Commit ae1938ece3b851f92f7a5722c8974b33d093c7ad
Committed by
Luciano Prestes
Luciano Prestes
1 parent
b89c37f4
Exists in
master
and in
51 other branches
Sisp redirect
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> Signed-off-by: Sergio Oliveira <seocam@seocam.com>
Showing
11 changed files
with
79 additions
and
7 deletions
Show diff stats
config/cdtc/config.yaml
| 1 | admins: | 1 | admins: |
| 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] | 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] |
| 3 | external_hostname: spb.cdtc.unb.br | 3 | external_hostname: spb.cdtc.unb.br |
| 4 | +sisp_external_hostname: sisp.cdtc.unb.br | ||
| 4 | external_ip: 164.41.9.49 | 5 | external_ip: 164.41.9.49 |
| 5 | site_url: https://spb.cdtc.unb.br | 6 | site_url: https://spb.cdtc.unb.br |
| 6 | colab_from_address: '"Portal do Software Publico" <noreply@spb.cdtc.unb.br>' | 7 | colab_from_address: '"Portal do Software Publico" <noreply@spb.cdtc.unb.br>' |
config/dev/config.yaml
| 1 | admins: | 1 | admins: |
| 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] | 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] |
| 3 | external_hostname: dev.softwarepublico.gov.br | 3 | external_hostname: dev.softwarepublico.gov.br |
| 4 | +sisp_external_hostname: dev.sisp.gov.br | ||
| 4 | external_ip: 189.9.151.16 | 5 | external_ip: 189.9.151.16 |
| 5 | alternative_hostnames: | 6 | alternative_hostnames: |
| 6 | - www.dev.softwarepublico.gov.br | 7 | - www.dev.softwarepublico.gov.br |
config/homologa/config.yaml
| @@ -4,6 +4,7 @@ admins: | @@ -4,6 +4,7 @@ admins: | ||
| 4 | - ["Nayanne Araújo", "nayanne.bonifacio@planejamento.gov.br"] | 4 | - ["Nayanne Araújo", "nayanne.bonifacio@planejamento.gov.br"] |
| 5 | - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"] | 5 | - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"] |
| 6 | external_hostname: homologa.softwarepublico.gov.br | 6 | external_hostname: homologa.softwarepublico.gov.br |
| 7 | +sisp_external_hostname: homologa.sisp.gov.br | ||
| 7 | external_ip: 189.9.151.65 | 8 | external_ip: 189.9.151.65 |
| 8 | alt_ssh_port: 55555 | 9 | alt_ssh_port: 55555 |
| 9 | site_url: https://homologa.softwarepublico.gov.br | 10 | site_url: https://homologa.softwarepublico.gov.br |
config/lappis/config.yaml
| @@ -2,6 +2,7 @@ admins: | @@ -2,6 +2,7 @@ admins: | ||
| 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] | 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] |
| 3 | site_url: https://softwarepublico.lappis | 3 | site_url: https://softwarepublico.lappis |
| 4 | external_hostname: softwarepublico.lappis | 4 | external_hostname: softwarepublico.lappis |
| 5 | +sisp_external_hostname: sisp.lappis | ||
| 5 | external_ip: 10.0.0.11 | 6 | external_ip: 10.0.0.11 |
| 6 | colab_from_address: '"Portal do Software Publico" <noreply@softwarepublico.lappis>' | 7 | colab_from_address: '"Portal do Software Publico" <noreply@softwarepublico.lappis>' |
| 7 | server_email: '"Portal do Software Publico" <noreply@softwarepublico.lappis>' | 8 | server_email: '"Portal do Software Publico" <noreply@softwarepublico.lappis>' |
config/local/config.yaml
| @@ -2,6 +2,7 @@ admins: | @@ -2,6 +2,7 @@ admins: | ||
| 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] | 2 | - ["Paulo Meirelles", "paulo@softwarelivre.org"] |
| 3 | site_url: https://softwarepublico.dev | 3 | site_url: https://softwarepublico.dev |
| 4 | external_hostname: softwarepublico.dev | 4 | external_hostname: softwarepublico.dev |
| 5 | +sisp_external_hostname: sisp.dev | ||
| 5 | alternative_hostnames: | 6 | alternative_hostnames: |
| 6 | - www.softwarepublico.dev | 7 | - www.softwarepublico.dev |
| 7 | - beta.softwarepublico.dev | 8 | - beta.softwarepublico.dev |
config/prod/config.yaml
| @@ -5,6 +5,7 @@ admins: | @@ -5,6 +5,7 @@ admins: | ||
| 5 | - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"] | 5 | - ["Marisa Souza dos Santos", "marisa.santos@planejamento.gov.br"] |
| 6 | site_url: https://softwarepublico.gov.br | 6 | site_url: https://softwarepublico.gov.br |
| 7 | external_hostname: softwarepublico.gov.br | 7 | external_hostname: softwarepublico.gov.br |
| 8 | +sisp_external_hostname: sisp.gov.br | ||
| 8 | alternative_hostnames: | 9 | alternative_hostnames: |
| 9 | - www.softwarepublico.gov.br | 10 | - www.softwarepublico.gov.br |
| 10 | - portal.softwarepublico.gov.br | 11 | - portal.softwarepublico.gov.br |
cookbooks/colab/templates/00-custom_settings.py.erb
| @@ -28,7 +28,8 @@ SECRET_KEY = "<%= File.read('/etc/colab/secret.key').strip %>" | @@ -28,7 +28,8 @@ SECRET_KEY = "<%= File.read('/etc/colab/secret.key').strip %>" | ||
| 28 | 28 | ||
| 29 | SITE_URL = "<%= node['config']['site_url'] %>" | 29 | SITE_URL = "<%= node['config']['site_url'] %>" |
| 30 | 30 | ||
| 31 | -ALLOWED_HOSTS = ["<%= node['config']['external_hostname'] %>"] | 31 | +ALLOWED_HOSTS = ["<%= node['config']['external_hostname'] %>", |
| 32 | + "<%= node['config']['sisp_external_hostname'] %>"] | ||
| 32 | 33 | ||
| 33 | ## Disable indexing | 34 | ## Disable indexing |
| 34 | ROBOTS_NOINDEX = False | 35 | ROBOTS_NOINDEX = False |
cookbooks/colab/templates/colab.conf.erb
| @@ -5,7 +5,7 @@ upstream colab { | @@ -5,7 +5,7 @@ upstream colab { | ||
| 5 | server { | 5 | server { |
| 6 | listen *:80; | 6 | listen *:80; |
| 7 | 7 | ||
| 8 | - server_name <%= node['config']['external_hostname'] %>; | 8 | + server_name <%= node['config']['external_hostname'] %> <%= node['config']['sisp_external_hostname'] %>; |
| 9 | 9 | ||
| 10 | access_log /var/log/nginx/colab.access.log; | 10 | access_log /var/log/nginx/colab.access.log; |
| 11 | error_log /var/log/nginx/colab.error.log; | 11 | error_log /var/log/nginx/colab.error.log; |
cookbooks/noosfero/templates/nginx.conf.erb
| @@ -6,7 +6,7 @@ upstream noosfero { | @@ -6,7 +6,7 @@ upstream noosfero { | ||
| 6 | 6 | ||
| 7 | server { | 7 | server { |
| 8 | listen *:80; | 8 | listen *:80; |
| 9 | - server_name <%= node['config']['external_hostname'] %> <%= node['peers']['social'] %>; | 9 | + server_name <%= node['config']['external_hostname'] %> <%= node['peers']['social'] %> <%= node['config']['sisp_external_hostname'] %>; |
| 10 | underscores_in_headers on; | 10 | underscores_in_headers on; |
| 11 | access_log /var/log/nginx/noosfero.access.log; | 11 | access_log /var/log/nginx/noosfero.access.log; |
| 12 | error_log /var/log/nginx/noosfero.error.log; | 12 | error_log /var/log/nginx/noosfero.error.log; |
| @@ -24,7 +24,7 @@ server { | @@ -24,7 +24,7 @@ server { | ||
| 24 | proxy_read_timeout 90; | 24 | proxy_read_timeout 90; |
| 25 | proxy_connect_timeout 90; | 25 | proxy_connect_timeout 90; |
| 26 | proxy_redirect off; | 26 | proxy_redirect off; |
| 27 | - proxy_set_header Host <%= node['config']['external_hostname'] %>; | 27 | + proxy_set_header Host $host; |
| 28 | proxy_set_header X-Real-IP $remote_addr; | 28 | proxy_set_header X-Real-IP $remote_addr; |
| 29 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | 29 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 30 | } | 30 | } |
cookbooks/reverse_proxy/recipes/default.rb
| @@ -6,6 +6,13 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do | @@ -6,6 +6,13 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do | ||
| 6 | notifies :restart, 'service[nginx]' | 6 | notifies :restart, 'service[nginx]' |
| 7 | end | 7 | end |
| 8 | 8 | ||
| 9 | +cookbook_file "/etc/nginx/#{node['config']['sisp_external_hostname']}.crt" do | ||
| 10 | + owner 'root' | ||
| 11 | + group 'root' | ||
| 12 | + mode 0600 | ||
| 13 | + notifies :restart, 'service[nginx]' | ||
| 14 | +end | ||
| 15 | + | ||
| 9 | cookbook_file "/etc/sysctl.d/ip_forward.conf" do | 16 | cookbook_file "/etc/sysctl.d/ip_forward.conf" do |
| 10 | owner 'root' | 17 | owner 'root' |
| 11 | group 'root' | 18 | group 'root' |
| @@ -23,6 +30,13 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.key" do | @@ -23,6 +30,13 @@ cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.key" do | ||
| 23 | notifies :restart, 'service[nginx]' | 30 | notifies :restart, 'service[nginx]' |
