Skip to content
This repository has been archived by the owner on Jul 11, 2020. It is now read-only.

Commit

Permalink
nginx in front of sensu
Browse files Browse the repository at this point in the history
dwradcliffe committed Jun 23, 2014
1 parent 87c12a5 commit 5f35e2c
Showing 5 changed files with 81 additions and 2 deletions.
4 changes: 3 additions & 1 deletion Berksfile.lock
Original file line number Diff line number Diff line change
@@ -212,7 +212,9 @@ GRAPH
collectd (>= 0.0.0)
collectd-librato (>= 0.0.0)
collectd_plugins (>= 0.0.0)
rubygems-monitoring (0.0.3)
rubygems-monitoring (0.0.4)
chef-vault (>= 0.0.0)
nginx (>= 0.0.0)
rubygems (>= 0.0.0)
rubygems-sensu (>= 0.0.0)
rubygems-motd (0.0.7)
4 changes: 3 additions & 1 deletion cookbooks/rubygems-monitoring/metadata.rb
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
name 'rubygems-monitoring'
maintainer 'RubyGems.org ops team'

version '0.0.3'
version '0.0.4'

depends 'chef-vault'
depends 'nginx'
depends 'rubygems'
depends 'rubygems-sensu'

1 change: 1 addition & 0 deletions cookbooks/rubygems-monitoring/recipes/default.rb
Original file line number Diff line number Diff line change
@@ -5,3 +5,4 @@

include_recipe 'rubygems-sensu::server'
include_recipe 'rubygems'
include_recipe 'rubygems-monitoring::nginx'
49 changes: 49 additions & 0 deletions cookbooks/rubygems-monitoring/recipes/nginx.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
#
# Cookbook Name:: rubygems-monitoring
# Recipe:: nginx
#

node.default['nginx']['server_tokens'] = 'off'
node.default['nginx']['default_site_enabled'] = false

include_recipe 'chef-vault'

include_recipe 'nginx'

directory "#{node['nginx']['dir']}/certs" do
owner 'root'
group 'root'
mode '0644'
end

item = chef_vault_item('certs', 'production')

file "#{node['nginx']['dir']}/certs/rubygems.org.key" do
content item['key']
owner 'root'
group 'root'
mode '0644'
notifies :reload, 'service[nginx]'
end

file "#{node['nginx']['dir']}/certs/rubygems.org.crt" do
content item['crt']
owner 'root'
group 'root'
mode '0644'
notifies :reload, 'service[nginx]'
end

template "#{node['nginx']['dir']}/sites-available/sensu" do
source 'nginx.conf.erb'
owner 'root'
group 'root'
mode '0644'
variables(
ssl_key: File.join(node['nginx']['dir'], 'certs', 'rubygems.org.key'),
ssl_cert: File.join(node['nginx']['dir'], 'certs', 'rubygems.org.crt')
)
notifies :reload, 'service[nginx]'
end

nginx_site 'sensu'
25 changes: 25 additions & 0 deletions cookbooks/rubygems-monitoring/templates/default/nginx.conf.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
server {

listen 443 default ssl;

server_name monitoring.rubygems.org;

ssl on;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;

add_header Strict-Transport-Security max-age=31536000;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Content-Length $content_length;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://localhost:8080;

}

0 comments on commit 5f35e2c

Please sign in to comment.