From bebe76134b4b8ec57dff9083011dfe4bfc5a249e Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Mon, 28 Mar 2022 18:49:29 -0400 Subject: [PATCH 1/6] Create Caddyfile from Ansible This does mean that you can't run it directly, but it reduces duplication of the list of repos. Closes #11 --- .github/workflows/lint.yml | 31 --------------------- caddy/caddy.service.override | 4 --- matplotlib.org.yml | 21 ++++---------- caddy/Caddyfile => templates/Caddyfile.j2 | 34 ++++++++--------------- templates/webhook.env.j2 | 2 +- 5 files changed, 19 insertions(+), 73 deletions(-) delete mode 100644 caddy/caddy.service.override rename caddy/Caddyfile => templates/Caddyfile.j2 (63%) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 6d49f09..13791ce 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -28,37 +28,6 @@ jobs: reviewdog -f=pep8 -name=flake8 \ -tee -reporter=github-check -filter-mode nofilter - caddyfmt: - name: caddyfmt - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Install caddy - run: | - sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | \ - sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | \ - sudo tee /etc/apt/sources.list.d/caddy-stable.list - sudo apt update - sudo apt install caddy - - - name: Set up reviewdog - uses: reviewdog/action-setup@v1 - - - name: Run caddy validate - run: caddy validate --config caddy/Caddyfile - - - name: Run caddy fmt - run: caddy fmt --overwrite caddy/Caddyfile - - - name: Run reviewdog - uses: reviewdog/action-suggester@v1 - with: - fail_on_error: true - tool_name: 'caddy fmt' - ansible: name: Ansible Lint runs-on: ubuntu-latest diff --git a/caddy/caddy.service.override b/caddy/caddy.service.override deleted file mode 100644 index 01f9272..0000000 --- a/caddy/caddy.service.override +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -Environment="SITE_DIR=/usr/share/caddy" -Environment="SITE_ADDRESS=https://do.matplotlib.org, https://matplotlib.org" -Environment="TLS_CONFIG=tls /etc/caddy/tls/cert.pem /etc/caddy/tls/privkey.pem" diff --git a/matplotlib.org.yml b/matplotlib.org.yml index 5090178..38937cc 100644 --- a/matplotlib.org.yml +++ b/matplotlib.org.yml @@ -1,6 +1,10 @@ --- - hosts: website vars: + caddy: + address: "https://do.matplotlib.org, https://matplotlib.org" + site_dir: "/usr/share/caddy" + tls_config: "tls /etc/caddy/tls/cert.pem /etc/caddy/tls/privkey.pem" repos: - mpl-brochure-site - matplotlib.github.com @@ -154,24 +158,11 @@ tags: caddy block: - name: Configure Caddy - ansible.builtin.copy: - src: "{{playbook_dir}}/caddy/Caddyfile" + ansible.builtin.template: + src: Caddyfile.j2 dest: /etc/caddy/Caddyfile notify: Reload Caddy - - name: Configure Caddy system service - ansible.builtin.file: - path: /etc/systemd/system/caddy.service.d - state: directory - mode: 0755 - - name: Configure Caddy system service - ansible.builtin.copy: - src: "{{playbook_dir}}/caddy/caddy.service.override" - dest: /etc/systemd/system/caddy.service.d/override.conf - notify: - - Reload systemd - - Restart Caddy - - name: Configure Caddy TLS certificate directory ansible.builtin.file: path: /etc/caddy/tls diff --git a/caddy/Caddyfile b/templates/Caddyfile.j2 similarity index 63% rename from caddy/Caddyfile rename to templates/Caddyfile.j2 index b5be43c..701e109 100644 --- a/caddy/Caddyfile +++ b/templates/Caddyfile.j2 @@ -6,20 +6,18 @@ redir /{args.0} /{args.0}/ permanent handle_path /{args.0}/* { - root * {$SITE_DIR:sites}/{args.0} + root * {{ caddy.site_dir }}/{args.0} try_files {path}.html {path} file_server } } -# Set this variable in the environment when running in production. -{$SITE_ADDRESS::2015} { - # Set the variable in the environment to the Caddy directive for tls - # support. By default, this is empty so you can test it locally, but - # the Ansible config sets it up with the right certificate paths. - {$TLS_CONFIG:} +{{ caddy.address }} { +{% if caddy.tls_config is defined %} + {{ caddy.tls_config }} +{% endif %} - root * {$SITE_DIR:.