| 24 | end | 31 | end |
| 25 | 32 | ||
| 33 | +cookbook_file "/etc/nginx/#{node['config']['sisp_external_hostname']}.key" do | ||
| 34 | + owner 'root' | ||
| 35 | + group 'root' | ||
| 36 | + mode 0600 | ||
| 37 | + notifies :restart, 'service[nginx]' | ||
| 38 | +end | ||
| 39 | + | ||
| 26 | template '/etc/nginx/conf.d/reverse_proxy.conf' do | 40 | template '/etc/nginx/conf.d/reverse_proxy.conf' do |
| 27 | owner 'root' | 41 | owner 'root' |
| 28 | group 'root' | 42 | group 'root' |
cookbooks/reverse_proxy/templates/reverse_proxy.conf.erb
| @@ -5,14 +5,14 @@ upstream colab { | @@ -5,14 +5,14 @@ upstream colab { | ||
| 5 | server { | 5 | server { |
| 6 | listen *:80; | 6 | listen *:80; |
| 7 | 7 | ||
| 8 | - server_name <%= node['config']['external_hostname'] %>; | ||
| 9 | - return 301 https://$server_name$request_uri; | 8 | + server_name <%= node['config']['external_hostname'] %> <%= node['config']['sisp_external_hostname'] %>; |
| 9 | + return 301 https://$host$request_uri; | ||
| 10 | } | 10 | } |
| 11 | 11 | ||
| 12 | server { | 12 | server { |
| 13 | listen *:443 ssl; | 13 | listen *:443 ssl; |
| 14 | 14 | ||
| 15 | - server_name <%= node['config']['external_hostname'] %>; | 15 | + server_name <%= node['config']['external_hostname'] %> <%= node['config']['sisp_external_hostname'] %>; |
| 16 | client_max_body_size 500m; | 16 | client_max_body_size 500m; |
| 17 | 17 | ||
| 18 | ssl on; | 18 | ssl on; |
| @@ -28,6 +28,57 @@ server { | @@ -28,6 +28,57 @@ server { | ||
| 28 | access_log /var/log/nginx/ssl-<%= node['config']['external_hostname'] %>.access.log; | 28 | access_log /var/log/nginx/ssl-<%= node['config']['external_hostname'] %>.access.log; |
| 29 | error_log /var/log/nginx/ssl-<%= node['config']['external_hostname'] %>.error.log; | 29 | error_log /var/log/nginx/ssl-<%= node['config']['external_hostname'] %>.error.log; |
| 30 | 30 | ||
| 31 | + location ~ ^/social/sisp { | ||
| 32 | + return 302 http://<%= node['config']['sisp_external_hostname'] %>; | ||
| 33 | + } | ||
| 34 | + | ||
| 35 | + # TODO caching | ||
| 36 | + location / { | ||
| 37 | + proxy_pass http://colab; | ||
| 38 | + proxy_read_timeout 90; | ||
| 39 | + proxy_connect_timeout 90; | ||
| 40 | + proxy_redirect off; | ||
| 41 | + proxy_set_header Host $host; | ||
| 42 | + proxy_set_header X-Real-IP $remote_addr; | ||
| 43 | + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| 44 | + proxy_set_header X-Forwarded-Proto https; | ||
| 45 | + proxy_set_header Remote-User ''; | ||
| 46 | + proxy_set_header REMOTE_USER ''; | ||
| 47 | + } | ||
| 48 | + | ||
| 49 | + location /doc/ { | ||
| 50 | + root /srv; | ||
| 51 | + } | ||
| 52 | + | ||
| 53 | +} | ||
| 54 | + | ||
| 55 | +server { | ||
| 56 | + listen *:443 ssl; | ||
| 57 | + | ||
| 58 | + server_name <%= node['config']['sisp_external_hostname'] %>; | ||
| 59 | + client_max_body_size 150m; | ||
| 60 | + | ||
| 61 | + ssl on; | ||
| 62 | + | ||
| 63 | + ssl_certificate /etc/nginx/<%= node['config']['sisp_external_hostname'] %>.crt; | ||
| 64 | + ssl_certificate_key /etc/nginx/<%= node['config']['sisp_external_hostname'] %>.key; | ||
| 65 | + ssl_session_cache shared:SSL:10m; | ||
| 66 | + ssl_session_timeout 5m; | ||
| 67 | + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | ||
| 68 | + ssl_ciphers HIGH:!aNULL:!MD5; | ||
| 69 | + ssl_prefer_server_ciphers on; | ||
| 70 | + | ||
| 71 | + access_log /var/log/nginx/ssl-<%= node['config']['sisp_external_hostname'] %>.access.log; | ||
| 72 | + error_log /var/log/nginx/ssl-<%= node['config']['sisp_external_hostname'] %>.error.log; | ||
| 73 | + | ||
| 74 | + location ~ ^/$ { | ||
| 75 | + return 301 /social/sisp; | ||
| 76 | + } | ||
| 77 | + | ||
| 78 | + location ~ ^/gitlab { | ||
| 79 | + return 302 http://<%= node['config']['external_hostname'] %>$request_uri; | ||
| 80 | + } | ||
| 81 | + | ||
| 31 | # TODO caching | 82 | # TODO caching |
| 32 | location / { | 83 | location / { |
| 33 | proxy_pass http://colab; | 84 | proxy_pass http://colab; |