Download as
Browse Code »

Commit 6f593b86f322095fc6fe77fa4fe3cd3e86294c50

Authored by Antonio Terceiro
1 parent 0271adf8
Exists in master and in 90 other branches 3.x, add_sisp_to_chef, add_super_archives_plugin, api_for_colab, automates_core_packing, backup, backup_not_prod, cdtc_configuration, changes_in_buttons_on_content_panel, colab_automated_login, colab_spb_plugin_recipe, colab_widgets_settings, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_breadcrumbs_position, fix_categories_software_link, fix_edit_institution, fix_edit_software_with_another_license, fix_get_license_info, fix_gitlab_assets_permission, fix_list_style_inside_article, fix_list_style_on_folder_elements, fix_members_pagination, fix_merge_request_url, fix_models_translations, fix_no_license, fix_software_api, fix_software_block_migration, fix_software_communities_translations, fix_software_communities_unit_test, fix_style_create_institution_admin_panel, fix_superarchives_imports, fix_sym_links_noosfero, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc_settings, margin_fix, mezuro_cookbook, performance, prezento, r3, refactor_download_block, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_broken_theme, remove_secondary_email_from_user, remove_sisp_buttons, removing_super_archives_email, review_message, scope2method, signals_user_noosfero, sisp_catalog_header, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_communities_html_refactor, software_infos_api, spb_minimal_env, spb_to_rails4, spec_refactor, stable-4.1, stable-4.2, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, theme_header, theme_javascript_refactory, thread_dropdown, thread_page, update_search_by_categories, update_software_api, update_softwares_boxes

reverse proxy for mailman

Showing 7 changed files with 140 additions and 2 deletions   Show diff stats
config/roles/reverse_proxy_server.rb
  Diff comments   View file @6f593b8
1 name 'database_server' 1 name 'database_server'
2 description 'Reverse proxy server' 2 description 'Reverse proxy server'
3 -run_list 'recipe[basics::nginx]', 'recipe[reverse_proxy]' 3 +run_list 'recipe[basics::nginx]', 'recipe[reverse_proxy]', 'recipe[reverse_proxy::mailman]'
cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.crt 0 → 100644
  Diff comments   View file @6f593b8
@@ -0,0 +1,27 @@ @@ -0,0 +1,27 @@
  1 +-----BEGIN CERTIFICATE-----
  2 +MIIEjzCCA3egAwIBAgIJAPLzeW3WZTOqMA0GCSqGSIb3DQEBCwUAMIHdMQswCQYD
  3 +VQQGEwJCUjEZMBcGA1UECAwQRGlzdHJpdG8gRmVkZXJhbDERMA8GA1UEBwwIQnJh
  4 +c2lsaWExIzAhBgNVBAoMGk1pbmlzdGVyaW8gZG8gUGxhbmVqYW1lbnRvMS0wKwYD
