added nginx support for ubuntu

.gitignore

@@ -4,4 +4,7 @@ docs/_build/*
 forge_modules/
 forge_modules/
 *.idea
 *.idea
 exodriver-master
 exodriver-master
-master.zip
+master.zip
\ No newline at end of file
+*#
+vagrant/.vagrant
+*.log

bootstrap.sh

@@ -11,7 +11,7 @@ wget https://apt.puppetlabs.com/puppet-release-bionic.deb
 dpkg -i puppet-release-bionic.deb
 dpkg -i puppet-release-bionic.deb
 add-apt-repository universe
 add-apt-repository universe
 apt-get update
 apt-get update
-apt install puppet-agent git r10k python3-pip -y
+apt install puppet-agent git r10k python3-pip build-essential -y
 
 
 pip3 install --upgrade pip
 pip3 install --upgrade pip
 
 

modules/common/files/README

+
+==== Welcome to Wattsworth ====
+
+To get started:
+
+1.) Initialize your system and start collecting data:
+    http://localhost/docs/joule/quick_start.html
+	-or-
+    https://wattsworth.net/joule/quick_start.html
+
+2.) View your data using Lumen:
+    http://localhost
+
+==== To Learn More ====
+
+Full Documentation at:
+     http://localhost/docs
+	-or-
+     https://wattsworth.net
+
+In particular you can...
+   *Use builtin modules
+   https://wattsworth.net/modules
+   
+   *Write your own modules:
+   https://wattsworth.net/joule/modules.html
+
+   *Use the API to interact with your data:
+   https://wattsworth.net/joule/api_reference.html
+
+   *Connect modules across nodes to form a data network
+   https://wattsworth.net/joule/using_joule.html#pipe-configuration
+   
+==== LICENSE ====
+
+This software was developed at the United States Naval Academy (USNA)
+by employees of the Federal Government in the course of their official
+duties. Pursuant to title 17 Section 105 of the United States Code
+this software is not subject to copyright protection and is in the
+public domain. It is an experimental system. USNA assumes no
+responsibility whatsoever for its use by other parties, and makes no
+guarantees, expressed or implied, about its quality, reliability, or
+any other characteristic. We would appreciate acknowledgement if the
+software is used. This software can be redistributed and/or modified
+freely provided that any derivative works bear some notice that they
+are derived from it, and any modified versions bear some notice that
+they have been modified.
+
+==== Contact ====
+
+John Donnal
+donnal@usna.edu
+https://www.usna.edu/Users/weaprcon/donnal/
+

modules/common/files/first_boot.sh

@@ -19,6 +19,8 @@ if [ -z "$LANG" ]; then
     export LANG=C.UTF-8
     export LANG=C.UTF-8
 fi
 fi
 
 
+# only run once
+systemctl disable first_boot.service
 
 
 (
 (
 
 
@@ -76,5 +78,5 @@ echo "# All Done!"
 sleep 1
 sleep 1
 ) | cat > $pipe
 ) | cat > $pipe
 
 
-systemctl disable first_boot.service
+
 service joule start
 service joule start

modules/common/manifests/init.pp

@@ -29,9 +29,21 @@ class common {
     mode => '0644',
     mode => '0644',
     source => 'puppet:///modules/common/chromium_policy.json'
     source => 'puppet:///modules/common/chromium_policy.json'
   }
   }
+  # Set up files on the Desktop
   file {'/etc/skel/Desktop':
   file {'/etc/skel/Desktop':
     ensure => directory,
     ensure => directory,
   }
   }
+  file {'/etc/skel/Desktop/README':
+    ensure => present,
+    source => 'puppet:///modules/common/README'
+  }
+
+  
+  vcsrepo{'/etc/skel/Desktop/example_modules':
+    ensure   => latest,
+    provider => git,
+    source   => 'https://github.com/wattsworth/example-modules.git'
+  }
 
 
   # first boot initialization scripts
   # first boot initialization scripts
   file {'/usr/local/bin/first_boot':
   file {'/usr/local/bin/first_boot':

modules/joule/manifests/init.pp

@@ -40,13 +40,6 @@ class joule {
     system => true
     system => true
   }
   }
 
