Page MenuHomeDevCentral
Files F3806020

D1413.diff
No OneTemporary
Actions

D1413.diff
View Options

diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -30,4 +30,7 @@
docker_containers:
equatower:
- - jenkins # CD
+ # CD
+ jenkins:
+ host: cd.nasqueron.org
+ app_port: 38080
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], []) %}
+{% set containers = salt['node.filter_by_name']('docker_containers') %}
include:
{% for container in containers %}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/config.sls
@@ -0,0 +1,40 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-03-16
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
+
+# -------------------------------------------------------------
+# includes folder
+#
+# :: general configuration
+# :: application-specific code
+# -------------------------------------------------------------
+
+{{ dirs.etc }}/nginx/includes:
+ file.recurse:
+ - source: salt://roles/paas-docker/nginx/files/includes
+ - dir_mode: 755
+ - file_mode: 644
+
+# -------------------------------------------------------------
+# vhosts folder
+# -------------------------------------------------------------
+
+{% for container, args in containers.items() %}
+
+{{ dirs.etc }}/nginx/vhosts/{{ container }}.conf:
+ file.managed:
+ - source: salt://roles/paas-docker/nginx/files/vhosts/{{ container }}.conf
+ - mode: 644
+ - template: jinja
+ - context:
+ fqdn: {{ args['host'] }}
+ app_port: {{ args['app_port'] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/includes/letsencrypt b/roles/paas-docker/nginx/files/includes/letsencrypt
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/letsencrypt
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------
+# Configuration for Let's encrypt nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2016-01-05
+# Description: Get SSL certificates from Let's encrypt
+# Source file: roles/paas-docker/nginx/files/includes/letsencrypt
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+ location /.well-known/acme-challenge {
+ default_type text/plain;
+ root /data/letsencrypt/www;
+ }
diff --git a/roles/paas-docker/nginx/files/includes/proxy_params b/roles/paas-docker/nginx/files/includes/proxy_params
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/proxy_params
@@ -0,0 +1,48 @@
+# -------------------------------------------------------------
+# Configuration for Nasqueron web sites
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2018-03-16
+# Project: Nasqueron
+# Description: nginx proxy configuration
+# License: Trivial work, not eligible for copyright.
+# Source file: roles/paas-docker/nginx/files/includes/proxy_params
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+proxy_redirect off;
+
+# -------------------------------------------------------------
+# Headers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Host $http_host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+
+# -------------------------------------------------------------
+# Maximum upload size
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+client_max_body_size 10m;
+client_body_buffer_size 128k;
+
+# -------------------------------------------------------------
+# Other proxy parameters
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+proxy_connect_timeout 90;
+proxy_send_timeout 90;
+proxy_read_timeout 90;
+
+proxy_buffer_size 4k;
+proxy_buffers 4 32k;
+proxy_busy_buffers_size 64k;
+proxy_temp_file_write_size 64k;
diff --git a/roles/paas-docker/nginx/files/vhosts/jenkins.conf b/roles/paas-docker/nginx/files/vhosts/jenkins.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/jenkins.conf
@@ -0,0 +1,45 @@
+# -------------------------------------------------------------
+# Configuration for Docker PaaS front-end nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckso
+# Created: 2018-03-12
+# Source file: roles/paas-docker/nginx/files/vhosts/jenkins.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ fqdn }};
+
+ include includes/letsencrypt;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name {{ fqdn }};
+
+ include includes/tls;
+ ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+ ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+ location / {
+ proxy_redirect http:// https://;
+ proxy_pass http://localhost:{{ app_port }};
+
+ include includes/proxy_params;
+
+ # Required for new HTTP-based CLI
+ # https://wiki.jenkins.io/display/JENKINS/Jenkins+behind+an+NGinX+reverse+proxy
+ proxy_http_version 1.1;
+ proxy_request_buffering off;
+ proxy_buffering off; # Required for HTTP-based CLI to work over SSL
+ }
+}
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/nginx/init.sls
copy from roles/paas-docker/containers/init.sls
copy to roles/paas-docker/nginx/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/nginx/init.sls
@@ -2,13 +2,9 @@
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-03-11
+# Created: 2018-03-16
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], []) %}
-
include:
-{% for container in containers %}
- - .{{ container }}
-{% endfor %}
+ - .config

File Metadata

Mime Type
text/plain
Expires
Sun, Dec 1, 05:14 (21 h, 38 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2274129
Default Alt Text
D1413.diff (7 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator