chef-server-webapp cookbook

This cookbook configures Omnibus Chef server as an Apache webapp. This makes it possible to host other HTTP services on the same node that runs Chef server, and makes it easier to unify http configuration across multiple services.

This cookbook's home is at https://github.com/3ofcoins/chef-cookbook-chef-server-webapp/

Requirements

• apache2 cookbook
• chef-server cookbook version 2.0.0+

Usage

Configure node['chef-server']['webapp']['ssl_key_path'] and node['chef-server']['webapp']['ssl_certificate_path'] to run over https. You need to get the key & certificate files to the server earlier in the run list; you may use ssl-key-vault for this.

Make sure node['chef-server']['api_fqdn'] contains proper FQDN.

Add recipe[chef-server-webapp] to your run list.

Attributes

• chef-server.webapp.backend_https_port -- port to configure omnibus chef server's nginx to listen on; default is 17443
• chef-server.webapp.ssl_key_path, chef-server.webapp.ssl_certificate_chain_path (optional), and chef-server.webapp.ssl_certificate_path -- HTTPS keys.

Recipes

• default -- configures Omnibus chef server as a webapp.

Notes

This cookbook works by reconfiguring chef-server's nginx to listen on a high port number, and by proxying there over https from Apache. This is not the most efficient way of making it work: we forward https to https backend (otherwise bookshelf URLs generated by Chef API are wrong), so there's double encryption, and nginx shouldn't be required at all - Apache can be configured as the load balancer itself. If this is a performance issue for you, probably you need to run chef-server on a separate machine anyway.

Test cases are still a TODO.

Author

Author:: Maciej Pasternacki [email protected]