This repository has been archived by the owner on Jul 11, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Put jenkins behind https and add dns entry for ci
Sam Kottler
committed
Jun 25, 2014
1 parent
b59cabf
commit b0d70f5
Showing
6 changed files
with
100 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,8 @@ | ||
name 'rubygems-ci' | ||
maintainer 'RubyGems.org ops team' | ||
|
||
version '0.0.5' | ||
version '0.0.6' | ||
|
||
depends 'jenkins' | ||
depends 'nginx' | ||
depends 'rubygems' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
include_recipe 'chef-vault' | ||
|
||
dnsimple_credentials = chef_vault_item('dnsimple', 'credentials') | ||
|
||
include_recipe 'dwradcliffe-dnsimple' | ||
|
||
dwradcliffe_dnsimple_record "create CNAME point ci.rubygems.org to #{node.name}" do | ||
name 'ci.rubygems.org' | ||
content node['cloud_v2']['public_hostname'] | ||
type 'CNAME' | ||
domain 'rubygems.org' | ||
username dnsimple_credentials['username'] | ||
password dnsimple_credentials['password'] | ||
action :create | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
# | ||
# Cookbook Name:: rubygems-sensu | ||
# Recipe:: nginx | ||
# | ||
|
||
node.default['nginx']['server_tokens'] = 'off' | ||
node.default['nginx']['default_site_enabled'] = false | ||
|
||
include_recipe 'chef-vault' | ||
|
||
include_recipe 'nginx' | ||
|
||
directory "#{node['nginx']['dir']}/certs" do | ||
owner 'root' | ||
group 'root' | ||
mode '0644' | ||
end | ||
|
||
item = chef_vault_item('certs', 'production') | ||
|
||
file "#{node['nginx']['dir']}/certs/rubygems.org.key" do | ||
content item['key'] | ||
owner 'root' | ||
group 'root' | ||
mode '0644' | ||
notifies :reload, 'service[nginx]' | ||
end | ||
|
||
file "#{node['nginx']['dir']}/certs/rubygems.org.crt" do | ||
content item['crt'] | ||
owner 'root' | ||
group 'root' | ||
mode '0644' | ||
notifies :reload, 'service[nginx]' | ||
end | ||
|
||
template "#{node['nginx']['dir']}/sites-available/jenkins" do | ||
source 'nginx.conf.erb' | ||
owner 'root' | ||
group 'root' | ||
mode '0644' | ||
variables( | ||
ssl_key: File.join(node['nginx']['dir'], 'certs', 'rubygems.org.key'), | ||
ssl_cert: File.join(node['nginx']['dir'], 'certs', 'rubygems.org.crt') | ||
) | ||
notifies :reload, 'service[nginx]' | ||
end | ||
|
||
nginx_site 'jenkins' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
server { | ||
|
||
listen 443 default ssl; | ||
|
||
server_name ci.rubygems.org; | ||
|
||
ssl on; | ||
ssl_certificate <%= @ssl_cert %>; | ||
ssl_certificate_key <%= @ssl_key %>; | ||
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | ||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | ||
ssl_prefer_server_ciphers on; | ||
ssl_session_cache shared:SSL:10m; | ||
ssl_session_timeout 5m; | ||
|
||
add_header Strict-Transport-Security max-age=31536000; | ||
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto https; | ||
proxy_set_header Content-Length $content_length; | ||
proxy_set_header Host $host; | ||
proxy_redirect off; | ||
|
||
location / { | ||
proxy_pass http://localhost:8080; | ||
} | ||
|
||
} |