From ae1938ece3b851f92f7a5722c8974b33d093c7ad Mon Sep 17 00:00:00 2001
From: Sergio Oliveira <seocam@seocam.com>
Date: Thu, 10 Dec 2015 14:23:02 -0200
Subject: [PATCH] Sisp redirect Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> Signed-off-by: Sergio Oliveira <seocam@seocam.com>

---
 config/cdtc/config.yaml                                  |  1 +
 config/dev/config.yaml                                   |  1 +
 config/homologa/config.yaml                              |  1 +
 config/lappis/config.yaml                                |  1 +
 config/local/config.yaml                                 |  1 +
 config/prod/config.yaml                                  |  1 +
 cookbooks/colab/templates/00-custom_settings.py.erb      |  3 ++-
 cookbooks/colab/templates/colab.conf.erb                 |  2 +-
 cookbooks/noosfero/templates/nginx.conf.erb              |  4 ++--
 cookbooks/reverse_proxy/recipes/default.rb               | 14 ++++++++++++++
 cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 11 files changed, 79 insertions(+), 7 deletions(-)

diff --git a/config/cdtc/config.yaml b/config/cdtc/config.yaml
index 0c78c53..4f9b834 100644
--- a/config/cdtc/config.yaml
+++ b/config/cdtc/config.yaml
@@ -1,6 +1,7 @@
 admins:
   - ["Paulo Meirelles", "paulo@softwarelivre.org"]
 external_hostname: spb.cdtc.unb.br
+sisp_external_hostname: sisp.cdtc.unb.br
 external_ip: 164.41.9.49
 site_url: https://spb.cdtc.unb.br
 colab_from_address: '"Portal do Software Publico" <noreply@spb.cdtc.unb.br>'
diff --git a/config/dev/config.yaml b/config/dev/config.yaml
index 272112e..8a5ee9b 100644
--- a/config/dev/config.yaml
+++ b/config/dev/config.yaml
@@ -1,6 +1,7 @@
 admins:
   - ["Paulo Meirelles", "paulo@softwarelivre.org"]
 external_hostname: dev.softwarepublico.gov.br
+sisp_external_hostname: dev.sisp.gov.br
 external_ip: 189.9.151.16
 alternative_hostnames:
   - www.dev.softwarepublico.gov.br
diff --git a/config/homologa/config.yaml b/config/homologa/config.yaml
index 4e0a793..4e8ca2a 100644
--- a/config/homologa/config.yaml
+++ b/config/homologa/config.yaml
@@ -4,6 +4,7 @@ admins:
   - ["Nayanne Araújo", "nayanne.bonifacio@planejamento.gov.br"]
   - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"]
 external_hostname: homologa.softwarepublico.gov.br
+sisp_external_hostname: homologa.sisp.gov.br
 external_ip: 189.9.151.65
 alt_ssh_port: 55555
 site_url: https://homologa.softwarepublico.gov.br
diff --git a/config/lappis/config.yaml b/config/lappis/config.yaml
index fbaf138..ba38850 100644
--- a/config/lappis/config.yaml
+++ b/config/lappis/config.yaml
@@ -2,6 +2,7 @@ admins:
   - ["Paulo Meirelles", "paulo@softwarelivre.org"]
 site_url: https://softwarepublico.lappis
 external_hostname: softwarepublico.lappis
+sisp_external_hostname: sisp.lappis
 external_ip: 10.0.0.11
 colab_from_address: '"Portal do Software Publico" <noreply@softwarepublico.lappis>'
 server_email: '"Portal do Software Publico" <noreply@softwarepublico.lappis>'
diff --git a/config/local/config.yaml b/config/local/config.yaml
index 3eeed78..b07f138 100644
--- a/config/local/config.yaml
+++ b/config/local/config.yaml
@@ -2,6 +2,7 @@ admins:
   - ["Paulo Meirelles", "paulo@softwarelivre.org"]
 site_url: https://softwarepublico.dev
 external_hostname: softwarepublico.dev
+sisp_external_hostname: sisp.dev
 alternative_hostnames:
   - www.softwarepublico.dev
   - beta.softwarepublico.dev
diff --git a/config/prod/config.yaml b/config/prod/config.yaml
index 516adb3..68b0160 100644
--- a/config/prod/config.yaml
+++ b/config/prod/config.yaml
@@ -5,6 +5,7 @@ admins:
   - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"]
 site_url: https://softwarepublico.gov.br
 external_hostname: softwarepublico.gov.br
+sisp_external_hostname: sisp.gov.br
 alternative_hostnames:
   - www.softwarepublico.gov.br
   - portal.softwarepublico.gov.br
diff --git a/cookbooks/colab/templates/00-custom_settings.py.erb b/cookbooks/colab/templates/00-custom_settings.py.erb
index eacd8b2..9c5f939 100644
--- a/cookbooks/colab/templates/00-custom_settings.py.erb
+++ b/cookbooks/colab/templates/00-custom_settings.py.erb
@@ -28,7 +28,8 @@ SECRET_KEY = "<%= File.read('/etc/colab/secret.key').strip %>"
 
 SITE_URL = "<%= node['config']['site_url'] %>"
 
-ALLOWED_HOSTS = ["<%= node['config']['external_hostname'] %>"]
+ALLOWED_HOSTS = ["<%= node['config']['external_hostname'] %>",
+                 "<%= node['config']['sisp_external_hostname'] %>"]
 
