From 3e26144260a0ddb2bb3b8d2c45829f2de0e09a04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Fri, 9 Oct 2020 18:53:12 +0200
Subject: [PATCH] add DNS record and deploy Nginx proxy for The Hive UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 ansible/group_vars/thehive-master.yml | 31 +++++++++++++++++++++++++++
 ansible/main.yml                      |  3 +++
 dns.tf                                | 11 +++++++++-
 3 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/ansible/group_vars/thehive-master.yml b/ansible/group_vars/thehive-master.yml
index 6ed13c6..c9564f0 100644
--- a/ansible/group_vars/thehive-master.yml
+++ b/ansible/group_vars/thehive-master.yml
@@ -2,6 +2,9 @@
 # 8GB to match RAM
 swap_file_size_mb: 8192
 
+# Ports
+the_hive_port: 9000
+
 # TheHive application secret
 the_hive_app_http_secret: '{{ lookup("passwordstore", "services/TheHive/App/http-secret") }}'
 # TheHive first user auth
@@ -15,3 +18,31 @@ the_hive_logs_path: '/data/thehive/logs'
 # Cassandra auth
 the_hive_db_user: '{{ lookup("passwordstore", "services/TheHive/Cassandra/user") }}'
 the_hive_db_pass: '{{ lookup("passwordstore", "services/TheHive/Cassandra/pass") }}'
+
+# Open Nginx Ports
+open_ports_comment: 'HTTP & HTTPS'
+open_ports_list:
+  - { port: 80, protocol: 'tcp' }
+  - { port: 443, protocol: 'tcp' }
+
+# The Hive UI
+the_hive_domain: 'hive.status.im'
+
+# Proxy for The Hive UI
+nginx_sites:
+  the_hive_http:
+    - listen 80
+    - server_name {{ the_hive_domain }}
+    - return 302 https://$server_name$request_uri
+
+  the_hive_https:
+    - listen 443 ssl
+    - server_name {{ the_hive_domain }}
+
+    - ssl_certificate     /certs/status.im/origin.crt
+    - ssl_certificate_key /certs/status.im/origin.key
+
+    - location / {
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:{{ the_hive_port }}/;
+      }
diff --git a/ansible/main.yml b/ansible/main.yml
index cf4054f..2b6c362 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -30,3 +30,6 @@
   roles:
     - { role: swap-file,        tags: swap-file }
     - { role: the-hive,         tags: the-hive }
+    - { role: origin-certs,     tags: origin-certs }
+    - { role: nginx,            tags: nginx }
+    - { role: open-ports,       tags: open-ports }
diff --git a/dns.tf b/dns.tf
index 5650914..9578d6d 100644
--- a/dns.tf
+++ b/dns.tf
@@ -1,4 +1,13 @@
-resource "cloudflare_record" "thehive_es_hq" {
+resource "cloudflare_record" "hive_ui" {
+  zone_id = lookup(local.zones, "status.im")
+  type    = "A"
+  name    = "hive"
+  value   = module.hive_master.public_ips[count.index]
+  count   = length(module.hive_master.public_ips)
+  proxied = true
+}
+
+resource "cloudflare_record" "hive_es_hq" {
   zone_id = lookup(local.zones, "status.im")
   type    = "A"
   name    = "thehive-es"