 
-  vcsrepo{'/etc/skel/Desktop/example_modules':
-    ensure   => latest,
-    provider => git,
-    source   => 'https://git.wattsworth.net/wattsworth/example_modules.git',
-  }
-
-
   postgresql::server::db { 'joule':
   postgresql::server::db { 'joule':
     user => 'joule',
     user => 'joule',
     password=> postgresql_password('joule','joule'),
     password=> postgresql_password('joule','joule'),

modules/nginx/files/nginx.conf

+user joule;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/site.conf;
+}

modules/nginx/files/site.conf

+map $request_uri $joule_proxy_id {
+  "~^/joule/app/(?<id>[m|p]\d*)/(?<path>.*)$" $id;
+  default "";
+}
+map $uri $joule_proxy_uri {
+  "~^/joule/app/[m|p]\d*/(?<path>.*)$" $path;
+  default "";
+}
+map $uri $lumen_proxy_id {
+  "~^/app/(?<id>\d*)" $id; #/(?<path>.*)$" $id;
+  default "";
+}
+map $uri $lumen_proxy_uri {
+  "~^/app/(?<id>\d*)/(?<path>.*)$" $path;
+  default "";
+}
+
+map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+}
+
+server{
+  listen 80;
+  root /var/www/frontend;
+  # Help documentation
+  location /docs {
+    root /var/www/docs;
+  }
+  # Lumen frontend
+  location / {
+    try_files $uri $uri/ /index.html;
+  }
+  # Lumen backend (on Passenger)
+  location ~ ^/lumen(/.*|$) {
+    alias /opt/api/public$1;
+    passenger_base_uri /lumen;
+    passenger_app_root /opt/api;
+    passenger_document_root /opt/api/public;
+    passenger_enabled on;
+    proxy_set_header X-App-Base-Uri "/app";
+  }
+  # Lumen reverse proxy for data apps
+  location /app {
+    set $script_name "/app/${lumen_proxy_id}";
+    auth_request /lumen_proxy;
+    auth_request_set $proxy_url $upstream_http_x_proxy_url;
+    auth_request_set $joule_key $upstream_http_x_joule_key;
+    auth_request_set $session_cookie $upstream_http_set_cookie;
+    proxy_set_header X-Api-Key $joule_key;
+    proxy_pass $proxy_url$lumen_proxy_uri?$args;
+    proxy_http_version 1.1;
+    add_header Set-Cookie $session_cookie;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header X-Script-Name $script_name;
+    proxy_set_header Connection $connection_upgrade;
+
+  }
+  # Lumen proxy authorization
+  location = /lumen_proxy {
+    set $auth_url "http://127.0.0.1/lumen/app/${lumen_proxy_id}/auth";
+    internal;
+    proxy_pass  $auth_url;
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+    proxy_set_header X-Original-URI $request_uri;
+  }
+}
+server{
+  listen 443;
+  # Joule API
+  location /joule/ {
+    proxy_pass http://unix:/tmp/joule/api:/;
+    proxy_set_header X-Auth-Required "true";
+    proxy_set_header X-Api-Port "443";
+    proxy_set_header X-Api-Scheme "https";
+    proxy_set_header X-Api-Base-Uri "/joule";
+  }
+  # Do not proxy this path
+  # This route lists all active data apps
+  location /joule/app.json {
+    proxy_pass http://unix:/tmp/joule/api:/app.json;
+    proxy_set_header X-Auth-Required "true";
+  }
+  # Reverse proxy for data apps
+  location /joule/app {
+    auth_request /proxy;
+    auth_request_set $proxy_url $upstream_http_x_proxy_path;
+    proxy_pass $proxy_url$joule_proxy_uri?$args;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+  }
+  # Proxy authorization
+  location = /proxy {
+    internal;
+    proxy_pass  http://unix:/tmp/joule/api:/app/auth;
+    proxy_pass_request_body off;
+    proxy_set_header Content-Length "";
+    proxy_set_header X-App-Id $joule_proxy_id;
+    proxy_set_header X-Auth-Required "true";
+  }
+  # Lumen API
+  location /lumen/ {
+    proxy_pass http://unix:/tmp/joule/api:/;
+    proxy_set_header X-Auth-Required "true";
+  }
+
+  # Security configuration
+  ssl on;
+  ssl_certificate /etc/joule/security/server.crt;
+  ssl_certificate_key /etc/joule/security/server.key;
+}
\ No newline at end of file

