fixed ubuntu recipe: hetzner apt reps are now usable

chef/site-cookbooks/jenkins/templates/default/nginx_jenkins.conf.erb

@@ -16,6 +16,12 @@ server {
 server {
 <% @listen_ports.each do |port| -%>
   listen            <%= port %>;
+
+  <% if port.to_s == '443' %>
+  ssl on;
+  ssl_certificate      /etc/nginx/cert/jenkins_cert.pem;
+  ssl_certificate_key  /etc/nginx/cert/jenkins_cert.key;
+  <% end -%>
 <% end -%>
   server_name       <%= @host_name %><% @host_aliases.each do |a| %><%= " #{a}" %> <% end %>;
 

chef/site-cookbooks/server/recipes/dev_server.rb

@@ -36,6 +36,35 @@
   source 'iptables/drop_and_logging.erb'
 end
 
+# ssl
+directory "#{node[:nginx][:dir]}/cert" do
+  owner "root"
+  group "root"
+  mode "0755"
+  action :create
+end
+node[:certificates].each do |cert|
+  name = cert[:name]
+
+  #With Startssl and Nginx:
+  #ssl  on;
+  #ssl_certificate  /etc/nginx/ssl/ssl.crt;
+  #ssl_certificate_key  /etc/nginx/ssl/blog.key;
+  #
+  #Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.
+  #openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key
+  #curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>ssl.crt
+  #curl http://www.startssl.com/certs/ca.pem >>ssl.crt
+
+  cert[:files].each do |key, value|
+    user "root"
+    group "root"
+    template "#{node[:nginx][:dir]}/cert/#{name}_cert.#{key}" do
+      source value
+    end
+  end
+end if node[:certificates]
+
 require_recipe "nginx::source"
 require_recipe "unicorn"
 require_recipe "memcached"
@@ -64,6 +93,7 @@
 
 node[:jenkins][:http_proxy][:host_name] = "jenkins.#{node.application.domain}"
 node[:jenkins][:http_proxy][:variant] = 'nginx'
+#node[:jenkins][:http_proxy][:listen_ports] = [ 443 ]
 require_recipe "jenkins"
 
 %w(xvfb).each do |pkg|
@@ -81,32 +111,3 @@
 
 node[:tz] = 'Europe/Berlin'
 require_recipe "timezone"
-
-# ssl
-directory "#{node[:nginx][:dir]}/cert" do
-  owner "root"
-  group "root"
-  mode "0755"
-  action :create
-end
-node[:certificates].each do |cert|
-  name = cert[:name]
-
-  #With Startssl and Nginx:
-  #ssl  on;
-  #ssl_certificate  /etc/nginx/ssl/ssl.crt;
-  #ssl_certificate_key  /etc/nginx/ssl/blog.key;
-  #
-  #Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.
-  #openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key
-  #curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>ssl.crt
-  #curl http://www.startssl.com/certs/ca.pem >>ssl.crt
-
-  cert[:files].each do |key, value|
-    user "root"
-    group "root"
-    template "#{node[:nginx][:dir]}/cert/#{name}_cert.#{key}" do
-      source value
-    end
-  end
-end if node[:certificates]

chef/site-cookbooks/ubuntu/attributes/default.rb

@@ -19,6 +19,6 @@
 
 case platform
 when "ubuntu"
-  set[:ubuntu][:archive_url]  = "http://us.archive.ubuntu.com/ubuntu"
-  set[:ubuntu][:security_url] = "http://security.ubuntu.com/ubuntu"
+  default[:ubuntu][:archive_url]  = "http://de.archive.ubuntu.com/ubuntu"
+  default[:ubuntu][:security_url] = "http://security.ubuntu.com/ubuntu"
 end

chef/site-cookbooks/ubuntu/templates/default/sources.list.erb

@@ -3,13 +3,9 @@
 #
 
 deb <%= node['ubuntu']['archive_url'] %> <%= @code_name %> main restricted universe multiverse
-deb-src <%= node['ubuntu']['archive_url'] %> <%= @code_name %> main restricted universe multiverse
-
 deb <%= node['ubuntu']['archive_url'] %> <%= @code_name %>-updates main restricted universe multiverse
-deb-src <%= node['ubuntu']['archive_url'] %> <%= @code_name %>-updates main restricted universe multiverse
 
 # 
 # Security updates 
 #
 deb <%= node['ubuntu']['security_url'] %> <%= @code_name %>-security main restricted universe multiverse 
-deb-src <%= node['ubuntu']['security_url'] %> <%= @code_name %>-security main restricted universe multiverse