From: Thomas Dalichow Date: Wed, 17 May 2017 10:49:30 +0000 (+0200) Subject: pixelpark - chat: install nginx + mongodb for dev-chat X-Git-Tag: v0.1.0~2983^2^2 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=305f7ea2d51e5452a917d1ea92c414d715e2e368;p=pixelpark%2Fhiera.git pixelpark - chat: install nginx + mongodb for dev-chat --- diff --git a/customer/pixelpark/chat-db01.pixelpark.com.yaml b/customer/pixelpark/chat-db01.pixelpark.com.yaml index 6a18c6b2..e9c67bba 100644 --- a/customer/pixelpark/chat-db01.pixelpark.com.yaml +++ b/customer/pixelpark/chat-db01.pixelpark.com.yaml @@ -20,6 +20,7 @@ infra::profile::mongodb_server::databases: password: "%{hiera('rocket_password')}" roles: - dbOwner + infra::profile::mongodb_server::backup::db_username: 'backup' infra::profile::mongodb_server::backup::db_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAXT58nwkAa/RCgvWlrAnpYtmyo8BAb3zaaSVGPy8tJbH8ah/uZENC5Rn7ffjrHRgROMR5G45Bx8Kl2IdUuL6bzVZouYTHVT8XnVg/qGT02JrNBUKatm+M5uq/Ag58zVg8j+37rhm9w0rJ64hJGMobksCFysLUxnKnVRvISD9VPRDeyu/A6L053b0VSiZnadRYTpG1n4wwFWjzDPahBQyyOQ5vbnvBLfBFBO8ry5XsUQCswzb7UZumMxpNsHxKyE6JytqDHRFDvIxAFmhhVVMvEn4pvkLaDrvEvIXnjh6q6Ytauarx3byX7ikBGsmkDWwdfRSrUJCTfrZkB189ijw7rzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCgD9E3wxrlhMiPjXJattskgCA0UXFyrpqUBV/2d2ThSeWcX1/GmXWujME///bh7llFQg==] diff --git a/customer/pixelpark/dev-chat.pixelpark.com.yaml b/customer/pixelpark/dev-chat.pixelpark.com.yaml index 3b0442d3..fbb3e237 100644 --- a/customer/pixelpark/dev-chat.pixelpark.com.yaml +++ b/customer/pixelpark/dev-chat.pixelpark.com.yaml @@ -1,2 +1,74 @@ --- infra::role: base +infra::additional_classes: + - nginx + - nodejs + - infra::profile::mongodb_server + +nodejs::repo_url_suffix: '4.x' +nodejs::manage_package_repo: true + +nginx::config::proxy_hide_header: + - X-Powered-By +nginx::config::http_tcp_nopush: 'on' +nginx::config::gzip_types: 'text/plain text/css text/javascript application/x-javascript application/xml text/xml application/json application/javascript application/xml+rss text/x-js' +nginx::config::gzip_comp_level: 9 +nginx::nginx_vhosts: + rocket-chat: + server_name: + - dev-chat.pixelpark.com + ssl: true + ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.com-cert.pem + ssl_key: /etc/pki/tls/private/wildcard.pixelpark.com-key.pem + ssl_dhparam: /etc/ssl/certs/dhparam.