  5 +VQQLDCRQcm9ncmFtYSBTb2Z0d2FyZSBQdWJsaWNvIEJyYXNpbGVpcm8xJDAiBgNV
  6 +BAMMG2JldGEuc29mdHdhcmVwdWJsaWNvLmdvdi5icjEmMCQGCSqGSIb3DQEJARYX
  7 +cGF1bG9Ac29mdHdhcmVsaXZyZS5vcmcwHhcNMTUwMjEyMTM0MDEwWhcNMTcxMTA4
  8 +MTM0MDEwWjCB3TELMAkGA1UEBhMCQlIxGTAXBgNVBAgMEERpc3RyaXRvIEZlZGVy
  9 +YWwxETAPBgNVBAcMCEJyYXNpbGlhMSMwIQYDVQQKDBpNaW5pc3RlcmlvIGRvIFBs
  10 +YW5lamFtZW50bzEtMCsGA1UECwwkUHJvZ3JhbWEgU29mdHdhcmUgUHVibGljbyBC
  11 +cmFzaWxlaXJvMSQwIgYDVQQDDBtiZXRhLnNvZnR3YXJlcHVibGljby5nb3YuYnIx
  12 +JjAkBgkqhkiG9w0BCQEWF3BhdWxvQHNvZnR3YXJlbGl2cmUub3JnMIIBIjANBgkq
  13 +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQcGwjcDku+162qWFXvfD3VzK+qonEIo
  14 +EWimjFgxkBIsbKQ6WurTg6jTdT7TCyz0bfXgNPUo2tTfOtyM2ctb/oCfu5Piu3hK
  15 +TU71/oswUWCMnPwaGhvJ7wWFrkClLNS3MYzlbGAxuLtX8KEcCSOR0109xvVMb+LD
  16 +kAUmHij1DfI9XguYS4J2xQ+aDCHZRzRxMPV7If75HtoeZ7y8bieqFL9T1+atsvbS
  17 +WuoYaJFKiW859h6Fwo/0wfkv8gSaGulSwnS2esMPfEm97QfmWbgEqq/XFkrKWtPo
  18 +ENNY8WlGFDMWdur7dlQwazjG9+OK5h3X84qDfYhzY4GPh1O+2WDudwIDAQABo1Aw
  19 +TjAdBgNVHQ4EFgQUzu9xzlM0W3YmELPcUvNlfpYcndQwHwYDVR0jBBgwFoAUzu9x
  20 +zlM0W3YmELPcUvNlfpYcndQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
  21 +AQEAaQKLFZaqLRS493o4cyJsz1mxBgbzQ+6vttEPmY1/yW391h9rBXDTlpqRt22z
  22 ++CNDzo7L2LQjlrvvqk/ByDl5xWw4z9Qy+OFGFVGDVPvhld00/7QNnqkwyYbqWghN
  23 +M0m/BZp59Bpm+eRHG1HIw0jpA/zfgVqUjoIgPWWnGJLtJh4l+GOAxwTdJh0Vp/1Q
  24 +yYiI6NRufr8+lUStojY27dC94WLX2dCUAS0imvdONWiaCZ8ktq4D3AGkni5wUVH1
  25 +knap5Bf5FRnKCTnRmZe1Wi+e2ZIMDdW4gHsC5NKO38c4agWubE68yhYiFKMRLWsd
  26 +fLq+KLdrwb++Xd0SECj/hsQYLQ==
  27 +-----END CERTIFICATE-----
cookbooks/reverse_proxy/files/host-reverseproxy/listas.softwarepublico.dev.key.asc 0 → 100644
  Diff comments   View file @6f593b8
@@ -0,0 +1,45 @@ @@ -0,0 +1,45 @@
  1 +-----BEGIN PGP MESSAGE-----
  2 +Version: GnuPG v1
  3 +
  4 +hQIMA5A8ZkAWdYz7AQ//TcszK46fmGkWA4Z1GelAIlB4oQAAkTHMRp9r3DE/HEY2
  5 +cxUwD+PvTiCKOYG5SgAJbhQmZCtSsg5Pv8IoTdTxB/+qDBcCLYXXn/EuybuIOvIO
  6 +A9g+tnAhINEQCCS04iFG13wQfMKHX1Ji1P+Fo2kiaFQzrDZBDOrb0NpyLlpGhJmy
  7 +jkGXxj02rEG3oxFvMVduHqiTX3sn10fdRKyOGVrAZS9pphcG4/INgbxTZjZKfwv5
  8 +Y788Zpu800UrFgCdlswVpxd3HJliN5klyG3qD7A8sfgvW7i+6sjl897F+Qy0Tq3g
  9 +5cZhE0E5nCnt+09xSR3ypqgKmHU+UFAObt6FkJI4CCJ14Z7OhpFbPTsOe4rxjuGK
  10 ++hY2MMsKdp0Tm5qJKMYZcFCVzswKcpot52myyZSkirjuiDkwPENMK97a3Rpd7Jxz
  11 +wrzb+Sgg3AWZtoXNLMjAE/bl/3r022B35La3IdRzrUWTnBvVnB8Lqek9+3ANjPuW
  12 +8I4a3c8a/5KnPFrfjDzNgoA3uZNiUD+lAc2/Ut2yoqpm0tLOkMRTPDP8ustGb2t3
  13 +o2QmGBLvi537Q7b9/SMGFcRHI5XoAENydUzqntF/ZM5oDg8NGm2g00JE1kebrq8E
  14 +10hnI8KKIZBb0ZnRDSE2VzztrFMD42eQoQ7eQld5psxkBeC4vmJ4DWEi8HQ/zOnS
