MJB::Backend::Nginx as plugin.

3 years ago · cd0de914bd
parent 01229ea3f9
commit cd0de914bd
4 changed files with 122 additions and 36 deletions
--- a/Web/lib/MJB/Web.pm
+++ b/Web/lib/MJB/Web.pm
@ -19,6 +19,12 @@ sub startup ($self) {
    # Load our custom commands.
    push @{$self->commands->namespaces}, 'MJB::Web::Command';
    
+    # Add MJB::Web::Plugin to plugin search path.
+    push @{$self->plugins->namespaces}, 'MJB::Web::Plugin';
+
+    # Load the MJB::Web::Plugin::Nginx plugin.
+    $self->plugins->load_plugin('Nginx');
+
    $self->helper( db => sub {
        return state $db = MJB::DB->connect($config->{database}->{mjb});
    });
--- a/Web/lib/MJB/Web/Plugin/Nginx.pm
+++ b/Web/lib/MJB/Web/Plugin/Nginx.pm
@ -0,0 +1,15 @@
+package MJB::Web::Plugin::Nginx;
+use Mojo::Base 'Mojolicious::Plugin', -signatures;
+use MJB::Web::Plugin::Nginx::DomainConfig;
+
+sub register ( $self, $app, $config ) {
+
+    $self->helper( domain_config => sub ($c, $domain, $ssl_domain) {
+        return MJB::Backend::Nginx::DomainConfig->new(
+            domain     => $domain,
+            ssl_domain => $ssl_domain,
+        )->config;
+    });
+}
+
+1;
--- a/Web/lib/MJB/Web/Plugin/Nginx/DomainConfig.pm
+++ b/Web/lib/MJB/Web/Plugin/Nginx/DomainConfig.pm
@ -0,0 +1,77 @@
+package MJB::Web::Plugin::Nginx::DomainConfig;
+use Moo;
+use Mojo::File;
+
+has domain => (
+    is => 'ro',
+);
+
+has ssl_domain => (
+    is => 'ro',
+);
+
+has template => (
+    is => 'ro',
+    default => sub {return <<'        EOF;'
+        server {
+            server_name {{ domain }};
+            root /var/www/{{ domain }}/html;
+            index index.html;
+
+            error_log  /var/log/nginx/{{ domain }}.error.log warn;
+            access_log /var/log/nginx/{{ domain }}.access.log combined;
+
+            listen 443 ssl;
+            ssl_certificate /etc/letsencrypt/live/{{ ssl_domain }}/fullchain.pem;
+            ssl_certificate_key /etc/letsencrypt/live/{{ ssl_domain }}/privkey.pem;
+
+            ssl_session_cache shared:le_nginx_SSL:10m;
+            ssl_session_timeout 1440m;
+            ssl_session_tickets off;
+
+            ssl_protocols TLSv1.2 TLSv1.3;
+            ssl_prefer_server_ciphers off;
+
+            ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+
+            ssl_dhparam /etc/nginx/ssl-dhparams.pem;
+
+        }
+
+        server {
+            if ($host = {{ domain }}) {
+                return 301 https://$host$request_uri;
+            }
+
+            listen 80;
+            server_name {{ domain }}
+            return 404;
+        }
+        EOF;
+    }
+);
+
+has config => (
+    is => 'lazy',
+);
+
+sub _build_config {
+    my ( $self ) = @_;
+    
+    my $config = $self->template;
+
+    # Fill in variables in the template.
+    my ( $domain, $ssl_domain ) = ( $self->domain, $self->ssl_domain );
+
+    s/\{\{ domain \}\}/$domain/g, 
+    s/\{\{ ssl_domain \}\}/$ssl_domain/g
+        for $config;
+
+    # Trim the excess whitespace
+    $config =~ s/^ {8}//gm;
+    
+
+    return $config;
+}
+
+1;
--- a/Web/lib/MJB/Web/Task/InitializeBlog.pm
+++ b/Web/lib/MJB/Web/Task/InitializeBlog.pm
@ -5,27 +5,37 @@ use File::Copy::Recursive qw( dircopy );
 use IPC::Run3;
 use MJB::Backend::Nginx::DomainConfig;