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' + rewrite_to_https: true + proxy: http://rocket_chat + add_header: + Strict-Transport-Security: "max-age=63072000" + X-Content-Type-Options: nosniff + X-XSS-Protection: '1; mode=block' + X-Frame-Options: DENY + proxy_set_header: + - 'Host $host:$server_port' + - 'Upgrade $http_upgrade' + - 'Connection "upgrade"' + - 'Host $host' + - 'X-Real-IP $remote_addr' + - 'X-Forwarded-For $proxy_add_x_forwarded_for' + - 'X-Forwarded-Proto https' + - 'X-Forwarded-Ssl on' + - 'X-Nginx-Proxy true' + - 'Referer $http_referer' + client_max_body_size: '50m' + error_pages: + 497: https://$host:$server_port$request_uri +nginx::nginx_upstreams: + rocket_chat: + members: + - 127.0.0.1:3000 + +infra::profile::mongodb_server::backup::replicaonslave: 'no' # Wir sind eine Standalone Instance +mongodb::globals::version: '2.6.12-4.el7' +mongodb::server::master: true # Wir sind eine Standalone Instance +mongodb::server::bind_ip: '0.0.0.0' +mongodb::server::ssl: true +mongodb::server::ssl_key: '/etc/ssl/wildcard.pixelpark.com-key.pem' +mongodb::server::auth: true +mongodb::server::create_admin: true +mongodb::server::store_creds: true +mongodb::server::admin_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAceqFPCvnKsnear7COTvPXNmM2gw6oIoVfOg6cFgFWr/JeYmWTzHcf9nCMXeyWnNcukM4hy/EAqoWEl39TWgUIZO9OXQyKQnyFAz5LZDhgFlSmh9UhbEoJHc5/toQm7R7XdHTAYvNVjwiEO7rDdrbz+wyQW3YlA2zjyG4WprV97ROZ+66qSFlzUPUNXvhYcerGfBv2uqeynRUP7F3fEIkPAb9uFt1vkZV/yfYcsuh1JMx8j7kjALmhELeHMZnQxwg9Ti/Rg60fC4UXFG3FTP+871KVASc3QzvrCPX4MupV6dgCRd/Oe8+aTN4tULN3nZ6nmmEVH7O0FwY/AHlousg1jBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDJu4z4abf3lBogN57jlXCygCDtxj8Dex1YxtgFICMQCO2gH06wq6Gj6Z7ZKru/7qSsQg==] + +infra::profile::mongodb_server::databases: + rocketchat: + user: rocketchat + password: "%{hiera('rocket_password')}" + roles: + - dbOwner + +infra::profile::mongodb_server::backup::db_username: 'backup' +infra::profile::mongodb_server::backup::db_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEADnsZr8XUejQ9RYfJPQBj3rJj9EMyF7GRavfTV30xrV56hzpCwzCrtjSkiyFFTg4ZEGZtK52mx7neAQ0McfX/gtXM4IJodSJ7x8jmlnFH0VvSki7pmuAolQ1IzHkUSLLTjabCqG+lj+ehv1WUy5RHVhV9K16GmSpORIwHVcPTUC/cZlXeYouBcM1f2e4FaO8XF+jT28h6Vr91ib2KxkGHDfrcE0JaSOrRa+FXWTZciCfpBDtk9TwvAoo7jneWCXL9uRjA0UjPjK3GJo2tPICOKl4Yj0uAgkp/9Ydg3y22SjVpCEEihvHinTRx1cppuVPeGJD5nAwFztdawlkONbH5KjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDxolzY/HNhKuX84v2/+nA2gCBmeCtYKIQ2p3uTi8vbAIqX9G6EFrEgUKPbRvHS/wbPxw==] + +rocket_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAI1OrtXX4699mlD1W7x7UUSbyOCBMUg0bZOXEYvZ02fPfH1pHgPt1XhZ6NxB7Vg4Gg9m4+jyLIg3c3N63OZMATQ6d+TUjqtqKabCQu1RUsWwHph1iBqhr/RM6KXdZW0mfWwEykM+QKr/A5oCrD4ysVWBeGQlqHyklQb37T/bz2OMVcLWTwbHWh7LgZQ3fTuUnSL7bFDcpZ9z5266GZcuciZfHPZAHpd5iazCE90YS4UHKd2RYwLShFti3OpVQO6C6ooeVip77qWor+WJZKvvgdUcaT7bSZ4wUDDXD90lKXgASXQlbuXCwrpzXGch5Ao9R/Z3LkZkN91MlzvXVVfwU4jBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBADQ4wu5a2+MWh+W5IfwRPbgCBaqZ4Z45NN0aj3nN+vrd7wgAasP6PnsFDKB/OBXEf+BQ==] +