} + root * {{ caddy.site_dir }} # Setup a webhook handle /gh/* { @@ -49,24 +47,16 @@ } } - import subproject basemap - import subproject cheatsheets - import subproject cycler - import subproject devdocs - import subproject governance - import subproject matplotblog - import subproject mpl-altair - import subproject mpl-bench - import subproject mpl-gui - import subproject mpl-third-party +{% for site in repos %} + import subproject {{ site }} +{% endfor %} # redirect the objects.inv redir /objects.inv /stable/objects.inv permanent # Place the brochure site at the top level. - import subproject mpl-brochure-site @brochure file { - root {$SITE_DIR:sites}/mpl-brochure-site + root {{ caddy.site_dir }}/mpl-brochure-site try_files {path}.html {path} } rewrite / /mpl-brochure-site/index.html @@ -74,7 +64,7 @@ # Finally try any of the versioned docs. handle { - root * {$SITE_DIR:sites}/matplotlib.github.com + root * {{ caddy.site_dir }}/matplotlib.github.com try_files {path}.html {path} file_server } @@ -82,7 +72,7 @@ # Use a custom 404 error page. handle_errors { @notfound expression {http.error.status_code} == 404 - root * {$SITE_DIR:sites}/mpl-brochure-site + root * {{ caddy.site_dir }}/mpl-brochure-site rewrite @notfound /404.html file_server } diff --git a/templates/webhook.env.j2 b/templates/webhook.env.j2 index 4ef6889..0e6967c 100644 --- a/templates/webhook.env.j2 +++ b/templates/webhook.env.j2 @@ -1,4 +1,4 @@ -SITE_DIR=/usr/share/caddy +SITE_DIR={{ caddy.site_dir }} {% for site, secret in webhook_secrets.items() %} WEBHOOK_{{ site | upper | replace('.', '_') | replace('-', '_') }}_SECRET={{secret}} {% endfor %} From 1ec1cd59ad71c8a7b03b19ffd461e3a24e36f415 Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Mon, 28 Mar 2022 18:50:28 -0400 Subject: [PATCH 2/6] Remove the Makefile Unfortunately, that is now useless since the Caddyfile does not exist in its final form. --- Makefile | 19 ------------------- README.md | 19 ------------------- 2 files changed, 38 deletions(-) delete mode 100644 Makefile diff --git a/Makefile b/Makefile deleted file mode 100644 index 11db7b5..0000000 --- a/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -RUNTIME ?= podman -CADDY_IMAGE ?= docker.io/library/caddy -CADDY_VERSION ?= 2.4.6 - -serve: - mkdir -p sites - $(RUNTIME) run --rm -it \ - -v $$PWD/sites:/srv:Z \ - -v $$PWD/caddy/Caddyfile:/etc/caddy/Caddyfile:ro,Z \ - -e SITE_DIR=/srv \ - -p 2015:2015 \ - $(CADDY_IMAGE):$(CADDY_VERSION) \ - caddy run --config /etc/caddy/Caddyfile --watch - -fmt: - $(RUNTIME) run --rm -it \ - -v $$PWD/caddy/Caddyfile:/etc/caddy/Caddyfile:Z \ - $(CADDY_IMAGE):$(CADDY_VERSION) \ - caddy fmt --overwrite /etc/caddy/Caddyfile diff --git a/README.md b/README.md index 5b66e12..fe0ad89 100644 --- a/README.md +++ b/README.md @@ -4,13 +4,6 @@ matplotlib.org Hosting This repo enables matplotlib.org hosting using [Caddy](https://caddyserver.com/). -By default, Caddy is run in a container using `make serve`, which: - -* Runs Caddy (version can be overridden by setting `CADDY_VERSION`) in - [podman](https://podman.io/) (can be switched to docker by setting `RUNTIME`) -* Mounts Matplotlib documentation repositories from the `sites` subdirectory -* Exposes the server on port 2015 - Hosted repositories ------------------- @@ -29,18 +22,6 @@ related projects are also exposed as toplevel directories: * [mpl-gui](https://github.com/matplotlib/mpl-gui) * [mpl-third-party](https://github.com/matplotlib/mpl-third-party) -Caddy options -------------- - -The Makefile will set these options for you when mounting and running the -container, but if you wish to run Caddy directly, you may wish to set some -overrides in environment variables: - -* The host and port with `SITE_ADDRESS` (defaults to port 2015 on all - interfaces) -* The directory containing the git repositories with `SITE_DIR` (defaults to - `sites` in the current directory) - Ansible configuration ===================== From 5a5fbd89f297ec97baa710736a339e06ead80375 Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Mon, 28 Mar 2022 18:51:50 -0400 Subject: [PATCH 3/6] Update TLS certificates --- files/tls-cert.pem | 124 +++++++++++++++++++++--------------------- files/tls-privkey.pem | 34 ++++++------ 2 files changed, 79 insertions(+), 79 deletions(-) diff --git a/files/tls-cert.pem b/files/tls-cert.pem index 73731f1..537ff19 100644 --- a/files/tls-cert.pem +++ b/files/tls-cert.pem @@ -1,63 +1,63 @@ $ANSIBLE_VAULT;1.1;AES256 -63373333393661613738643337653438636564316132386161383862656364613766663166633532 -6331376238343931386161393836666131623338643161330a663366656130633339373664643536 -32316665336531633538643566303738303761663562363761623061666665633966626134636464 -6231636537393031310a336136666332366662393061333230316262326132373731613664643039 -32316133346533313233386630393763383134616632656665636439616532653364636562333330 -37313836343732343232343530363465656231373330323765303438346331646230353039333962 -30386165393936353936336261376566633131313335336636343033633233633365663964313966 -65313533313464336665663964626439656235613730663234363664326632316132353065353336 -61343835356363333365343864346562366164643936626162366462306362613636613133626436 -62636231303565363837666634306162393065643462336464306331616264653533646235623538 -35663763303961366164646166363132386436316538623535633261343465323833323238356366 -34356365393532633131343638323235363533313936333062393935393161303731313766336430 -39633462623637623964623138623236653332343966353433356565313932363362636261393766 -63653430383063643436623037323439323564633662343035303532396335643566333937336233 -36333036366262393638616237333233303038616438383931396237663133366135653037343564 -31616533393636306632383562316462386537653830306165616135656464663237316433306465 -33323137396631653338666333373766386330393564343239313936353065333632316139656163 -63633562653339333730356635383239323730323563303461663737333938376439663435316330 -38626362366132306137643930393931333262393661303362623235333062666461303238346531 -66306366633234363230393533343962623736323339616337326438306561616335373438623361 -66376633383539393334396436633030653438386538313133376131656165303532383763653561 -33333039323761646630323134643266613236323966323565643835313163653066633261373231 -61613063666536373132323163623666313661626362623333333463363436306361646362366631 -39383130373166306231663766623531346261393436313737653765643161373939653832343336 -36353565323138393234653830653133323863393739353062613933333463353430396639303034 -34616432633133356266386132323565663363386365646437336631393862643533393064666333 -66336536353232666634353835663636386363393663326630346463646265336532323864656238 -62616231336266626238626434393434626133663733303162646461313835623961616539633832 -33346430666165396436653235313232323633623434623464653932616362306563336465313932 -65383330643037393139333564306164346539663636346438373733623939356265346261653961 -32613136373837356430396434373666393663313531623664366462643161323365373834323630 -39626335303832346631326163616632636563643930306463346561623662346465353832643730 -37316539326564616233363031666532356530303965666636393439613534393839626139666464 -64613864323464333465366566613838396566363037393438363265323136616564383964366334 -31663364323332376561363434303565346536656564643966366138636138373936393933303837 -63613933316565653962666263373835326630333833313464333636316664326262313964376238 -33366232366465653539383535383937343337333530346338366635373039306163373635356634 -31313138366665366533303137353237306338646437393864323839353834306265313262313666 -65303739333164633661363566656364366532343432376566626262643833376237383364623935 -32303131376132393735336464643638376266623733626436643230633239623330393835616261 -61363466303435346238363963653931636338613034626262373331626135643130656361353534 -39613163656464326637323136373434643763373362383462333235643130353265646265376336 -30323863366563663833306439616237613136333165323962346636643563323532666635613138 -66373663333430346265376138306262316438393161656663366465363565623364363633643933 -61643961393164363039343838646265396333323630316636636330346337656332646437316262 -36643537323532356535646161653435306166343663623734353136623038646130346265656138 -65336333363663643361616261343164623166613162316132306531313363323762653165616563 -34356535623639366432396430666131316466306230653265336334393036306664383434613030 -32306662363362303061373235393636633566393861623864336363313464633332363363306333 -62393232386664333261623738613965633633393963316264333064663230383366363030623465 -36626430633233646462336266663033313365323665633566623731663566383063383030616261 -65336435626635393632613234373237626363653764373933643464646538356165353737373837 -36656266366531373032346364336130343833613838313264643631393265626531363030656137 -33386635663231386339666332323432363431303565666265303035383666633534613530646430 -66633763366366303562323238653964303161393638303463396539323236396637373665363637 -31616163303261316362323064336265396332613832316163346362306431306532613130376430 -30376237636261383737643061393832346265626530653162613135383039346664623338363738 -34336665353264666633323664326530323137383936616537616262373264336639386230353139 -30336364623366616366613137626339396332643162383235666339616436636136373433663431 -62653735376334643131306537653063383537333063313435343736356539373336343035336463 -31656333393035646534356366623966313461393462386338363139313463306465636635623139 -6562336532663631643134393933666262343333353265656363 +34666361323566326165323238646331623036633562646664376466336563363865663966393832 +3135666362343964313339323634326232626431363461340a303533316165626439663963623436 +62643962646665383431623864393632333530626635336462356537326432373232313531396563 +6332633162663865640a353231333665343965373465313436396262376366616266633738333432 +34313530343430353763303033363434353733313165343861303331306137343839356439386465 +61316334666163346138326564386139333539313331313430666363666232356638376364613365 +37613836633064396361663031353532363131663563346264663735336261376663623461653561 +37376662393334623130636561383463343838653937353334383964613563613632373836366337 +31356162663437373334616433356165303661653634613462633531613434616637626234383838 +38633765636665663131373266376133653136383161313362613533383537366562616365376631 +63663766623965656633323132643730626339386130393961323732353135393033393633633264 +33643637383239343033636637343330363237633866613834363365633764386330646437316666 +37373636313466613337353831376630666335363234323839623135386266613439356533663063 +36623635646363613830613263343235306561653432396533663435386236383564653364666539 +34323462393236653035316630373831316531333232626563333336373265643234383236303537 +66356464653133626665383662323062623035383565333137393531306266346266623838383433 +63636530323330386464383830396232653866616338636233366139376335373631303531366165 +36383635626462353564373564633137396630653264336232376466323162363136316334316231 +39323265343631356230313735386265356664303934616435653837393764613664663832633431 +63353137373866366630353261373332633338633032313530623339643663346133343434393131 +66303166363165386438633530313463363735336232313162346365336662643838353761323430 +65323136316666393963313565343935323438616264376464303461366463386633326638333863 +31653637373366633732356665353336653830623431663862646631663934333438633530323761 +37623065663563343930326239306535653635653034303238636462363863386131323265303038 +32383739633762356233333065623466303536393038653737616361666564346130303461303032 +38653138313839393330396632643932333561653532346535336330636430663633356439376430 +38613865353666323632326633613132356638303166323661363062393931336634666238613461 +34653934623434303233643031653536383233626233376532356465343462623564333032656130 +32386232633731363131643234343864336530363266396464623831366431313837633033303238 +37346130373030373862633339333539306266663332366666626432656437386239656330646335 +32633635303762666532373566333336376665653164333339353435646562373339396337313036 +35353464313565306535306264343838376233333831646134333837623933333665636535356464 +36626461363230376438666263323938623930343566633864653434363765613663396261306461 +35613134346335383432366436653966356536306630326134656436626236343335643537306634 +63636666656534386330316365643139363833366634356533393936333733366136303164353430 +64313838336466643836376165616234613932353030656561663237323537363838646663376433 +39393633663837356338653932643266643635386235306461653733633266393038366336623232 +61636162363331666333643630666335653030353931303461313965316533303338313130313466 +31643937396334373335336334303333343963653130336562613836363334663665326366376233 +61663064353362663730386639396431616132653363653438613862616532336138366265313032 +65623361316566663065613536396432316136346663306532383337396234353032636230623065 +36613931396137313938663664373836633937306236343865626631383834306131623065353838 +61353331386565313933363538353861343537386564356239336632393630656135386333323539 +63383663356230306536616664363933373439326230613730656362653133326339323635346530 +36656634396164643263356134333839623465356562613837656661663036356430306261646136 +33313139306163663631343532626364643263663333336639313835383832326264343465613434 +30353164636536663935626637373561626336353263316662626138663338656635643238376637 +39636562643733643538363961393834393661643032373836343561363136343235653264366135 +34333831373138306238633238633131663133613066366562666435663266363339316537323937 +64366231613661646663636666653263306539303630663439303131326662343965326335323765 +33633930653933393062643034373564363838303737313238306535346661363764383637636537 +64373331366636336331363362343538326236343566313666623235383135646438346536346435 +30366436643637313531376638636639313337333034373933373866343036386331643433323164 +64393934383938616362316136643662623639343736343639323230343861396635333663313835 +31613133356634626464623362376633666463623266326664396462656137633931646564623436 +66386664313936616331303834626430346135653432336334613031663231313635363866336334 +62313133633633336136613434323335356234653264336130303538313964306165653361616434 +33356562303839646436353939663739316161383939383563623336336563356430373833636439 +66336233306436636364373638343164376461323937623332326663383831623334633433313730 +33613766333238616263663639613037346165666361303963356138336262376538376131373937 +37353131306438643839653464656337343461303536616139306439306434333637363136343533 +3136656536343965663632366336353436363764666337653035 diff --git a/files/tls-privkey.pem b/files/tls-privkey.pem index 5bdc985..252849c 100644 --- a/files/tls-privkey.pem +++ b/files/tls-privkey.pem @@ -1,18 +1,18 @@ $ANSIBLE_VAULT;1.1;AES256 -63333331343239616534613261333630363931366162663936663362353737613330366366343264 -6364646165303265613966653366343365633832656364330a316162333666636632333066663739 -62326136623262336461613738316632643736306433616531656161363066353366373838326663 -3264633533373134360a373137323161383436666139656339343561343730343838393739616163 -37616661653465386132356230663133666464653736383533396232356263366536393232633765 -36626133663738646434396332303062393534346630383964353561646631616139323665306239 -62636362326633393064343630646131613637326430653863373233316139636130666538663037 -39326562626137376161323936663838633136653735373661336365343432323762353033306366 -61666361363538653065313139383133366461666562656666336536396432316263373862363837 -32363734316563376166633063623863396161313636333539633464303765356165623865613964 -39326238396339616436663035313737623731646536316338653334323334666437653037396231 -64303534353637643937643961353862316133353831613261396238373332396436386466633835 -30633163333163343738383561666462323639316361303833343634616663393062363236336634 -64366434633631366438663638306266323039393962623837636338643565366237356235363831 -38343033353636626338393039353761303030343536653338363063623636333439383136356130 -63343834633537383766373430636363326331353262386233633434623861643338303864613033 -3361 +31626637333464396361366362366561613266623130313539643431316362333962323234633937 +6230643339343530356136303965613564323936663834620a616337646561323535303335366435 +65366439643932363962306464636237373538356163653138396238353435303631353063626138 +6532376231386636330a383063393762643933323661653636303838613962316637353332303132 +38626131323362366165613736313266316231396633346330333635353462626366663333363338 +31383637363462643761636339643364653161323734306562646339366435343063356461626337 +66383366636566343339626364303138653936333162316631306335633534663536313033386261 +63393032373462383434653762313065633232363963366466343764353832653762646430316261 +36363032316332666632623730373638316164313032643063376435633135393339303030336662 +34383231396134623062323839333636623361636362663837646636313835616163343839656466 +31303135346134323762643633363731643963323535323561323531386663636434663033623931 +64323930626236633766666366356337646538613366663339353563616638333532353438373632 +38366536356363333564363265323637383764323737616637303834386665363533386261643630 +62656562333637383361356334383762396361623338303163663435313637646464656534646535 +37633861363432353236363562643139376338643230366532643466386138383234386339386165 +37336335396161626432363133323033623263643466323031383861356130333536353862373932 +6333 From b9c46d20dcdb8cd38bd5c5d79c772d288723ce24 Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Tue, 29 Mar 2022 04:45:33 -0400 Subject: [PATCH 4/6] Split webhook into a separate domain And thus drop the mirroring of the main site to the