update

provisioning/roles/deploy_all/files/bin/findcert.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -euo pipefail
+. driglibash-base
+
+if [ "$#" -lt 1 ] ; then
+	die "Usage: $0 <service_nanme> [-v]"
+fi
+service="$1"
+shift
+
+verbose=false
+if [ "$#" -ge 1 ] && [ "$1" = "-v" ] ; then
+	verbose=true
+fi
+
+. /etc/jeancloud.env
+
+# Look in both dns directories
+for dir in "$dns_certs_path" "$http_certs_path" ; do
+	name="$(ls "$dir" | grep "^$service\(-[0-9]\{4\}\)\?$")" || true
+	if [ -z "$name" ] ; then
+		if $verbose ; then
+			echo "Service $service have no certificate in $dir" >&2
+		fi
+	elif [ ! -e "$dir/$name/fullchain.pem" ] ; then
+		if $verbose ; then
+			echo "Service $service have no cert in dir $dir" >&2
+		fi
+	else
+		echo "$dir/$name"
+		exit 0
+	fi
+done
+
+# If nothing found, use dummy cert
+echo "$dummy_cert_path"

provisioning/roles/deploy_all/files/bin/hugo_rclone.sh

@@ -32,4 +32,4 @@ while read filename ; do
 done < <(find -type d -name '.attachments.*')
 
 # Build the website
-hugo
+hugo --ignoreCache

services/coldcms.chahut.jean-cloud.net/docker-compose.yml

@@ -0,0 +1,32 @@
+version: '2'
+
+services:
+
+  coldcms:
+    image: coldcms/coldcms-backend:latest
+    volumes:
+      - $DATA_DIR/coldcms:/srv/build
+      - $DATA_DIR/db:/var/db
+    environment:
+      - DJANGO_SETTINGS_MODULE=coldcms.settings
+      - DB_URL=sqlite:////var/db/database.sqlite3
+      - BUILD_DIR=/srv/build
+      - STATIC_ROOT=/srv/build/static/
+      - ALLOWED_HOSTS=$JC_SERVICE
+      - SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
+    restart: unless-stopped
+    networks:
+      default:
+        ipv4_address: 172.29.20.100
+    deploy:
+      resources:
+        limits:
+          cpus: '0.50'
+          memory: 500M
+
+
+networks:
+  default:
+    ipam:
+      config:
+        - subnet: 172.29.20.0/24

services/coldcms.chahut.jean-cloud.net/nginx_server.conf

@@ -0,0 +1,55 @@
+server {
+  listen 443 ssl http2;    
+  listen [::]:443 ssl http2;    
+  ssl_certificate $JC_CERT/fullchain.pem;    
+  ssl_certificate_key $JC_CERT/privkey.pem;    
+  server_name $JC_SERVICE www.$JC_SERVICE;    
+
+    add_header  Strict-Transport-Security "max-age=31536000";
+
+    gzip on;
+    gzip_disable    "msie6";
+    gzip_types      text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
+    gzip_min_length 1000;
+    gzip_proxied    no-cache no-store private expired auth;
+    gzip_vary       on;
+
+    root $HTTP_DIR;
+
+    location / {
+        set $try_files_value '';
+        if ($request_method = GET){
+            set $try_files_value $uri/;
+        }
+        gzip_static on;
+        try_files $try_files_value @uwsgi_backend;
+    }
+
+
+    location @uwsgi_backend {
+        uwsgi_pass 172.29.20.100:8000;
+        include uwsgi_params;
+        client_max_body_size 20m;
+    }
+
+    location /media/ {
+        gzip_static on;
+        expires 100d;
+        add_header Cache-Control public;
+        access_log off;
+    }
+
+    location /static/ {
+        gzip_static on;
+        expires 100d;
+        add_header Cache-Control public;
+        access_log off;
+    }
+
+    location /admin/ {
+        uwsgi_pass 172.29.20.100:8000;
+        include uwsgi_params;
+        client_max_body_size 20m;
+    }
+}
+