diff --git a/ansible/group_vars/thehive-slave.yml b/ansible/group_vars/thehive-slave.yml index 380c91e..fd495f6 100644 --- a/ansible/group_vars/thehive-slave.yml +++ b/ansible/group_vars/thehive-slave.yml @@ -58,3 +58,21 @@ oauth_local_port: 8090 oauth_cookie_secret: '{{ lookup("passwordstore", "services/cookie-secret") }}' oauth_id: '{{ lookup("passwordstore", "services/TheHive/ElasticSearch/HQ/oauth-id") }}' oauth_secret: '{{ lookup("passwordstore", "services/TheHive/ElasticSearch/HQ/oauth-secret") }}' + +# Proxy for ES HQ +nginx_sites: + elasticsearch_hq_http: + - listen 80 + - server_name {{ oauth_domain }} + - return 302 https://$server_name$request_uri + elasticsearch_hq_https: + - listen 443 ssl + - server_name {{ oauth_domain }} + + - ssl_certificate /certs/status.im/origin.crt + - ssl_certificate_key /certs/status.im/origin.key + + - location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ oauth_local_port }}/; + } diff --git a/ansible/main.yml b/ansible/main.yml index 5761d6b..01efc4c 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -7,5 +7,6 @@ - { role: elasticsearch, tags: elasticsearch } - { role: elasticsearch-hq, tags: elasticsearch-hq } - { role: oauth-proxy, tags: oauth-proxy } + - { role: origin-certs, tags: origin-certs } - { role: nginx, tags: nginx } - { role: open-ports, tags: open-ports } diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 4e221ea..02e0b7d 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,4 +1,8 @@ --- +- name: nginx + src: git@github.com:status-im/ansible-role-nginx.git + scm: git + - name: origin-cert src: git@github.com:status-im/infra-role-origin-certs.git scm: git diff --git a/hosts.tf b/hosts.tf index 2b4d282..33fe6c2 100644 --- a/hosts.tf +++ b/hosts.tf @@ -24,4 +24,7 @@ module "hive_slave" { root_vol_size = 30 data_vol_size = 30 domain = var.hosts_domain + + /* ElasticSearch HQ Web UI */ + open_tcp_ports = [ "80", "443" ] }