Page MenuHomeDevCentral
Files F12241670

No OneTemporary
Actions

View Options

diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
index 77b6fe6..fbb21bc 100644
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -1,33 +1,36 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# You can append a :tag (by default, latest is used).
# You can't directly specify a Docker library images.
# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
docker_images:
'*':
- certbot/certbot
dwellers:
# Core services
- nasqueron/mysql
- nasqueron/rabbitmq
# Infrastructure and development services
- nasqueron/aphlict
- dereckson/cachet
- nasqueron/etherpad
- nasqueron/notifications
- nasqueron/phabricator
equatower:
# Continuous deployment jobs
- jenkinsci/jenkins
- nasqueron/jenkins-slave-php
docker_containers:
equatower:
- - jenkins # CD
+ # CD
+ jenkins:
+ host: cd.nasqueron.org
+ app_port: 38080
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
index fb68cdc..ebe8a0a 100644
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -1,14 +1,14 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], []) %}
+{% set containers = salt['node.filter_by_name']('docker_containers') %}
include:
{% for container in containers %}
- .{{ container }}
{% endfor %}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
new file mode 100644
index 0000000..a8d8aa8
--- /dev/null
+++ b/roles/paas-docker/nginx/config.sls
@@ -0,0 +1,40 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-03-16
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
+
+# -------------------------------------------------------------
+# includes folder
+#
+# :: general configuration
+# :: application-specific code
+# -------------------------------------------------------------
+
+{{ dirs.etc }}/nginx/includes:
+ file.recurse:
+ - source: salt://roles/paas-docker/nginx/files/includes
+ - dir_mode: 755
+ - file_mode: 644
+
+# -------------------------------------------------------------
+# vhosts folder
+# -------------------------------------------------------------
+
+{% for container, args in containers.items() %}
+
+{{ dirs.etc }}/nginx/vhosts/{{ container }}.conf:
+ file.managed:
+ - source: salt://roles/paas-docker/nginx/files/vhosts/{{ container }}.conf
+ - mode: 644
+ - template: jinja
+ - context:
+ fqdn: {{ args['host'] }}
+ app_port: {{ args['app_port'] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/includes/letsencrypt b/roles/paas-docker/nginx/files/includes/letsencrypt
new file mode 100644
index 0000000..9e7a1cc
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/letsencrypt
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------
+# Configuration for Let's encrypt nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2016-01-05
+# Description: Get SSL certificates from Let's encrypt
+# Source file: roles/paas-docker/nginx/files/includes/letsencrypt
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+ location /.well-known/acme-challenge {
+ default_type text/plain;
+ root /data/letsencrypt/www;
+ }
diff --git a/roles/paas-docker/nginx/files/includes/proxy_params b/roles/paas-docker/nginx/files/includes/proxy_params
new file mode 100644
index 0000000..a1af738
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/proxy_params
@@ -0,0 +1,48 @@
+# -------------------------------------------------------------
+# Configuration for Nasqueron web sites
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2018-03-16
+# Project: Nasqueron
+# Description: nginx proxy configuration
+# License: Trivial work, not eligible for copyright.
+# Source file: roles/paas-docker/nginx/files/includes/proxy_params
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+proxy_redirect off;
+
+# -------------------------------------------------------------
+# Headers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Host $http_host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+# -------------------------------------------------------------
+# Maximum upload size
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+client_max_body_size 10m;
+client_body_buffer_size 128k;
+
+# -------------------------------------------------------------
+# Other proxy parameters
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_connect_timeout 90;
+proxy_send_timeout 90;
+proxy_read_timeout 90;
+
+proxy_buffer_size 4k;
+proxy_buffers 4 32k;
+proxy_busy_buffers_size 64k;
+proxy_temp_file_write_size 64k;
diff --git a/roles/paas-docker/nginx/files/vhosts/jenkins.conf b/roles/paas-docker/nginx/files/vhosts/jenkins.conf
new file mode 100644
index 0000000..9e25347
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/jenkins.conf
@@ -0,0 +1,45 @@
+# -------------------------------------------------------------
+# Configuration for Docker PaaS front-end nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckso
+# Created: 2018-03-12
+# Source file: roles/paas-docker/nginx/files/vhosts/jenkins.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ fqdn }};
+
+ include includes/letsencrypt;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name {{ fqdn }};
+
+ include includes/tls;
+ ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+ ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+ location / {
+ proxy_redirect http:// https://;
+ proxy_pass http://localhost:{{ app_port }};
+
+ include includes/proxy_params;
+
+ # Required for new HTTP-based CLI
+ # https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
+ proxy_http_version 1.1;
+ proxy_request_buffering off;
+ proxy_buffering off; # Required for HTTP-based CLI to work over SSL
+ }
+}
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/nginx/init.sls
similarity index 64%
copy from roles/paas-docker/containers/init.sls
copy to roles/paas-docker/nginx/init.sls
index fb68cdc..b0aa299 100644
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/nginx/init.sls
@@ -1,14 +1,10 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-03-11
+# Created: 2018-03-16
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], []) %}
-
include:
-{% for container in containers %}
- - .{{ container }}
-{% endfor %}
+ - .config

File Metadata

Mime Type
text/x-diff
Expires
Sun, Oct 12, 05:52 (1 d, 8 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3065222
Default Alt Text
(9 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator