diff options
author | Jesse Luehrs <doy@tozt.net> | 2019-08-22 03:05:16 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2019-08-22 03:05:16 -0400 |
commit | bd142f676b2e5b92b5f02cec46b45cea94288ebc (patch) | |
tree | 29d92526e9770bf0a66f991ec09d4d47bb1546fa | |
parent | 9163682bf173d2e3a3b450e809c9fda40fa60eef (diff) | |
download | puppet-tozt-bd142f676b2e5b92b5f02cec46b45cea94288ebc.tar.gz puppet-tozt-bd142f676b2e5b92b5f02cec46b45cea94288ebc.zip |
put metabase behind nginx
-rw-r--r-- | modules/tozt/files/nginx/metabase-tls.conf | 16 | ||||
-rw-r--r-- | modules/tozt/files/nginx/metabase.conf | 10 | ||||
-rw-r--r-- | modules/tozt/manifests/metabase.pp | 22 | ||||
-rw-r--r-- | modules/tozt/manifests/services.pp | 2 |
4 files changed, 48 insertions, 2 deletions
diff --git a/modules/tozt/files/nginx/metabase-tls.conf b/modules/tozt/files/nginx/metabase-tls.conf new file mode 100644 index 0000000..ea310b1 --- /dev/null +++ b/modules/tozt/files/nginx/metabase-tls.conf @@ -0,0 +1,16 @@ +server { + listen 443; + server_name metabase.tozt.net; + + access_log /var/log/nginx/metabase.access.log; + error_log /var/log/nginx/metabase.error.log; + + include ssl; + + location / { + proxy_pass http://127.0.0.1:3000/; + auth_basic "metabase"; + auth_basic_user_file "/media/persistent/metabase.htpasswd"; + } +} +# vim:ft=nginx diff --git a/modules/tozt/files/nginx/metabase.conf b/modules/tozt/files/nginx/metabase.conf new file mode 100644 index 0000000..57bff0d --- /dev/null +++ b/modules/tozt/files/nginx/metabase.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name metabase.tozt.net; + + access_log /var/log/nginx/metabase.access.log; + error_log /var/log/nginx/metabase.error.log; + + rewrite ^(.*) https://$host$1 permanent; +} +# vim:ft=nginx diff --git a/modules/tozt/manifests/metabase.pp b/modules/tozt/manifests/metabase.pp new file mode 100644 index 0000000..fac88a9 --- /dev/null +++ b/modules/tozt/manifests/metabase.pp @@ -0,0 +1,22 @@ +class tozt::metabase { + include tozt::certbot + include tozt::persistent + include metabase + + secret { "/media/persistent/metabase.htpasswd": + source => "metabase", + owner => 'http', + require => [ + Class["tozt::persistent"], + Package['nginx'], + ]; + } + + nginx::site { + "metabase-tls": + source => 'puppet:///modules/tozt/nginx/metabase-tls.conf', + require => Class['certbot']; + "metabase": + source => 'puppet:///modules/tozt/nginx/metabase.conf'; + } +} diff --git a/modules/tozt/manifests/services.pp b/modules/tozt/manifests/services.pp index 08105f1..a5a03ad 100644 --- a/modules/tozt/manifests/services.pp +++ b/modules/tozt/manifests/services.pp @@ -1,6 +1,4 @@ class tozt::services { - include metabase - fail2ban::jail { ["sshd", "nginx-botsearch"]: } } |