diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls --- a/pillar/paas/docker.sls +++ b/pillar/paas/docker.sls @@ -102,7 +102,19 @@ # Infrastructure and development services phabricator: - devcentral: {} + devcentral: + app_port: 31080 + host: devcentral.nasqueron.org + aliases: + - phabricator.nasqueron.org + blogs: + servers: + host: servers.nasqueron.org + aliases: + - server.nasqueron.org + - serveur.nasqueron.org + - serveurs.nasqueron.org + static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net aphlict: aphlict: diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls --- a/roles/paas-docker/nginx/config.sls +++ b/roles/paas-docker/nginx/config.sls @@ -42,6 +42,9 @@ {% if 'aliases' in container %} aliases: {{ container['aliases']|join(" ") }} {% endif %} + # If the nginx configuration needs more key, + # pass directly the container dictionary. + args: {{ container }} {% endif %} {% endfor %} diff --git a/roles/paas-docker/nginx/files/vhosts/devcentral.conf b/roles/paas-docker/nginx/files/vhosts/devcentral.conf deleted file mode 100644 --- a/roles/paas-docker/nginx/files/vhosts/devcentral.conf +++ /dev/null @@ -1,93 +0,0 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - listen 80; - listen [::]:80; - server_name phabricator.nasqueron.org; - - include includes/letsencrypt; - - include includes/tls; - ssl_certificate /srv/letsencrypt/etc/live/devcentral.nasqueron.org/fullchain.pem; - ssl_certificate_key /srv/letsencrypt/etc/live/devcentral.nasqueron.org/privkey.pem; - - rewrite ^ https://devcentral.nasqueron.org$request_uri? permanent; -} - -server { - listen 80; - listen [::]:80; - server_name phabricator-files-for-devcentral-nasqueron.spacetechnology.net; - - return 301 https://$host$request_uri; -} - -server { - server_name phabricator-files-for-devcentral-nasqueron.spacetechnology.net; - - include includes/letsencrypt; - - include includes/tls; - ssl_certificate /srv/letsencrypt/etc/live/devcentral.nasqueron.org/fullchain.pem; - ssl_certificate_key /srv/letsencrypt/etc/live/devcentral.nasqueron.org/privkey.pem; - - include includes/proxy_params; - location / { - proxy_pass http://localhost:31080; - } -} - -server { - listen 80; - listen [::]:80; - server_name devcentral.nasqueron.org; - - return 301 https://$host$request_uri; -} - -server { - server_name devcentral.nasqueron.org; - - include includes/letsencrypt; - - include includes/tls; - ssl_certificate /srv/letsencrypt/etc/live/devcentral.nasqueron.org/fullchain.pem; - ssl_certificate_key /srv/letsencrypt/etc/live/devcentral.nasqueron.org/privkey.pem; - - include includes/proxy_params; - location / { - proxy_pass http://localhost:31080; - } - - location ~ ^/maniphest/task/create { - rewrite ^/maniphest/task/create/?(.*) /maniphest/task/edit/form/1/$1; - } - - location = /ws/ { - proxy_pass http://localhost:22280; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 999999999; - } - - #502 error - root /var/wwwroot-502/devcentral.nasqueron.org; - error_page 502 /502.html; - location /502.html {} -} - -server { - listen 80; - listen [::]:80; - server_name server.nasqueron.org serveur.nasqueron.org serveurs.nasqueron.org; - - include includes/letsencrypt; include includes/tls; - ssl_certificate /srv/letsencrypt/etc/live/devcentral.nasqueron.org/fullchain.pem; - ssl_certificate_key /srv/letsencrypt/etc/live/devcentral.nasqueron.org/privkey.pem; - - rewrite ^ https://servers.nasqueron.org$request_uri? permanent; -} diff --git a/roles/paas-docker/nginx/files/vhosts/phabricator.conf b/roles/paas-docker/nginx/files/vhosts/phabricator.conf new file mode 100644 --- /dev/null +++ b/roles/paas-docker/nginx/files/vhosts/phabricator.conf @@ -0,0 +1,176 @@ +# ------------------------------------------------------------- +# Configuration for Docker PaaS front-end nginx +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Author: Sébastien Santoro aka Dereckson +# Created: 2018-09-11 +# Source file: roles/paas-docker/nginx/files/vhosts/phabricator.conf +# ------------------------------------------------------------- +# +# +# This file is managed by our rOPS SaltStack repository. +# +# Changes to this file may cause incorrect behavior +# and will be lost if the state is redeployed. +# + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +# ------------------------------------------------------------- +# Application - {{ fqdn }} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +server { + listen 80; + listen [::]:80; + server_name {{ fqdn }}; + + return 301 https://$host$request_uri; +} + +server { + server_name {{ fqdn }}; + + include includes/letsencrypt; + + include includes/tls; + ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem; + ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem; + + include includes/proxy_params; + location / { + proxy_pass http://localhost:{{ app_port }}; + } + + location ~ ^/maniphest/task/create { + rewrite ^/maniphest/task/create/?(.*) /maniphest/task/edit/form/1/$1; + } + + location = /ws/ { + proxy_pass http://localhost:22280; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 999999999; + } + + #502 error + root /var/wwwroot-502/{{ fqdn }}; + error_page 502 /502.html; + location /502.html {} +} + +# ------------------------------------------------------------- +# Static content +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +server { + listen 80; + listen [::]:80; + server_name {{ args['static_host'] }}; + + return 301 https://$host$request_uri; +} + +server { + server_name {{ args['static_host'] }}; + + include includes/tls; + ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem; + ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem; + + include includes/letsencrypt; + + include includes/proxy_params; + location / { + proxy_pass http://localhost:{{ app_port }}; + } +} + +{%- if 'blogs' in args %} +{%- for blog_name, blog in args['blogs'].items() %} + +# ------------------------------------------------------------- +# Phame domains for {{ blog_name }} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +server { + listen 80; + listen [::]:80; + server_name {{ blog['host'] }}; + + return 301 https://$host$request_uri; +} + +server { + server_name {{ blog['host'] }}; + + include includes/tls; + ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem; + ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem; + + include includes/letsencrypt; + + include includes/proxy_params; + location / { + proxy_pass http://localhost:{{ app_port }}; + } + + # Fixes invalid URLs resolved to phame instead of DevCentral + location ~ T[0.9]* { + rewrite ^ http://{{ fqdn }}$request_uri? redirect; + } + + # Fixes invalid URLs resolved to phame instead of DevCentral + location /tag/ { + rewrite ^ http://{{ fqdn }}$request_uri? redirect; + } + + # 502 error + root /var/wwwroot-502/{{ fqdn }}; + error_page 502 /502.html; + location /502.html {} +} + +# ------------------------------------------------------------- +# Phame domains for {{ blog_name }} — aliases +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +server { + listen 80; + listen [::]:80; + server_name {{ blog['aliases']|join(' ') }}; + + include includes/tls; + ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem; + ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem; + + include includes/letsencrypt; + + return 301 https://{{ blog['host'] }}$request_uri; +} + +{%- endfor %} +{%- endif %} +{%- if aliases %} + +# ------------------------------------------------------------- +# Redirects for app aliases domains +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +server { + listen 80; + listen [::]:80; + server_name {{ aliases }}; + + include includes/tls; + ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem; + ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem; + + include includes/letsencrypt; + + return 301 https://{{ fqdn }}$request_uri; +} +{%- endif %}