add Nginx proxy for ElasticSearch HQ

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-10-08 13:47:49 +02:00 · 2020-10-08 13:47:49 +02:00 · 6a6290c733
parent ae18e0b275
commit 6a6290c733
4 changed files with 26 additions and 0 deletions
--- a/ansible/group_vars/thehive-slave.yml
+++ b/ansible/group_vars/thehive-slave.yml
@ -58,3 +58,21 @@ oauth_local_port: 8090
 oauth_cookie_secret: '{{ lookup("passwordstore", "services/cookie-secret") }}'
 oauth_id: '{{ lookup("passwordstore", "services/TheHive/ElasticSearch/HQ/oauth-id") }}'
 oauth_secret: '{{ lookup("passwordstore", "services/TheHive/ElasticSearch/HQ/oauth-secret") }}'
+
+# Proxy for ES HQ
+nginx_sites:
+  elasticsearch_hq_http:
+    - listen 80
+    - server_name {{ oauth_domain }}
+    - return 302 https://$server_name$request_uri
+  elasticsearch_hq_https:
+    - listen 443 ssl
+    - server_name {{ oauth_domain }}
+
+    - ssl_certificate     /certs/status.im/origin.crt
+    - ssl_certificate_key /certs/status.im/origin.key
+
+    - location / {
+        proxy_set_header Host $host;
+        proxy_pass http://127.0.0.1:{{ oauth_local_port }}/;
+      }
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -7,5 +7,6 @@
    - { role: elasticsearch,    tags: elasticsearch }
    - { role: elasticsearch-hq, tags: elasticsearch-hq }
    - { role: oauth-proxy,      tags: oauth-proxy }
+    - { role: origin-certs,     tags: origin-certs }
    - { role: nginx,            tags: nginx }
    - { role: open-ports,       tags: open-ports }
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,4 +1,8 @@
 ---
+- name: nginx
+  src: git@github.com:status-im/ansible-role-nginx.git
+  scm: git
+
 - name: origin-cert
  src: git@github.com:status-im/infra-role-origin-certs.git
  scm: git
--- a/hosts.tf
+++ b/hosts.tf
@ -24,4 +24,7 @@ module "hive_slave" {
  root_vol_size = 30
  data_vol_size = 30
  domain        = var.hosts_domain
+
+  /* ElasticSearch HQ Web UI */
+  open_tcp_ports = [ "80", "443" ]
 }