r/web/dcow: Proxy to Kubernetes

I've moved the Dark Chest of Wonders website to run in a container on Kubernetes. This will keep it from breaking every time the OS is updated on the web server, when the version of Python in Fedora changes.
2023-12-17 20:16:51 -06:00
parent 3da74b8e53
commit fe258c51ac
4 changed files with 5 additions and 96 deletions
--- a/roles/websites/darkchestofwonders.us/files/dcow.wsgi
+++ b/roles/websites/darkchestofwonders.us/files/dcow.wsgi
@@ -1,13 +0,0 @@
-import os
-import sys
-
-here = os.path.dirname(__file__)
-
-srcdir = os.path.join(here, 'src')
-sys.path.insert(0, srcdir)
-
-import dcow.app
-
-
-config = os.path.join(here, 'production.ini')
-application = dcow.app.Application.create(config)
--- a/roles/websites/darkchestofwonders.us/files/production.ini
+++ b/roles/websites/darkchestofwonders.us/files/production.ini
@@ -1,3 +0,0 @@
-[gallery]
-screenshot_dir = /srv/www/darkchestofwonders.us/screenshots
-thumbnail_dir = /srv/www/darkchestofwonders.us/thumbnails
--- a/roles/websites/darkchestofwonders.us/tasks/main.yml
+++ b/roles/websites/darkchestofwonders.us/tasks/main.yml
@@ -1,80 +1,3 @@
- name: ensure mod_wsgi is installed
-  package:
-    name=python3-mod_wsgi
-    state=present
-  notify: restart httpd
-  tags:
-  - install
-
- name: ensure rsync is installed
-  package:
-    name=rsync
-    state=present
-  tags:
-  - install
-
- name: ensure app group exists
-  group:
-    name=webapp.dcow
-    state=present
- name: ensure app user exists
-  user:
-    name=webapp.dcow
-    group=webapp.dcow
-    home=/srv/www/darkchestofwonders.us
-    createhome=yes
-    state=present
-
- name: ensure app home directory permissions are set
-  file:
-    path=/srv/www/darkchestofwonders.us
-    mode=0755
-    state=directory
-
- name: ensure publisher keys are trusted
-  authorized_key:
-    key: "{{ dcow_publisher_keys|join('\n') }}"
-    user: webapp.dcow
-    exclusive: true
-
- name: ensure authorized_keys file permissions are correct
-  file:
-    path: /srv/www/darkchestofwonders.us/.ssh/authorized_keys
-    mode: '0600'
-    owner: webapp.dcow
-    group: webapp.dcow
-    setype: ssh_home_t
-
- name: ensure virtualenv exists
-  become: true
-  become_user: webapp.dcow
-  pip:
-    name: pip
-    virtualenv: /srv/www/darkchestofwonders.us/venv
-    virtualenv_command: /usr/bin/python3 -m venv
-
- name: ensure dcow wsgi script is installed
-  copy:
-    src=dcow.wsgi
-    dest=/srv/www/darkchestofwonders.us/dcow.wsgi
-    mode=0644
-
- name: ensure dcow app is configured
-  copy:
-    src=production.ini
-    dest=/srv/www/darkchestofwonders.us/production.ini
-    mode=0644
- name: ensure screenshot storage directories exist
-  file:
-    path=/srv/www/darkchestofwonders.us/{{ item }}
-    owner=webapp.dcow
-    group=webapp.dcow
-    mode=0755
-    state=directory
-  with_items:
-  - screenshots
-  - thumbnails
-
 - name: ensure apache is configured to serve darkchestofwonders.us
  template:
    src=darkchestofwonders.us.httpd.conf.j2
--- a/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2
+++ b/roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2
@@ -23,9 +23,11 @@ SSLCertificateFile /etc/pki/tls/certs/darkchestofwonders.us.cer
 	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 </IfModule>

-WSGIScriptAlias / /srv/www/darkchestofwonders.us/dcow.wsgi \
-	process-group=dcow
-Alias /screenshots /srv/www/darkchestofwonders.us/screenshots
+ProxyRequests off
+
+ProxyPass / http://k8s-ingress.pyrocufflink.blue/
+ProxyPassReverse / http://k8s-ingress.pyrocufflink.blue/
+ProxyPreserveHost on

 <Location />
 	Require all granted