modules/nginx/manifests/init.pp

-# Class: nginx
-# ===========================
-#
-# Full description of class nginx here.
-#
-# Parameters
-# ----------
-#
-# Document parameters here.
-#
-# * `sample parameter`
-# Explanation of what this parameter affects and what it defaults to.
-# e.g. "Specify one or more upstream ntp servers as an array."
-#
-# Variables
-# ----------
-#
-# Here you should define a list of variables that this module would require.
-#
-# * `sample variable`
-#  Explanation of how this variable affects the function of this class and if
-#  it has a default. e.g. "The parameter enc_ntp_servers must be set by the
-#  External Node Classifier as a comma separated list of hostnames." (Note,
-#  global variables should be avoided in favor of class parameters as
-#  of Puppet 2.6.)
-#
-# Examples
-# --------
-#
-# @example
-#    class { 'nginx':
-#      servers => [ 'pool.ntp.org', 'ntp.local.company.com' ],
-#    }
-#
-# Authors
-# -------
-#
-# Author Name <author@domain.com>
-#
-# Copyright
-# ---------
-#
-# Copyright 2019 Your name here, unless otherwise noted.
-#
 class nginx {
 class nginx {
   if $facts['platform'] == 'ubuntu'{
   if $facts['platform'] == 'ubuntu'{
-    include nginx_ubuntu
+    include nginx::ubuntu
     } else {
     } else {
-    include nginx_pi
+    include nginx::pi
     }
     }
 
 
 }
 }
+

modules/nginx/manifests/nginx_ubuntu.pp

-class nginx_ubuntu{
-  notice("including ubuntu nginx")
-  }

modules/nginx/manifests/pi.pp

+class nginx::pi{
+  notice("including pi nginx")
+  }

modules/nginx/manifests/ubuntu.pp

+class nginx::ubuntu{
+  notice("including ubuntu nginx")
+
+  $deps = ['nginx', 'libnginx-mod-http-passenger']
+  package{ $deps:
+    ensure => present
+  }
+  file {'/etc/nginx/nginx.conf':
+    source => 'puppet:///modules/nginx/nginx.conf',
+    owner => root,
+    group => root,
+    mode => '0644',
+    require => Package['nginx'],
+  }
+  file {'/etc/nginx/site.conf':
+    source => 'puppet:///modules/nginx/site.conf',
+    owner => root,
+    group => root,
+    mode => '0644',
+    require => Package['nginx'],
+  }
+  service {'nginx':
+    ensure => running,
+    require => File['/etc/nginx/site.conf','/etc/nginx/nginx.conf']
+  }
+}

modules/static_sites/manifests/init.pp

 # == Class: static_sites
 # == Class: static_sites
 #
 #
-# Static apache sites
 #
 #
 # === Authors
 # === Authors
 #
 #
@@ -8,7 +7,6 @@
 #
 #
 
 
 class static_sites {
 class static_sites {
-  require 'apache'
 
 
   # The Angular Frontend Site
   # The Angular Frontend Site
   file{'/var/www/frontend':
   file{'/var/www/frontend':
@@ -28,25 +26,6 @@ class static_sites {
     require => File['/var/www/frontend']
     require => File['/var/www/frontend']
   }
   }
 
 
-  file{'/etc/apache2/conf-enabled/passenger_prestart.conf':
-    source => 'puppet:///modules/static_sites/passenger_prestart.conf',
-    owner => root,
-    group => root,
-    mode => '0644',
-  }
-  
-  file{'/etc/apache2/sites-available/10-combined.conf':
-    source => 'puppet:///modules/static_sites/10-combined.conf',
-    owner  => root,
-    group  => root,
-    mode   => '0644',
-  }
-  exec{'a2ensite 10-combined.conf':
-    creates => '/etc/apache2/sites-enabled/10-combined.conf',
-    path    => ['/usr/sbin','/usr/bin'],
-    require => File['/etc/apache2/sites-available/10-combined.conf'],
-    notify  => Exec['sites_restart_apache']
-  }
 
 
   # The Help Docs Site
   # The Help Docs Site
   file{'/var/www/docs':
   file{'/var/www/docs':
@@ -68,9 +47,4 @@ class static_sites {
     require => File['/var/www/frontend']
     require => File['/var/www/frontend']
   }
   }
 
 
-  exec{'sites_restart_apache':
-    command     => '/usr/sbin/apache2ctl restart',
-    refreshonly => true,
-  }
-
 }
 }

site.pp

@@ -5,6 +5,7 @@ node 'default' {
   include static_sites
   include static_sites
   include rails_api
   include rails_api
   include joule_labjack
   include joule_labjack
+  include nginx
 }
 }
 
 
 node 'nilm'{
 node 'nilm'{

vagrant/Vagrantfile

+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://atlas.hashicorp.com/search.
+  config.vm.box = "ubuntu/bionic64"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  config.vm.network "forwarded_port", guest: 80, host: 8080
+  config.vm.network "forwarded_port", guest: 443, host: 4430
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  config.vm.synced_folder "../", "/puppet"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
+  # such as FTP and Heroku are also available. See the documentation at
+  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
+  # config.push.define "atlas" do |push|
+  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
+  # end
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   apt-get update
+  #   apt-get install -y apache2
+  # SHELL
+end