GoCD

source/resources/apps/gocd/forksand-gocd-setup

@@ -15,3 +15,60 @@ ssh -N -C -L 8153:localhost:8153 gocd
 
 # On workstation, go to:
 # http://127.0.0.1:8153/
+
+# See: https://docs.gocd.org/current/configuration/dev_authentication.html
+# Configure to set up admin user (before opening to public)
+# http://127.0.0.1:8153/go/admin/security/auth_configs
+# Create a new authorization configuration
+# Name it "forksand" for Id.
+# Plugin: Password File Authentication Plugin
+# Password file path: /etc/go/password.properties
+
+# No:
+touch /etc/go/password.properties
+chown go:go /etc/go/password.properties
+
+# meh, use apache utils for password, but use nginx for proxy
+apt install apache2-utils
+
+# Create password:
+htpasswd -B /etc/go/password.properties jebba
+
+# Then login again with new user created above:
+# http://127.0.0.1:8153/
+# Go here:
+# http://127.0.0.1:8153/go/admin/users
+# And enable the new user as an admin
+
+# Set up reverse proxy like:
+# https://docs.gocd.org/current/installation/configure-reverse-proxy.html
+# Set up nginx
+apt install nginx
+# Note, install barfs because it tries to set up IPv6 by default
+# Edit this file and remove the line after:
+vim /etc/nginx/sites-available/default
+        listen [::]:80 default_server;
+
+# Then run to finish nginx install:
+apt -f install
+
+# Open up firewall ports on main firewall and iptables.
+
+# Set up certbot:
+apt install python3-certbot-nginx
+
+certbot                                                                 \
+        --authenticator standalone                                      \
+        --installer nginx                                              \
+        -d gocd.forksand.com						\
+        --email letsencrypt@forksand.com                                \
+        --pre-hook "systemctl stop nginx"                               \
+        --post-hook "systemctl start nginx"
+
+# Make sure all is good, if so, set up nginx as proxy.
+
+
+# Disks
+# Check here:
+# /var/lib/go-server/
+# /var/lib/go-server/artifacts

source/resources/apps/gocd/nginx-default

@@ -0,0 +1,47 @@
+server {
+	server_name               gocd.forksand.com;
+	root /var/www/html;
+	index index.html index.htm index.nginx-debian.html;
+    server_name gocd.forksand.com; # managed by Certbot
+	location / {
+#		try_files $uri $uri/ =404;
+  # Proxy everything over to the GoCD server
+    proxy_set_header        Host            $host;
+    proxy_set_header        X-Real-IP       $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_http_version      1.1;
+    proxy_set_header 	      Upgrade $http_upgrade;
+    proxy_set_header 	      Connection $connection_upgrade;
+    proxy_pass              http://localhost:8153/;
+    
+    # To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
+    # setting to `0` will disable checking for body size.
+    # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
+    client_max_body_size  10000m;
+	}
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/gocd.forksand.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/gocd.forksand.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+server {
+    if ($host = gocd.forksand.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+	listen 80 ;
+    server_name gocd.forksand.com;
+    return 404; # managed by Certbot
+
+}
+