add DNS record and deploy Nginx proxy for The Hive UI

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-10-09 18:53:12 +02:00 · 2020-10-09 18:53:12 +02:00 · 3e26144260
parent f9ef66285d
commit 3e26144260
3 changed files with 44 additions and 1 deletions
--- a/ansible/group_vars/thehive-master.yml
+++ b/ansible/group_vars/thehive-master.yml
@ -2,6 +2,9 @@
 # 8GB to match RAM
 swap_file_size_mb: 8192

+# Ports
+the_hive_port: 9000
+
 # TheHive application secret
 the_hive_app_http_secret: '{{ lookup("passwordstore", "services/TheHive/App/http-secret") }}'
 # TheHive first user auth
@ -15,3 +18,31 @@ the_hive_logs_path: '/data/thehive/logs'
 # Cassandra auth
 the_hive_db_user: '{{ lookup("passwordstore", "services/TheHive/Cassandra/user") }}'
 the_hive_db_pass: '{{ lookup("passwordstore", "services/TheHive/Cassandra/pass") }}'
+
+# Open Nginx Ports
+open_ports_comment: 'HTTP & HTTPS'
+open_ports_list:
+  - { port: 80, protocol: 'tcp' }
+  - { port: 443, protocol: 'tcp' }
+
+# The Hive UI
+the_hive_domain: 'hive.status.im'
+
+# Proxy for The Hive UI
+nginx_sites:
+  the_hive_http:
+    - listen 80
+    - server_name {{ the_hive_domain }}
+    - return 302 https://$server_name$request_uri
+
+  the_hive_https:
+    - listen 443 ssl
+    - server_name {{ the_hive_domain }}
+
+    - ssl_certificate     /certs/status.im/origin.crt
+    - ssl_certificate_key /certs/status.im/origin.key
+
+    - location / {
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:{{ the_hive_port }}/;
+      }
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -30,3 +30,6 @@
  roles:
    - { role: swap-file,        tags: swap-file }
    - { role: the-hive,         tags: the-hive }
+    - { role: origin-certs,     tags: origin-certs }
+    - { role: nginx,            tags: nginx }
+    - { role: open-ports,       tags: open-ports }
--- a/dns.tf
+++ b/dns.tf
@ -1,4 +1,13 @@
-resource "cloudflare_record" "thehive_es_hq" {
+resource "cloudflare_record" "hive_ui" {
+  zone_id = lookup(local.zones, "status.im")
+  type    = "A"
+  name    = "hive"
+  value   = module.hive_master.public_ips[count.index]
+  count   = length(module.hive_master.public_ips)
+  proxied = true
+}
+
+resource "cloudflare_record" "hive_es_hq" {
  zone_id = lookup(local.zones, "status.im")
  type    = "A"
  name    = "thehive-es"