From 41455a27d35a716f2f15cb60c282fe33696688a0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Javier=20B=C3=A9rtoli?= Date: Fri, 25 Feb 2022 19:17:25 -0300 Subject: [PATCH] 18785: fix letsencrypt/nginx deployment issues for single-host/single-hostname MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- .../pillars/aws_credentials.sls | 9 +++++++ .../single_hostname/pillars/letsencrypt.sls | 24 +++++++++++++++++++ .../nginx_controller_configuration.sls | 2 +- .../pillars/nginx_passenger.sls | 14 +++++++++-- 4 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 tools/salt-install/config_examples/single_host/single_hostname/pillars/aws_credentials.sls create mode 100644 tools/salt-install/config_examples/single_host/single_hostname/pillars/letsencrypt.sls diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/aws_credentials.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/aws_credentials.sls new file mode 100644 index 0000000000..35cdbf7bde --- /dev/null +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/aws_credentials.sls @@ -0,0 +1,9 @@ +--- +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +aws_credentials: + region: __LE_AWS_REGION__ + access_key_id: __LE_AWS_ACCESS_KEY_ID__ + secret_access_key: __LE_AWS_SECRET_ACCESS_KEY__ diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/letsencrypt.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/letsencrypt.sls new file mode 100644 index 0000000000..895c65017d --- /dev/null +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/letsencrypt.sls @@ -0,0 +1,24 @@ +--- +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +### LETSENCRYPT +letsencrypt: + use_package: true + pkgs: + - certbot: latest + - python3-certbot-nginx + config: + server: https://acme-v02.api.letsencrypt.org/directory + email: __INITIAL_USER_EMAIL__ + authenticator: nginx + agree-tos: true + keep-until-expiring: true + expand: true + max-log-backups: 0 + deploy-hook: systemctl reload nginx + + domainsets: + __HOSTNAME_EXT__: + - __HOSTNAME_EXT__ diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls index 08aba90494..cfd1525924 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_controller_configuration.sls @@ -27,7 +27,7 @@ nginx: - server: - server_name: _ - listen: - - 80 default_server + - 80 - location /.well-known: - root: /var/www - location /: diff --git a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_passenger.sls b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_passenger.sls index a4d3c34f26..854c543aca 100644 --- a/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_passenger.sls +++ b/tools/salt-install/config_examples/single_host/single_hostname/pillars/nginx_passenger.sls @@ -69,6 +69,16 @@ nginx: ### SITES servers: managed: - # Remove default webserver + # Update default config to redirect to https default: - enabled: false + enabled: true + overwrite: true + config: + - server: + - server_name: _ + - listen: + - 80 default_server + - location /.well-known: + - root: /var/www + - location /: + - return: '301 https://$host$request_uri' -- 2.30.2