-# This needs to do all of the things:
-# 1 - Make nginx config
-# 2 - Whatever the ansible deploy-site thing does.
+#==
+# This task makes the initial nginx configuration file, reloads the webservers to have
+# the config take effect.  Then it schedules a sync_blog task to get the initial blog up
+# on the webservers.
 #
-
+# It is expected that the SSL certificates have issued before this task is run, either with
+# standing wildcard SSL certs or with the task to complete and sync http challenges.  If the
+# SSL certs referenced in the nginx config are missing, that may cause the servers to fail to
+# reload.
+#==

 sub run ( $job, $blog_id ) {
-    $job->note( _mds_template => 'build_static' );
+    $job->note( _mds_template => 'initialize_blog' );

    my $blog = $job->app->db->blog( $blog_id );
    
-    my $config_content = MJB::Backend::Nginx::DomainConfig->new(
-        domain     => $blog->domain->name,
-        ssl_domain => ( $blog->domain->ssl ? $blog->domain->ssl : $blog->domain->name ),
-    )->config;
+    # Create the domain config.
+    # When the domain uses a different domain for its ssl cert (i.e. wildcard ssl), we need to supply that.
+    my $domain_name    = $blog->domain->name;
+    my $domain_ssl     = $blog->domain->ssl ? $blog->domain->ssl : $blog->domain->name;
+    my $config_content = $job->app->domain_config( $domain_name, $domain_ssl );
    
+    # Put the nginx configuration file and a welcome html file into files for scp'ing to the web servers.
    my ( $config, $welcome ) = ( tempfile, tempfile );
    $config->spurt ( $config_content );
    $welcome->spurt( "Your new blog is being setup... please reload soon." );

+    $job->note( is_config_created => 1 );
    
+    # Deploy the configuration and initial index.html file to the webservers then reload the webservers for
+    # the config to take effect.
    foreach my $host ( $job->app->db->servers->all ) {
        my $server = 'root@' . $host->hostname;
        my $domain = $blog->domain->name;
@ -37,34 +47,12 @@ sub run ( $job, $blog_id ) {
        $job->system_command( [ 'ssh', $server, 'systemctl reload nginx' ] );
    }
    
-    # $job->app->nginx->provision_website( $blog->domain->name );
+    $job->note( is_config_deployed => 1 );

+    # Deploy the initial blog.
    $job->app->sync_blog( $blog );
    
-    $job->note( is_clone_complete => 1 );
-
-    $job->note( is_deploy_complete => 1 );
    $job->finish( );
-
 }

-
-#    my $config = MJB::Backend::Nginx::DomainConfig->new(
-#        domain     => $domain,
-#        ssl_domain => $ssl_domain,
-#    )->config;
-#
-#    my $config_file = tempfile;
-#    $config_file->spurt( $config );
-#    my $welcome_file = tempfile;
-#    $welcome_file->spurt( "Your new blog is being setup... please reload soon." );
-#
-#    foreach my $server ( @{$self->servers} ) {
-#        $self->system_command( [ 'scp', $config_file->to_string, $server . ":/etc/nginx/sites-enabled/" . $domain ] );
-#        $self->system_command( [ 'ssh', $server, 'mkdir -p /var/www/' . $domain . '/html' ] );
-#        $self->system_command( [ 'scp', $welcome_file->to_string, $server . "/var/www/" . $domain . "/html/index.html" ] );
-#        $self->system_command( [ 'ssh', $server, 'chown -R www-data:www-data /var/www/' . $domain ] );
-#        $self->system_command( [ 'ssh', $server, 'systemctl reload nginx' ] );
-#    }
-
 1;