Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change domain csicsoka.org to openfood.hu #931

Merged
merged 1 commit into from
Jul 29, 2024

Conversation

dacook
Copy link
Member

@dacook dacook commented Jul 24, 2024

@dacook dacook self-assigned this Jul 24, 2024
@rioug rioug merged commit 90c3715 into openfoodfoundation:master Jul 29, 2024
2 checks passed
@dacook
Copy link
Member Author

dacook commented Jul 30, 2024

Provisioned on hu_prod (also with #933 )

The following changes were observed.

In summary:

  • /home/openfoodnetwork/apps/openfoodnetwork/shared/config/.env.production
  • bash_profile
  • certbot config (this tool automatically renews SSL certificates)
TASK [app : template files] ********************************************************************************************
changed: [openfood.hu] => (item={'src': 'env.j2', 'dest': '/home/openfoodnetwork/apps/openfoodnetwork/shared/config/.env.production'})

TASK [app_user : Write bash_profile for app user] **********************************************************************
changed: [openfood.hu]
TASK [add nodenv to user path] *****************************************************************************************
changed: [openfood.hu]
TASK [geerlingguy.postgresql : Configure host based authentication (if entries are configured).] ***********************
changed: [openfood.hu]

TASK [coopdevs.certbot_nginx : Extract current domains list from the certificate] **************************************
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo
changed: [openfood.hu]
TASK [jdauphant.nginx : Ensure APT official nginx key] *****************************************************************
changed: [openfood.hu]
changed: [openfood.hu] => (item={'key': 'ofn_80', 'value': ['listen 80;\nlisten [::]:80;\nserver_name openfood.hu;\n\nadd_header X-Content-Type-Options nosniff always;\nadd_header X-Xss-Protection "1; mode=block" always;\n\nlocation \'/.well-known/acme-challenge\' {\n  default_type "text/plain";\n  root /etc/letsencrypt/webrootauth;\n}\n\n\n\nlocation / {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  return 301 https://openfood.hu$request_uri;\n}\n']})
changed: [openfood.hu] => (item={'key': '000_redirect_www', 'value': ['listen 443 ssl http2;\nlisten [::]:443 ssl http2;\nserver_name www.openfood.hu;\n\nssl_certificate      /etc/letsencrypt/live/openfood.hu/fullchain.pem;\nssl_certificate_key  /etc/letsencrypt/live/openfood.hu/privkey.pem;\n\nssl_protocols TLSv1.2;\nssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;\nssl_prefer_server_ciphers on;\n\n\n\nreturn 301 https://openfood.hu$request_uri;\n']})
changed: [openfood.hu] => (item={'key': 'ofn_443', 'value': ['listen 443 ssl http2;\nlisten [::]:443 ssl http2;\nserver_name openfood.hu;\nroot /home/openfoodnetwork/apps/openfoodnetwork/current/public;\n\nssl_certificate      /etc/letsencrypt/live/openfood.hu/fullchain.pem;\nssl_certificate_key  /etc/letsencrypt/live/openfood.hu/privkey.pem;\n\nssl_protocols TLSv1.2;\nssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;\nssl_prefer_server_ciphers on;\n\n\n\nadd_header X-Content-Type-Options nosniff always;\nadd_header X-Xss-Protection "1; mode=block" always;\n\ngzip on;\ngzip_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;\ngzip_disable "msie6";\n\nbrotli on;\nbrotli_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;\n\ntry_files $uri/index.html $uri @rails;\nlocation @rails {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n\n  if (-f /etc/nginx/maintenance.html) {\n    return 503;\n  }\n\n  gzip_proxied no-cache no-store private expired auth;\n  proxy_http_version 1.1;\n  proxy_set_header X-Real-IP $remote_addr;\n  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n  proxy_set_header Host $host;\n  proxy_set_header X-Forwarded-Proto $scheme;\n  proxy_set_header X-Request-Start "t=${msec}";\n  proxy_redirect off;\n  proxy_pass http://rails;\n}\n\nlocation ~ ^/(assets)/ {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  gzip_static on;\n  brotli_static on;\n  expires max;\n  add_header Cache-Control public;\n}\n\nerror_page 500 502 504 /500.html;\nerror_page 503 @maintenance;\n\nlocation @maintenance {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  root /etc/nginx;\n  try_files /maintenance.html =503;\n}\n\nlocation /cable {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  proxy_pass http://rails;\n  proxy_http_version 1.1;\n  proxy_set_header X-Forwarded-Proto https;\n  proxy_set_header X-Forwarded-Ssl on;\n  proxy_set_header Upgrade $http_upgrade;\n  proxy_set_header Connection "upgrade";\n  proxy_set_header Host $host;\n}\n\nclient_max_body_size 4G;\nkeepalive_timeout 30;\nproxy_read_timeout 30;\nproxy_send_timeout 30;\n\ninclude /etc/nginx/sites-available/ofn/*;\n']})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants