ctor: add initial host specification

Author: ForNeVeR

.editorconfig

@@ -0,0 +1,8 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+insert_final_newline = true

Readme.md

@@ -13,6 +13,13 @@ We're hosting a set of services:
 If you have an issue with any of these services, feel free to [open an
 issue][issues].
 
+Host specification
+------------------
+
+- [codingteam.org.ru][host-ctor]
+
+[host-ctor]: ctos/Host.md
+
 [codingteam.org.ru]: https://codingteam.org.ru
 [issues]: https://github.com/codingteam/devops/issues
 [loglist.net]: https://loglist.net

ctor/Host.md

@@ -0,0 +1,24 @@
+codingteam.org.ru
+-----------------
+
+This is a service hosted on Digital Ocean.
+
+Enabled end-user services:
+
+- [codingteam.org.ru][]
+- [loglist][]
+- [svg-cgs][]
+
+Make sure to set up `/etc/loglist/loglist.conf` (see
+[`loglist.sample.conf`][loglist-sample-conf]).
+
+Enabled infrastructural services:
+
+- nginx
+- PostgreSQL
+
+[loglist-sample-conf]: etc/loglist/loglist.conf
+
+[codingteam.org.ru]: https://github.com/codingteam/codingteam.org.ru
+[loglist]: https://github.com/codingteam/loglist
+[svg-cgs]: https://github.com/codingteam/svg-cgs

ctor/etc/loglist/loglist.sample.conf

@@ -0,0 +1,10 @@
+APPLY_EVOLUTIONS_SILENTLY=true
+APPROVAL_EMAIL=loglist@example.com
+APPROVAL_EMAIL_PASSWORD=example-mail-password
+APPROVAL_SMTP_HOST=smtp.example.com
+BASIC_AUTH_PASSWORD=basic-password
+BASIC_AUTH_USERNAME=example-user
+DATABASE_URL=jdbc:postgresql:loglist?user=username&password=postgresql-password
+JAVA_OPTS=-Xmx384m -Xss512k -XX:+UseCompressedOops
+RECAPTCHA_PRIVATE_KEY=recaptcha-private-key
+RECAPTCHA_PUBLIC_KEY=recaptcha-public-key

ctor/etc/nginx/nginx.conf

@@ -0,0 +1,95 @@
+user www-data;
+worker_processes 4;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# nginx-naxsi config
+	##
+	# Uncomment it if you installed nginx-naxsi
+	##
+
+	#include /etc/nginx/naxsi_core.rules;
+
+	##
+	# nginx-passenger config
+	##
+	# Uncomment it if you installed nginx-passenger
+	##
+	
+	#passenger_root /usr;
+	#passenger_ruby /usr/bin/ruby;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

ctor/etc/nginx/sites-available/cad

@@ -0,0 +1,8 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name cad.codingteam.org.ru;
+
+    root /opt/svg-cgs;
+    index index.html index.htm;
+}

ctor/etc/nginx/sites-available/default

@@ -0,0 +1,37 @@
+server {
+        listen 443 ssl;
+        server_name codingteam.org.ru;
+        keepalive_timeout 60;
+        ssl_certificate /etc/letsencrypt/live/loglist.net/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/loglist.net/privkey.pem;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers  "HIGH:!aNULL:!MD5:!kEDH";
+        add_header Strict-Transport-Security 'max-age=15552000';
+
+	location /_logs/ {
+		proxy_set_header X-Forwarded-Host $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_http_version 1.1;
+                proxy_pass http://0xd34df00d.me/logs/chat/;
+	}
+
+
+        location / {
+                 proxy_set_header X-Forwarded-Host $host;
+                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                 proxy_set_header X-Forwarded-Proto $scheme;
+                 proxy_set_header Host codingteam.org.ru;
+                 proxy_http_version 1.1;
+                 proxy_pass http://localhost:5000/;
+        }
+}
+
+server {
+	listen 80;
+	server_name codingteam.org.ru;
+
+	location / {
+		 rewrite ^(.*)$ https://codingteam.org.ru$1 permanent;
+	}
+}

ctor/etc/nginx/sites-available/loglist

@@ -0,0 +1,56 @@
+# You may add here your
+# server {
+#	...
+# }
+# statements for each of your virtual hosts to this file
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+server {
+        listen 443 ssl;
+        server_name loglist.net;
+	keepalive_timeout 60;
+        ssl_certificate /etc/letsencrypt/live/loglist.net/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/loglist.net/privkey.pem;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers  "HIGH:!aNULL:!MD5:!kEDH";
+        add_header Strict-Transport-Security 'max-age=15552000';
+
+        location / {
+                 proxy_set_header X-Forwarded-Host $host;
+                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                 proxy_set_header X-Forwarded-Proto $scheme;
+                 proxy_set_header Host loglist.net;
+                 proxy_http_version 1.1;
+                 proxy_pass http://localhost:9000/;
+        }
+}
+
+
+server {
+	listen 80;
+	server_name loglist.net;
+
+	location / {
+		 rewrite ^(.*)$ https://loglist.net$1 permanent;
+	}
+}
+
+server {
+	listen 80;
+	server_name *.loglist.net;
+	location / {
+		 return 301 https://loglist.net$request_uri;
+	}
+}

ctor/etc/systemd/system/cor-site.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=codingteam.org.ru site
+After=network.target
+
+[Service]
+User=cor-site
+WorkingDirectory=/opt/codingteam/codingteam.org.ru/
+ExecStart=/usr/bin/dotnet /opt/codingteam/codingteam.org.ru/codingteam.org.ru.dll
+
+[Install]
+WantedBy=multi-user.target

ctor/etc/systemd/system/loglist.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=loglist.net site
+After=network.target
+
+[Service]
+EnvironmentFile=/etc/loglist/loglist.conf
+ExecStart=/opt/loglist/bin/loglist-jvm -Dhttp.port=9000 -Dhttp.address=127.0.0.1
+
+[Install]
+WantedBy=multi-user.target