From aa798535cdd76257ba2ec54a53bd9baf8a54a68a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 17 Oct 2019 20:02:22 +0200 Subject: basic etherpad installation works now --- roles/etherpad-lite/templates/nginx-vhost.conf.j2 | 57 ++++++++++++++++++++++ .../templates/pod-with-mariadb.yml.j2 | 57 ++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 roles/etherpad-lite/templates/nginx-vhost.conf.j2 create mode 100644 roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 (limited to 'roles/etherpad-lite/templates') diff --git a/roles/etherpad-lite/templates/nginx-vhost.conf.j2 b/roles/etherpad-lite/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..9bca4f22 --- /dev/null +++ b/roles/etherpad-lite/templates/nginx-vhost.conf.j2 @@ -0,0 +1,57 @@ +server { + listen 80; + listen [::]:80; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/ssl.conf; + ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; + include snippets/hsts.conf; + + location / { + rewrite ^/$ / break; + rewrite ^/locales/(.*) /locales/$1 break; + rewrite ^/locales.json /locales.json break; + rewrite ^/admin(.*) /admin$1 break; + rewrite ^/p/(.*) /p/$1 break; + rewrite ^/static/(.*) /static/$1 break; + rewrite ^/pluginfw/(.*) /pluginfw/$1 break; + rewrite ^/javascripts/(.*) /javascripts/$1 break; + rewrite ^/socket.io/(.*) /socket.io/$1 break; + rewrite ^/ep/(.*) /ep/$1 break; + rewrite ^/minified/(.*) /minified/$1 break; + rewrite ^/api/(.*) /api/$1 break; + rewrite ^/ro/(.*) /ro/$1 break; + rewrite ^/error/(.*) /error/$1 break; + rewrite ^/jserror(.*) /jserror$1 break; + rewrite ^/redirect(.*) /redirect$1 break; + rewrite /favicon.ico /favicon.ico break; + rewrite /robots.txt /robots.txt break; + rewrite /(.*) /p/$1; + + include snippets/proxy-nobuff.conf; + + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + proxy_pass_header Server; + + # for websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass http://127.0.0.1:{{ item.value.port }}; + } +} diff --git a/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 new file mode 100644 index 00000000..0e0b6b8b --- /dev/null +++ b/roles/etherpad-lite/templates/pod-with-mariadb.yml.j2 @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "etherpad-lite-{{ item.key }}" +spec: + securityContext: + allowPrivilegeEscalation: false + containers: + - name: etherpad-lite + image: etherpad/etherpad:{{ item.value.version }} + # securityContext: + # runAsUser: {{ etherpad_lite_app_uid }} + # runAsGroup: {{ etherpad_lite_app_gid }} + resources: + limits: + memory: "4Gi" + volumeMounts: + - name: config + mountPath: /opt/etherpad/settings.json + subPath: settings.json + readOnly: true + - name: config + mountPath: /opt/etherpad/credentials.json + subPath: credentials.json + readOnly: true + ports: + - containerPort: 9001 + hostPort: {{ item.value.port }} + - name: database + image: "mariadb:{{ item.value.database.version }}" + securityContext: + runAsUser: {{ etherpad_lite_db_uid }} + runAsGroup: {{ etherpad_lite_db_gid }} + resources: + limits: + memory: "4Gi" + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: etherpad-lite + - name: MYSQL_USER + value: etherpad-lite + - name: MYSQL_PASSWORD + value: "{{ item.value.database.password }}" + volumeMounts: + - name: database + mountPath: /var/lib/mysql + volumes: + - name: config + hostPath: + path: "{{ etherpad_lite_base_path }}/{{ item.key }}/config/" + type: Directory + - name: database + hostPath: + path: "{{ etherpad_lite_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + type: Directory -- cgit v1.2.3