Download as
Browse Code »

Commit 8592f2b5dd90570c38710df67760751d48e636b7

Authored by Sergio Oliveira
2 parents 279ab334 211bc5d3
Exists in master and in 90 other branches 3.x, add_sisp_to_chef, add_super_archives_plugin, api_for_colab, automates_core_packing, backup, backup_not_prod, cdtc_configuration, changes_in_buttons_on_content_panel, colab_automated_login, colab_spb_plugin_recipe, colab_widgets_settings, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_breadcrumbs_position, fix_categories_software_link, fix_edit_institution, fix_edit_software_with_another_license, fix_get_license_info, fix_gitlab_assets_permission, fix_list_style_inside_article, fix_list_style_on_folder_elements, fix_members_pagination, fix_merge_request_url, fix_models_translations, fix_no_license, fix_software_api, fix_software_block_migration, fix_software_communities_translations, fix_software_communities_unit_test, fix_style_create_institution_admin_panel, fix_superarchives_imports, fix_sym_links_noosfero, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc_settings, margin_fix, mezuro_cookbook, performance, prezento, r3, refactor_download_block, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_broken_theme, remove_secondary_email_from_user, remove_sisp_buttons, removing_super_archives_email, review_message, scope2method, signals_user_noosfero, sisp_catalog_header, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_communities_html_refactor, software_infos_api, spb_minimal_env, spb_to_rails4, spec_refactor, stable-4.1, stable-4.2, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, theme_header, theme_javascript_refactory, thread_dropdown, thread_page, update_search_by_categories, update_software_api, update_softwares_boxes

Merge branch 'reverseproxy-port-forward'

Showing 6 changed files with 34 additions and 3 deletions   Show diff stats
cookbooks/gitlab/templates/gitlab-shell.yml.erb
  Diff comments   View file @8592f2b
... ... @@ -8,7 +8,7 @@ http_settings:
8 8 # ca_path: /etc/pki/tls/certs
9 9 self_signed_cert: false
10 10  
11   -repos_path: "/var/lib/gitlab/repositories/"
  11 +repos_path: "/var/lib/gitlab-shell/repositories/"
12 12 auth_file: "/var/lib/gitlab-shell/.ssh/authorized_keys"
13 13  
14 14 redis:
... ...
cookbooks/gitlab/templates/gitlab.yml.erb
  Diff comments   View file @8592f2b
... ... @@ -29,7 +29,7 @@ production: &base
29 29 path: /var/lib/gitlab/backups
30 30 gitlab_shell:
31 31 path: /usr/lib/gitlab-shell
32   - repos_path: /var/lib/gitlab/repositories/
  32 + repos_path: /var/lib/gitlab-shell/repositories/
33 33 hooks_path: /usr/lib/gitlab-shell/hooks/
34 34 # Git over HTTP
35 35 upload_pack: true
... ...
cookbooks/reverse_proxy/files/ip_forward.conf 0 → 100644
  Diff comments   View file @8592f2b
... ... @@ -0,0 +1 @@
  1 +net.ipv4.ip_forward = 1
... ...
cookbooks/reverse_proxy/recipes/default.rb
  Diff comments   View file @8592f2b
  1 +package 'iptables-services'
  2 +
  3 +service 'iptables' do
  4 + action :enable
  5 + supports :restart => true
  6 +end
  7 +
  8 +template '/etc/sysconfig/iptables' do
  9 + owner 'root'
  10 + group 'root'
  11 + mode 0644
  12 + notifies :restart, 'service[iptables]'
  13 +end
  14 +
1 15 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
2 16 owner 'root'
3 17 group 'root'
... ... @@ -5,6 +19,14 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
5 19 notifies :restart, 'service[nginx]'
6 20 end
7 21  
  22 +cookbook_file "/etc/sysctl.d/ip_forward.conf" do
  23 + owner 'root'
  24 + group 'root'
  25 + mode 0644
  26 +end
  27 +
  28 +execute 'sysctl -w net.ipv4.ip_forward=1'
  29 +
8 30 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.key" do
9 31 owner 'root'
10 32 group 'root'
... ...
cookbooks/reverse_proxy/templates/iptables.erb 0 → 100644
  Diff comments   View file @8592f2b
... ... @@ -0,0 +1,7 @@
  1 +*nat
  2 +
  3 +# Forward reverseproxy:22 to integration:22. Required to enable git pushes over SSH
  4 +-A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
  5 +-A POSTROUTING -d <%= node['peers']['integration'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['reverseproxy'] %>
  6 +
  7 +COMMIT
... ...
server
  Diff comments   View file @8592f2b
... ... @@ -13,13 +13,14 @@ fi
13 13 sudo -v
14 14 sudo redir --lport 80 --cport 80 --caddr $reverseproxy &
15 15 sudo redir --lport 443 --cport 443 --caddr $reverseproxy &
  16 +sudo redir --lport 22 --cport 22 --caddr $reverseproxy &
16 17  
17 18 cleanup() {
18 19 sudo -v
19 20 sudo pkill -9 redir
20 21 }
21 22  
22   -echo "Forwarding ports 80 and 443"
  23 +echo "Forwarding ports 22, 80 and 443"
23 24 echo "Hit ctrl-c to stop"
24 25 echo "Browse to: https://softwarepublico.dev/"
25 26 echo "Browse to: https://listas.softwarepublico.dev/"
... ...