - } - - http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - access_log /var/log/nginx/access.letsencrypt.log; - error_log /var/log/nginx/error.letsencrypt.log; - - server { - listen 80; - listen [::]:80; - - rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent; - - } - } + - replace: + filename: "/etc/nginx/conf.d/discourse.conf" + from: /listen 80;/ + to: | + listen 80; + rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent; - replace: filename: "/etc/nginx/conf.d/discourse.conf" -- 2.43.2