webhook domain and vice versa. Fixes #10 --- matplotlib.org.yml | 4 +++- templates/Caddyfile.j2 | 53 ++++++++++++++++++++++++------------------ 2 files changed, 33 insertions(+), 24 deletions(-) diff --git a/matplotlib.org.yml b/matplotlib.org.yml index 38937cc..797df2d 100644 --- a/matplotlib.org.yml +++ b/matplotlib.org.yml @@ -2,7 +2,9 @@ - hosts: website vars: caddy: - address: "https://do.matplotlib.org, https://matplotlib.org" + addresses: + main: "https://matplotlib.org" + webhook: "https://do.matplotlib.org" site_dir: "/usr/share/caddy" tls_config: "tls /etc/caddy/tls/cert.pem /etc/caddy/tls/privkey.pem" repos: diff --git a/templates/Caddyfile.j2 b/templates/Caddyfile.j2 index 701e109..fca23ba 100644 --- a/templates/Caddyfile.j2 +++ b/templates/Caddyfile.j2 @@ -12,40 +12,47 @@ } } -{{ caddy.address }} { +# Setup webhooks +{{ caddy.addresses.webhook }} { {% if caddy.tls_config is defined %} {{ caddy.tls_config }} {% endif %} root * {{ caddy.site_dir }} - # Setup a webhook - handle /gh/* { - # https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#delivery-headers - @valid_webhook { - method POST - header Content-Type application/json - header User-Agent GitHub-Hookshot/* - header X-GitHub-Event ping - header X-GitHub-Event push - header X-GitHub-Delivery * - header X-Hub-Signature-256 * - } + # https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#delivery-headers + @valid_webhook { + path /gh/* + method POST + header Content-Type application/json + header User-Agent GitHub-Hookshot/* + header X-GitHub-Event ping + header X-GitHub-Event push + header X-GitHub-Delivery * + header X-Hub-Signature-256 * + } - handle @valid_webhook { - reverse_proxy * localhost:1234 { - # Don't leak out internal problems. - @error status 4xx 5xx - handle_response @error { - error 400 - } + handle @valid_webhook { + reverse_proxy * localhost:1234 { + # Don't leak out internal problems. + @error status 4xx 5xx + handle_response @error { + error 400 } } + } - handle { - error 400 - } + handle { + error 404 } +} + +{{ caddy.addresses.main }} { +{% if caddy.tls_config is defined %} + {{ caddy.tls_config }} +{% endif %} + + root * {{ caddy.site_dir }} {% for site in repos %} import subproject {{ site }} From 5a30f4754637579f61f778e8eda1a3b4f8f0284c Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Tue, 29 Mar 2022 05:02:00 -0400 Subject: [PATCH 5/6] Auto-set https/http in config based on TLS setting --- matplotlib.org.yml | 4 ++-- templates/Caddyfile.j2 | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/matplotlib.org.yml b/matplotlib.org.yml index 797df2d..f1a7451 100644 --- a/matplotlib.org.yml +++ b/matplotlib.org.yml @@ -3,8 +3,8 @@ vars: caddy: addresses: - main: "https://matplotlib.org" - webhook: "https://do.matplotlib.org" + main: "matplotlib.org" + webhook: "do.matplotlib.org" site_dir: "/usr/share/caddy" tls_config: "tls /etc/caddy/tls/cert.pem /etc/caddy/tls/privkey.pem" repos: diff --git a/templates/Caddyfile.j2 b/templates/Caddyfile.j2 index fca23ba..496f089 100644 --- a/templates/Caddyfile.j2 +++ b/templates/Caddyfile.j2 @@ -13,9 +13,11 @@ } # Setup webhooks -{{ caddy.addresses.webhook }} { {% if caddy.tls_config is defined %} +https://{{ caddy.addresses.webhook }} { {{ caddy.tls_config }} +{% else %} +http://{{ caddy.addresses.webhook }} { {% endif %} root * {{ caddy.site_dir }} @@ -47,9 +49,11 @@ } } -{{ caddy.addresses.main }} { {% if caddy.tls_config is defined %} +https://{{ caddy.addresses.main }} { {{ caddy.tls_config }} +{% else %} +http://{{ caddy.addresses.main }} { {% endif %} root * {{ caddy.site_dir }} From fca6f71c47a3e82e0ed8fcf7dd63e0129aceba94 Mon Sep 17 00:00:00 2001 From: Elliott Sales de Andrade Date: Wed, 30 Mar 2022 00:13:38 -0400 Subject: [PATCH 6/6] Validate templated Caddyfile before deployment We can't do this in general, but at least can catch any issues before Ansible deploys the expanded configuration. --- matplotlib.org.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/matplotlib.org.yml b/matplotlib.org.yml index f1a7451..c38e347 100644 --- a/matplotlib.org.yml +++ b/matplotlib.org.yml @@ -163,6 +163,7 @@ ansible.builtin.template: src: Caddyfile.j2 dest: /etc/caddy/Caddyfile + validate: "caddy validate --adapter caddyfile --config %s" notify: Reload Caddy - name: Configure Caddy TLS certificate directory