  15 +6gEbMxvymNOP9JgiAhmCMl2iWK0UUGHeDeSeietMkQrv2xfeXu7oGkzGbgbwTJis
  16 +JEEOqQP8zT+D6WtmhR2cl7cOldajuHL+G4HVwaMIsVV9gFmLnvNBieupEcMh1PN7
  17 +LH9/tIIagDHNHkzRPtMcPXNluoCHOg1ZyhNRktOR3V/HWWUvXsRK9BGtpm3oCOBK
  18 +N09/q52JxgjlypFAOTzt/Gq7YA1AMG1dD21QIY5XMpFJbp2RY2bNJ7P4xu3Ce3T6
  19 +SHPXneBhwKicnDCL8hgqt0xfjOwdakK0A8hZlZvBvqjvd//M33KHrLJVi7l8rbM6
  20 +OFdbmzJQx/U10CgOL45kop/BFGH4upZX/dJs6crfIfiBNAMbfdD4XFkcjjIap703
  21 +VRBCLYMTRyoGqO3pZbl0GngsKKAhCaG9wEzF65Zlp6FK6vSbepVzHWbawWmu1nY6
  22 +vyd39wVyJ/VHJinkZk5kZBbMGicxfdQli+ZLEe9CQ/LsKvNk6fIBOhwcA69aQC2p
  23 +IlQDTmXPnKUeAXHhvyYN/OohcaufCrH7c0pr8clyBEJVZC6H9IqcZiOgAc4J26Jj
  24 +JtI43QSaRfpetDkRW74MMlCFd5OnJP7gRMwuJTmF/HkU9mPXXxylVVMA3wQMF9ZT
  25 +QPpBMV5LIadmqDLW76G1cqZYhGeNUJrpQlo3jYdGWCYZyDSc97HCWcfQjEbL7F27
  26 +Vs2eHaQ5TEm4wmyPqtiTN0XnULcjyUWv/OPIRTUyjrxnvjzWfWU0K538n3HaBnPM
  27 +AswDbctYiX1HysspmoiBuA2SfUK2W97U+jiDwmY9PAzvJjp5ACmbcsFl3Ez/Lv9G
  28 +r6QKcc6y6GlSQEiUjEjIElV/t/mtGt2vrtM5YBLrxw1zYZ5CHr3d+gnAz3OMlDwv
  29 +7E1C7eLFBhXzxXy4ImL8R1lpm7D+ZLv/+WrcBRcWHQWBpJzLo4hXdBnX0Dt5JNrF
  30 +ZCkd8z0Mx/6EnpbX2hydpuz9rouVoUr6pnnMKVfdYBy3QWcp+qWK3KvOe029h2kc
  31 +YOJL5WQ2sJb71zlDx/v1O5eeKk42lPyJP4CmETqcG9qpAyEst4rsqStr8hy75Vpb
  32 +ZpOhuFR2G4cMOw4rg3WzYI/JfBk3xuME5Pp36o8eoDxUuExxHUZZYVlXVW4muN7h
  33 +ufyxK5gWalM3UDxzYV85IbRFaF2wpTFLkZr1uAuYvYXp1dwrcQMW9TBsN7c5aOwX
  34 +3GA7p6v0SbU+gp6U6WuEDJe52Bk5QL1tsZwJM9Wk4Z6hyeJ4l666g0JRoW5L92J1
  35 +wtgJPukrtj4EJawUW0HVLZtvgufPtUtXCH2ldirgNBH5YbDcNshwbc8SgB5vUdsS
  36 +VTsID8tVd63gZtpisVTcUVPApSFYFzOT4eSnKjJ4+ahKDvJmF94drG4oYQcHIBNA
  37 +cnha6OexUH3tHlsIvqnyJJJvyOnWx/ix67LchevfaucKWPeSF/ynwCrhNymmOq4l
  38 +MS0ZgNg6oa3KSP1aqt35jj5u31/pMOlZ+JMFZBp67lH70eYRVJO4LqwB5AiToQQN
  39 +VJmRzm2fMEh18zGD1bdOxOh1KKfCuCEMxHG6gU4PlwvG5d4uPULedyySQ8oQVDQy
  40 +470Irln+DHKBE4Dw52y6ymEFEA+lzKlwOiBu2QBp45x5pHvBqq9lZD6ZekrY6i6Q
  41 +lWM4vZQMrCrscVC0Mg1h9d8OeGkShXfQf24gl3VjmxwaX8k1kLAq2vyP7zFON3IA
  42 +DcQ4Wv22efQ74QH+Cxx6p3ZMwE/29On9x3Ar4o3bilkfCuWA/N1zaCEtdQLvqkDG
  43 +DsS/+k356GQr48q3orfFdhdM1PxPCQgCXx/Z3uQI1DhtBcp3C87CKQ==
  44 +=oY0Q
  45 +-----END PGP MESSAGE-----
cookbooks/reverse_proxy/recipes/default.rb
  Diff comments   View file @6f593b8
@@ -18,4 +18,3 @@ template '/etc/nginx/conf.d/reverse_proxy.conf' do @@ -18,4 +18,3 @@ template '/etc/nginx/conf.d/reverse_proxy.conf' do
18 mode 0644 18 mode 0644
19 notifies :restart, 'service[nginx]' 19 notifies :restart, 'service[nginx]'
20 end 20 end
21 -  
cookbooks/reverse_proxy/recipes/mailman.rb 0 → 100644
  Diff comments   View file @6f593b8
@@ -0,0 +1,20 @@ @@ -0,0 +1,20 @@
  1 +cookbook_file "/etc/nginx/#{node['config']['lists_hostname']}.crt" do
