configure an Nginx proxy for cortex.status.im

Signed-off-by: Jakub Sokołowski <[email protected]>
status-im · Oct 13, 2020 · 9ef85ce · 9ef85ce
1 parent ca0936b
commit 9ef85ce
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/ansible/group_vars/thehive-master.yml b/ansible/group_vars/thehive-master.yml
@@ -1,7 +1,6 @@
 ---
 # Cortex -----------------------------------------------------------------------
-
-# Ports
+cortex_domain: 'cortex.status.im'
 cortex_port: 9001
 
 # Paths
@@ -20,11 +19,7 @@ cortex_search_nodes: |
     | list }}
 
 # The Hive ---------------------------------------------------------------------
-
-# The Hive UI
 the_hive_domain: 'hive.status.im'
-
-# Ports
 the_hive_port: 9000
 
 # TheHive application secret
@@ -88,3 +83,30 @@ nginx_sites:
         proxy_set_header X-Forwarded-Host  $host;
         proxy_set_header X-Forwarded-Port  $server_port;
       }
+
+  cortex_http:
+    - listen 80
+    - server_name {{ cortex_domain }}
+    - return 302 https://$server_name$request_uri
+
+  cortex_https:
+    - listen 443 ssl
+    - server_name {{ cortex_domain }}
+
+    - ssl_certificate     /certs/status.im/origin.crt
+    - ssl_certificate_key /certs/status.im/origin.key
+
+    - location / {
+        proxy_pass http://127.0.0.1:{{ cortex_port }}/;
+        proxy_http_version  1.1;
+        proxy_cache_bypass  $http_upgrade;
+        proxy_read_timeout 3600;
+        proxy_set_header Upgrade           $http_upgrade;
+        proxy_set_header Connection        "upgrade";
+        proxy_set_header Host              $host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host  $host;
+        proxy_set_header X-Forwarded-Port  $server_port;
+      }
diff --git a/dns.tf b/dns.tf
@@ -7,6 +7,15 @@ resource "cloudflare_record" "hive_ui" {
   proxied = true
 }
 
+resource "cloudflare_record" "cortex_ui" {
+  zone_id = lookup(local.zones, "status.im")
+  type    = "A"
+  name    = "cortex"
+  value   = module.hive_master.public_ips[count.index]
+  count   = length(module.hive_master.public_ips)
+  proxied = true
+}
+
 resource "cloudflare_record" "hive_es_hq" {
   zone_id = lookup(local.zones, "status.im")
   type    = "A"