diff --git a/source/resources/apps/gocd/forksand-gocd-setup b/source/resources/apps/gocd/forksand-gocd-setup index 847fdba..237c5a3 100755 --- a/source/resources/apps/gocd/forksand-gocd-setup +++ b/source/resources/apps/gocd/forksand-gocd-setup @@ -15,3 +15,60 @@ ssh -N -C -L 8153:localhost:8153 gocd # On workstation, go to: # http://127.0.0.1:8153/ + +# See: https://docs.gocd.org/current/configuration/dev_authentication.html +# Configure to set up admin user (before opening to public) +# http://127.0.0.1:8153/go/admin/security/auth_configs +# Create a new authorization configuration +# Name it "forksand" for Id. +# Plugin: Password File Authentication Plugin +# Password file path: /etc/go/password.properties + +# No: +touch /etc/go/password.properties +chown go:go /etc/go/password.properties + +# meh, use apache utils for password, but use nginx for proxy +apt install apache2-utils + +# Create password: +htpasswd -B /etc/go/password.properties jebba + +# Then login again with new user created above: +# http://127.0.0.1:8153/ +# Go here: +# http://127.0.0.1:8153/go/admin/users +# And enable the new user as an admin + +# Set up reverse proxy like: +# https://docs.gocd.org/current/installation/configure-reverse-proxy.html +# Set up nginx +apt install nginx +# Note, install barfs because it tries to set up IPv6 by default +# Edit this file and remove the line after: +vim /etc/nginx/sites-available/default + listen [::]:80 default_server; + +# Then run to finish nginx install: +apt -f install + +# Open up firewall ports on main firewall and iptables. + +# Set up certbot: +apt install python3-certbot-nginx + +certbot \ + --authenticator standalone \ + --installer nginx \ + -d gocd.forksand.com \ + --email letsencrypt@forksand.com \ + --pre-hook "systemctl stop nginx" \ + --post-hook "systemctl start nginx" + +# Make sure all is good, if so, set up nginx as proxy. + + +# Disks +# Check here: +# /var/lib/go-server/ +# /var/lib/go-server/artifacts diff --git a/source/resources/apps/gocd/nginx-default b/source/resources/apps/gocd/nginx-default new file mode 100644 index 0000000..f447012 --- /dev/null +++ b/source/resources/apps/gocd/nginx-default @@ -0,0 +1,47 @@ +server { + server_name gocd.forksand.com; + root /var/www/html; + index index.html index.htm index.nginx-debian.html; + server_name gocd.forksand.com; # managed by Certbot + location / { +# try_files $uri $uri/ =404; + # Proxy everything over to the GoCD server + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_pass http://localhost:8153/; + + # To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value. + # setting to `0` will disable checking for body size. + # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size + client_max_body_size 10000m; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/gocd.forksand.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gocd.forksand.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + if ($host = gocd.forksand.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80 ; + server_name gocd.forksand.com; + return 404; # managed by Certbot + +} + diff --git a/source/resources/spreadsheets/sharkfork.ods b/source/resources/spreadsheets/sharkfork.ods index afe0975..ebb933f 100644 Binary files a/source/resources/spreadsheets/sharkfork.ods and b/source/resources/spreadsheets/sharkfork.ods differ