  2 + owner 'root'
  3 + group 'root'
  4 + mode 0600
  5 + notifies :restart, 'service[nginx]'
  6 +end
  7 +
  8 +cookbook_file "/etc/nginx/#{node['config']['lists_hostname']}.key" do
  9 + owner 'root'
  10 + group 'root'
  11 + mode 0600
  12 + notifies :restart, 'service[nginx]'
  13 +end
  14 +
  15 +template '/etc/nginx/conf.d/reverse_proxy.conf' do
  16 + owner 'root'
  17 + group 'root'
  18 + mode 0644
  19 + notifies :restart, 'service[nginx]'
  20 +end
cookbooks/reverse_proxy/templates/mailman_reverse_proxy.conf.erb 0 → 100644
  Diff comments   View file @6f593b8
@@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
  1 +upstream mailman {
  2 + server <%= node['peers']['integration'] %>:80 fail_timeout=10s;
  3 +}
  4 +
  5 +server {
  6 + listen *:80;
  7 +
  8 + server_name <%= node['config']['lists_hostname'] %>;
  9 + return 301 https://$server_name$request_uri;
  10 +}
  11 +
  12 +server {
  13 + listen *:443 ssl;
  14 +
  15 + server_name <%= node['config']['lists_hostname'] %>;
  16 +
  17 + ssl on;
  18 +
  19 + ssl_certificate /etc/nginx/<%= node['config']['lists_hostname'] %>.crt;
  20 + ssl_certificate_key /etc/nginx/<%= node['config']['lists_hostname'] %>.key;
  21 + ssl_session_cache shared:SSL:10m;
  22 + ssl_session_timeout 5m;
  23 + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  24 + ssl_ciphers HIGH:!aNULL:!MD5;
  25 + ssl_prefer_server_ciphers on;
  26 +
  27 + access_log /var/log/nginx/ssl-<%= node['config']['lists_hostname'] %>.access.log;
  28 + error_log /var/log/nginx/ssl-<%= node['config']['lists_hostname'] %>.error.log;
  29 +
  30 + # TODO caching
  31 + location / {
  32 + proxy_pass http://mailman;
  33 + proxy_read_timeout 90;
  34 + proxy_connect_timeout 90;
  35 + proxy_redirect off;
  36 + proxy_set_header Host $host;
  37 + proxy_set_header X-Real-IP $remote_addr;
  38 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  39 + proxy_set_header X-Forwarded-Proto https;
  40 + }
  41 +}
  42 +
test/reverse_proxy_test.sh
  Diff comments   View file @6f593b8
@@ -10,4 +10,9 @@ test_reverse_proxy_to_colab() { @@ -10,4 +10,9 @@ test_reverse_proxy_to_colab() {
10 assertEquals "<title>Home - Colab</title>" "$title" 10 assertEquals "<title>Home - Colab</title>" "$title"
11 } 11 }
12 12
  13 +test_redirect_http_to_mailman() {
  14 + local title="$(curl --silent --fail --location --header 'Host: listas.softwarepublico.dev' --insecure https://$reverseproxy/ | grep -i '<title>')"
  15 + assertEquals "<TITLE>listas.softwarepublico.dev Mailing Lists</TITLE>" "$title"
  16 +}
  17 +
13 . shunit2 18 . shunit2