From fe258c51ac253681d11e70c441a5ac07bc9aabd5 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 17 Dec 2023 20:16:51 -0600 Subject: [PATCH] r/web/dcow: Proxy to Kubernetes I've moved the Dark Chest of Wonders website to run in a container on Kubernetes. This will keep it from breaking every time the OS is updated on the web server, when the version of Python in Fedora changes. --- .../darkchestofwonders.us/files/dcow.wsgi | 13 ---- .../files/production.ini | 3 - .../darkchestofwonders.us/tasks/main.yml | 77 ------------------- .../darkchestofwonders.us.httpd.conf.j2 | 8 +- 4 files changed, 5 insertions(+), 96 deletions(-) delete mode 100644 roles/websites/darkchestofwonders.us/files/dcow.wsgi delete mode 100644 roles/websites/darkchestofwonders.us/files/production.ini diff --git a/roles/websites/darkchestofwonders.us/files/dcow.wsgi b/roles/websites/darkchestofwonders.us/files/dcow.wsgi deleted file mode 100644 index 1d0cefc..0000000 --- a/roles/websites/darkchestofwonders.us/files/dcow.wsgi +++ /dev/null @@ -1,13 +0,0 @@ -import os -import sys - -here = os.path.dirname(__file__) - -srcdir = os.path.join(here, 'src') -sys.path.insert(0, srcdir) - -import dcow.app - - -config = os.path.join(here, 'production.ini') -application = dcow.app.Application.create(config) diff --git a/roles/websites/darkchestofwonders.us/files/production.ini b/roles/websites/darkchestofwonders.us/files/production.ini deleted file mode 100644 index 8cc7993..0000000 --- a/roles/websites/darkchestofwonders.us/files/production.ini +++ /dev/null @@ -1,3 +0,0 @@ -[gallery] -screenshot_dir = /srv/www/darkchestofwonders.us/screenshots -thumbnail_dir = /srv/www/darkchestofwonders.us/thumbnails diff --git a/roles/websites/darkchestofwonders.us/tasks/main.yml b/roles/websites/darkchestofwonders.us/tasks/main.yml index b42e6f3..f4910a8 100644 --- a/roles/websites/darkchestofwonders.us/tasks/main.yml +++ b/roles/websites/darkchestofwonders.us/tasks/main.yml @@ -1,80 +1,3 @@ -- name: ensure mod_wsgi is installed - package: - name=python3-mod_wsgi - state=present - notify: restart httpd - tags: - - install - -- name: ensure rsync is installed - package: - name=rsync - state=present - tags: - - install - -- name: ensure app group exists - group: - name=webapp.dcow - state=present -- name: ensure app user exists - user: - name=webapp.dcow - group=webapp.dcow - home=/srv/www/darkchestofwonders.us - createhome=yes - state=present - -- name: ensure app home directory permissions are set - file: - path=/srv/www/darkchestofwonders.us - mode=0755 - state=directory - -- name: ensure publisher keys are trusted - authorized_key: - key: "{{ dcow_publisher_keys|join('\n') }}" - user: webapp.dcow - exclusive: true - -- name: ensure authorized_keys file permissions are correct - file: - path: /srv/www/darkchestofwonders.us/.ssh/authorized_keys - mode: '0600' - owner: webapp.dcow - group: webapp.dcow - setype: ssh_home_t - -- name: ensure virtualenv exists - become: true - become_user: webapp.dcow - pip: - name: pip - virtualenv: /srv/www/darkchestofwonders.us/venv - virtualenv_command: /usr/bin/python3 -m venv - -- name: ensure dcow wsgi script is installed - copy: - src=dcow.wsgi - dest=/srv/www/darkchestofwonders.us/dcow.wsgi - mode=0644 - -- name: ensure dcow app is configured - copy: - src=production.ini - dest=/srv/www/darkchestofwonders.us/production.ini - mode=0644 -- name: ensure screenshot storage directories exist - file: - path=/srv/www/darkchestofwonders.us/{{ item }} - owner=webapp.dcow - group=webapp.dcow - mode=0755 - state=directory - with_items: - - screenshots - - thumbnails - - name: ensure apache is configured to serve darkchestofwonders.us template: src=darkchestofwonders.us.httpd.conf.j2 diff --git a/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 b/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 index 8034de2..65f4c83 100644 --- a/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 +++ b/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2 @@ -23,9 +23,11 @@ SSLCertificateFile /etc/pki/tls/certs/darkchestofwonders.us.cer Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" -WSGIScriptAlias / /srv/www/darkchestofwonders.us/dcow.wsgi \ - process-group=dcow -Alias /screenshots /srv/www/darkchestofwonders.us/screenshots +ProxyRequests off + +ProxyPass / http://k8s-ingress.pyrocufflink.blue/ +ProxyPassReverse / http://k8s-ingress.pyrocufflink.blue/ +ProxyPreserveHost on Require all granted