chef-server-webapp cookbook
This cookbook configures Omnibus Chef server as an Apache webapp. This makes it possible to host other HTTP services on the same node that runs Chef server, and makes it easier to unify http configuration across multiple services.
This cookbook's home is at https://github.com/3ofcoins/chef-cookbook-chef-server-webapp/
Requirements
apache2
cookbookchef-server
cookbook version 2.0.0+
Usage
Configure node['chef-server']['webapp']['ssl_key_path']
and
node['chef-server']['webapp']['ssl_certificate_path']
to run over
https. You need to get the key & certificate files to the server
earlier in the run list; you may use
ssl-key-vault
for this.
Make sure node['chef-server']['api_fqdn']
contains proper FQDN.
Add recipe[chef-server-webapp]
to your run list.
Attributes
chef-server.webapp.backend_https_port
-- port to configure omnibus chef server's nginx to listen on; default is 17443chef-server.webapp.ssl_key_path
,chef-server.webapp.ssl_certificate_chain_path
(optional), andchef-server.webapp.ssl_certificate_path
-- HTTPS keys.
Recipes
default
-- configures Omnibus chef server as a webapp.
Notes
This cookbook works by reconfiguring chef-server's nginx to listen on a high port number, and by proxying there over https from Apache. This is not the most efficient way of making it work: we forward https to https backend (otherwise bookshelf URLs generated by Chef API are wrong), so there's double encryption, and nginx shouldn't be required at all - Apache can be configured as the load balancer itself. If this is a performance issue for you, probably you need to run chef-server on a separate machine anyway.
Test cases are still a TODO.
Author
Author:: Maciej Pasternacki [email protected]