 ## Disable indexing
 ROBOTS_NOINDEX = False
diff --git a/cookbooks/colab/templates/colab.conf.erb b/cookbooks/colab/templates/colab.conf.erb
index f3ef2b7..3148d93 100644
--- a/cookbooks/colab/templates/colab.conf.erb
+++ b/cookbooks/colab/templates/colab.conf.erb
@@ -5,7 +5,7 @@ upstream colab {
 server {
   listen                *:80;
 
-  server_name           <%= node['config']['external_hostname'] %>;
+  server_name           <%= node['config']['external_hostname'] %> <%= node['config']['sisp_external_hostname'] %>;
 
   access_log            /var/log/nginx/colab.access.log;
   error_log             /var/log/nginx/colab.error.log;
diff --git a/cookbooks/noosfero/templates/nginx.conf.erb b/cookbooks/noosfero/templates/nginx.conf.erb
index bf15f92..2218b36 100644
--- a/cookbooks/noosfero/templates/nginx.conf.erb
+++ b/cookbooks/noosfero/templates/nginx.conf.erb
@@ -6,7 +6,7 @@ upstream noosfero {
 
 server {
   listen *:80;
-  server_name <%= node['config']['external_hostname'] %> <%= node['peers']['social'] %>;
+  server_name <%= node['config']['external_hostname'] %> <%= node['peers']['social'] %> <%= node['config']['sisp_external_hostname'] %>;
   underscores_in_headers  on;
   access_log            /var/log/nginx/noosfero.access.log;
   error_log             /var/log/nginx/noosfero.error.log;
@@ -24,7 +24,7 @@ server {
     proxy_read_timeout      90;
     proxy_connect_timeout   90;
     proxy_redirect          off;
-    proxy_set_header        Host <%= node['config']['external_hostname'] %>;
+    proxy_set_header        Host $host;
     proxy_set_header        X-Real-IP $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
   }
diff --git a/cookbooks/reverse_proxy/recipes/default.rb b/cookbooks/reverse_proxy/recipes/default.rb
index 379dcbe..6453dd6 100644
--- a/cookbooks/reverse_proxy/recipes/default.rb
+++ b/cookbooks/reverse_proxy/recipes/default.rb
@@ -6,6 +6,13 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
   notifies :restart, 'service[nginx]'
 end
 
+cookbook_file "/etc/nginx/#{node['config']['sisp_external_hostname']}.crt" do
+  owner 'root'
+  group 'root'
+  mode 0600
+  notifies :restart, 'service[nginx]'
+end
+
 cookbook_file "/etc/sysctl.d/ip_forward.conf" do
   owner 'root'
   group 'root'
@@ -23,6 +30,13 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.key" do
   notifies :restart, 'service[nginx]'
 end
 
+cookbook_file "/etc/nginx/#{node['config']['sisp_external_hostname']}.key" do
+  owner 'root'
+  group 'root'
+  mode 0600
+  notifies :restart, 'service[nginx]'
+end
+
 template '/etc/nginx/conf.d/reverse_proxy.conf' do
   owner 'root'
   group 'root'
diff --git a/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb b/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb
index eaec37c..abbf42b 100644
--- a/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb
+++ b/cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb
@@ -5,14 +5,14 @@ upstream colab {
 server {
   listen                *:80;
 
-  server_name           <%= node['config']['external_hostname'] %>;
-  return                301 https://$server_name$request_uri;
+  server_name           <%= node['config']['external_hostname'] %> <%= node['config']['sisp_external_hostname'] %>;
+  return                301 https://$host$request_uri;
 }
 
 server {
   listen                *:443 ssl;
 
-  server_name           <%= node['config']['external_hostname'] %>;
+  server_name           <%= node['config']['external_hostname'] %> <%= node['config']['sisp_external_hostname'] %>;
   client_max_body_size  500m;
 
   ssl on;
@@ -28,6 +28,57 @@ server {
   access_log            /var/log/nginx/ssl-<%= node['config']['external_hostname'] %>.access.log;
   error_log             /var/log/nginx/ssl-<%= node['config']['external_hostname'] %>.error.log;
 
+  location ~ ^/social/sisp {
+    return 302 http://<%= node['config']['sisp_external_hostname'] %>;
+  }
+
+  # TODO caching
+  location / {
+    proxy_pass              http://colab;
+    proxy_read_timeout      90;
+    proxy_connect_timeout   90;
+    proxy_redirect          off;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto https;
+    proxy_set_header        Remote-User '';
+    proxy_set_header        REMOTE_USER '';
+  }
+
+  location /doc/ {
+    root /srv;
+  }
+
+}
+
+server {
+  listen                *:443 ssl;
+
+  server_name           <%= node['config']['sisp_external_hostname'] %>;
+  client_max_body_size  150m;
+
+  ssl on;
+
+  ssl_certificate           /etc/nginx/<%= node['config']['sisp_external_hostname'] %>.crt;
+  ssl_certificate_key       /etc/nginx/<%= node['config']['sisp_external_hostname'] %>.key;
+  ssl_session_cache         shared:SSL:10m;
+  ssl_session_timeout       5m;
+  ssl_protocols             SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers               HIGH:!aNULL:!MD5;
+  ssl_prefer_server_ciphers on;
+
+  access_log            /var/log/nginx/ssl-<%= node['config']['sisp_external_hostname'] %>.access.log;
+  error_log             /var/log/nginx/ssl-<%= node['config']['sisp_external_hostname'] %>.error.log;
+
+  location ~ ^/$ {
+    return 301 /social/sisp;
+  }
+
+  location ~ ^/gitlab {
+    return 302 http://<%= node['config']['external_hostname'] %>$request_uri;
+  }
+
   # TODO caching
   location / {
     proxy_pass              http://colab;
--
libgit2 0.21.2