Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 1ab173c278
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 68 lines (61 sloc) 2.398 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
#
# Author:: Joshua Timberman <joshua@opscode.com>
# Cookbook Name:: chef-server
# Recipe:: apache-proxy
#
# Copyright 2009-2011, Opscode, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

root_group = value_for_platform(
  "openbsd" => { "default" => "wheel" },
  "freebsd" => { "default" => "wheel" },
  "default" => "root"
)

node['apache']['listen_ports'] << "443" unless node['apache']['listen_ports'].include?("443")
if node['chef_server']['webui_enabled']
  node['apache']['listen_ports'] << "444" unless node['apache']['listen_ports'].include?("444")
end

include_recipe "apache2"
include_recipe "apache2::mod_ssl"
include_recipe "apache2::mod_proxy"
include_recipe "apache2::mod_proxy_http"
include_recipe "apache2::mod_proxy_balancer"
include_recipe "apache2::mod_rewrite"
include_recipe "apache2::mod_headers"
include_recipe "apache2::mod_expires"
include_recipe "apache2::mod_deflate"

directory "/etc/chef/certificates" do
  owner "chef"
  group root_group
  mode "700"
end

bash "Create SSL Certificates" do
  cwd "/etc/chef/certificates"
  code <<-EOH
umask 077
openssl genrsa 2048 > chef-server-proxy.key
openssl req -subj "#{node['chef_server']['ssl_req']}" -new -x509 -nodes -sha1 -days 3650 -key chef-server-proxy.key > chef-server-proxy.crt
cat chef-server-proxy.key chef-server-proxy.crt > chef-server-proxy.pem
EOH
  not_if { ::File.exists?("/etc/chef/certificates/chef-server-proxy.pem") }
end

web_app "chef-server-proxy" do
  template "chef_server.conf.erb"
  api_server_name node['chef_server']['proxy']['api_server_name']
  api_aliases node['chef_server']['proxy']['api_aliases']
  api_port node['chef_server']['proxy']['api_port']
  webui_server_name node['chef_server']['proxy']['webui_server_name']
  webui_aliases node['chef_server']['proxy']['webui_aliases']
  webui_port node['chef_server']['proxy']['webui_port']
  log_dir node['apache']['log_dir']
end
Something went wrong with that request. Please try again.