From 6f72cd7184300ee6ffed5b8bdfd2d0e251ae6ce0 Mon Sep 17 00:00:00 2001
From: zhitomirskiyi <ilya@joindiaspora.com>
Date: Tue, 16 Nov 2010 15:54:34 -0800
Subject: [PATCH] NGINX serves crossdomain.xml on port 843, which is required
 for FF3.6 running em-websocket :secure => true.  daemontools run script for
 websocket uses production environment

---
 .../common/files/default/crossdomain.xml          |  3 +++
 chef/cookbooks/common/files/default/iptables      |  2 ++
 chef/cookbooks/common/recipes/daemontools.rb      |  8 +++-----
 chef/cookbooks/common/recipes/nginx.rb            |  5 ++++-
 .../common/templates/default/nginx.conf.erb       | 15 +++++++++++++++
 5 files changed, 27 insertions(+), 6 deletions(-)
 create mode 100644 chef/cookbooks/common/files/default/crossdomain.xml

diff --git a/chef/cookbooks/common/files/default/crossdomain.xml b/chef/cookbooks/common/files/default/crossdomain.xml
new file mode 100644
index 000000000..6c5ca91c4
--- /dev/null
+++ b/chef/cookbooks/common/files/default/crossdomain.xml
@@ -0,0 +1,3 @@
+<cross-domain-policy>
+     <allow-access-from domain="*" to-ports="*" />
+</cross-domain-policy>
diff --git a/chef/cookbooks/common/files/default/iptables b/chef/cookbooks/common/files/default/iptables
index a97d77142..63b15b9c0 100644
--- a/chef/cookbooks/common/files/default/iptables
+++ b/chef/cookbooks/common/files/default/iptables
@@ -17,5 +17,7 @@
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT  
 #Websocket
 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT 
+#Crossdomain policy file for Flash sockets
+-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 843 -j ACCEPT 
 -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
 COMMIT
diff --git a/chef/cookbooks/common/recipes/daemontools.rb b/chef/cookbooks/common/recipes/daemontools.rb
index 15a1c4c34..9ddecc736 100644
--- a/chef/cookbooks/common/recipes/daemontools.rb
+++ b/chef/cookbooks/common/recipes/daemontools.rb
@@ -17,13 +17,11 @@ config = YAML.load_file("/usr/local/app/diaspora/chef/cookbooks/common/files/def
 
 config.each do |thin|
   port = thin["port"]
-  #socket = "/tmp/thin_#{id}.sock"
   dir = "/service/thin_#{port}"
   flags = []
   flags << "-c /usr/local/app/diaspora" #directory to run from
-  flags << "-e production" #run in production mode
-  #flags << "-S #{socket}"  #use a socket
-  flags << "-p #{port}"  #use a socket
+  flags << "-e production"              #run in production mode
+  flags << "-p #{port}"                 #use a socket
   execute "thin run" do
     command "mkdir -p #{dir} && echo '#!/bin/sh' > #{dir}/run && echo 'exec /usr/local/bin/ruby /usr/local/bin/thin start #{flags.join(" ")}' >> #{dir}/run"
   end
@@ -38,7 +36,7 @@ end
 #end
 
 execute "websocket run" do
-  command "mkdir -p /service/websocket && echo '#!/bin/sh' > /service/websocket/run && echo 'cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/app/diaspora/script/websocket_server.rb' >> /service/websocket/run"
+  command "mkdir -p /service/websocket && echo '#!/bin/sh' > /service/websocket/run && echo 'cd /usr/local/app/diaspora && RAILS_ENV=production exec /usr/local/bin/ruby /usr/local/app/diaspora/script/websocket_server.rb' >> /service/websocket/run"
 end
 execute "executable" do
   command "chmod -R 755 /service/websocket"
diff --git a/chef/cookbooks/common/recipes/nginx.rb b/chef/cookbooks/common/recipes/nginx.rb
index 5834d1ba0..43de28e9d 100644
--- a/chef/cookbooks/common/recipes/nginx.rb
+++ b/chef/cookbooks/common/recipes/nginx.rb
@@ -18,9 +18,12 @@ execute "install nginx" do
   command "cd /tmp/install/nginx-0.8.53 && make install"
 end
 
+cookbook_file "/usr/local/nginx/html/crossdomain.xml" do
+  source "crossdomain.xml"
+end
+
 config = YAML.load_file("/usr/local/app/diaspora/chef/cookbooks/common/files/default/thins.yml")
 template "/usr/local/nginx/conf/nginx.conf" do
   source "nginx.conf.erb"
-  #variables :socket_paths => config.map{|thin| "/tmp/thin_#{thin["socket_id"]}.sock"}
   variables :ports => config.map{|thin| "#{thin["port"]}"}
 end
diff --git a/chef/cookbooks/common/templates/default/nginx.conf.erb b/chef/cookbooks/common/templates/default/nginx.conf.erb
index 8a789eb0e..387a63c72 100644
--- a/chef/cookbooks/common/templates/default/nginx.conf.erb
+++ b/chef/cookbooks/common/templates/default/nginx.conf.erb
@@ -37,6 +37,21 @@ http {
   <% end %>
   }
 
+  server {
+   listen       843;
+
+   location / {
+    rewrite ^(.*)$ /crossdomain.xml;
+   }
+
+   error_page 400  /crossdomain.xml;
+
+   location = /crossdomain.xml {
+    root html;
+   }
+
+  }
+
   server {
    listen       80;
    server_name  alpha.joindiaspora.com www.alpha.joindiaspora.com;