big 'ol www update

setup/ansible-inventory

@@ -111,7 +111,7 @@ test-nodesource_piccoloaiutante-debian8-arm_pi3-1
 iojs-www
 
 [node-www]
-node-www
+infra-digitalocean-ubuntu1604-x64-1
 
 [iojs-jenkins]
 iojs-jenkins

setup/www/ansible-playbook.retry

@@ -0,0 +1 @@
+infra-digitalocean-ubuntu1604-x64-1

setup/www/ansible-playbook.yaml

@@ -24,14 +24,11 @@
     - include: tasks/nginx.yaml
       tags: nginx
 
-    - include: tasks/dist-indexer.yaml
-      tags: dist-indexer
-
-    - include: tasks/nightly-builder.yaml
-      tags: nightly-builder
-
     - include: tasks/promote.yaml
       tags: promote
 
-    - include: tasks/latest-linker.yaml
-      tags: latest-linker
+    - include: tasks/tools.yaml
+      tags: tools
+
+    - include: tasks/metrics.yaml
+      tags: metrics

setup/www/ansible-vars.yaml

@@ -1,16 +1,14 @@
 ---
 server_user: nodejs
-root_users:
-  - rvagg
-  - jbergstroem
-  - orangemocha
 dist_users:
-  - cjihrig
   - chrisdickinson
-  - sam-github
-  - fishrock123
+  - cjihrig
+  - evanlucas
   - jasnell
+  - fishrock123
+  - thealphanerd
   - rvagg
+  - sam-github
 libuv_users:
   - saghul
   - piscisaureus
@@ -19,3 +17,6 @@ packages:
   - nodejs
   - nginx
   - git
+  - python-pip
+  - gnuplot
+benchmark_host: 50.97.245.4

setup/www/host_vars/.gitignore

@@ -1 +1 @@
-node-www
+infra-*

setup/www/host_vars/node-www.tmpl

@@ -4,5 +4,4 @@ cdn_api_key: "INSERT CLOUDFLARE API KEY"
 cdn_api_email: "INSERT CLOUDFLARE API EMAIL"
 cdn_api_iojs_id: "INSERT CLOUDFLARE API iojs.org ID"
 cdn_api_nodejs_id: "INSERT CLOUDFLARE API nodejs.org ID"
-cloudfuse_user: "INSERT RACKSPACE CLOUD USERNAME"
-cloudfuse_key: "INSERT RACKSPACE CLOUD API KEY"
+jenkins_token: "INSERT JENKINS API TOKEN"

setup/www/resources/.gitignore

@@ -1,4 +1,3 @@
 *.crt
 *.key
 *.pem
-secrets/*

setup/www/resources/config/benchmarking.nodejs.org

@@ -1,32 +1,19 @@
 server {
     listen *:80;
+    listen [::]:80;
     server_name benchmarking.nodejs.org;
 
     return 301 https://benchmarking.nodejs.org$request_uri;
 }
 
 server {
-    listen [::]:443 ssl spdy;
-    listen *:443 ssl spdy;
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
     server_name benchmarking.nodejs.org;
 
     ssl_certificate ssl/nodejs_chained.crt;
     ssl_certificate_key ssl/nodejs.key;
     ssl_trusted_certificate ssl/nodejs_chained.crt;
-    ssl_dhparam ssl/dhparam.pem;
-
-    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
-    ssl_session_cache shared:benchmarking:100m;
-    ssl_session_timeout 24h;
-
-    ssl_stapling on;
-    ssl_stapling_verify on;
-
-    spdy_keepalive_timeout 300;
-    spdy_headers_comp 9;
 
     keepalive_timeout 60;
     server_tokens off;
@@ -38,13 +25,13 @@ server {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/benchmarking.nodejs.org-access.log nodejs;
-    error_log /var/log/nginx/benchmarking.nodejs.org-error.log;
+    access_log /var/log/nginx/benchmarking/benchmarking.nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/benchmarking/benchmarking.nodejs.org-error.log;
 
     gzip on;
     gzip_static on;
     gzip_disable "MSIE [1-6]\.";
-    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss image/svg+xml;
 
     root /home/www/benchmarking;
     default_type text/plain;

setup/www/resources/config/coverage.nodejs.org

@@ -0,0 +1,39 @@
+server {
+    listen *:80;
+    listen [::]:80;
+    server_name coverage.nodejs.org;
+
+    return 301 https://coverage.nodejs.org$request_uri;
+}
+
+server {
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
+    server_name coverage.nodejs.org;
+
+    ssl_certificate ssl/nodejs_chained.crt;
+    ssl_certificate_key ssl/nodejs.key;
+    ssl_trusted_certificate ssl/nodejs_chained.crt;
+
+    keepalive_timeout 60;
+    server_tokens off;
+
+    resolver 8.8.4.4 8.8.8.8 valid=300s;
+    resolver_timeout 10s;
+
+    add_header Strict-Transport-Security max-age=63072000;
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+
+    access_log /var/log/nginx/coverage/coverage.nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/coverage/coverage.nodejs.org-error.log;
+
+    gzip on;
+    gzip_static on;
+    gzip_disable "MSIE [1-6]\.";
+    gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss image/svg+xml;
+
+    root /home/www/coverage;
+    default_type text/plain;
+    index index.html;
+}

setup/www/resources/config/github-webhook.json → setup/www/resources/config/github-webhook.json.j2

@@ -1,7 +1,7 @@
 {
   "port": 9999,
   "path": "/webhook",
-  "secret": "{{github_secret}}",
+  "secret": "{{ github_secret }}",
   "log": "/home/nodejs/github-webhook.log",
   "rules": [
     {

setup/www/resources/config/github-webhook.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=GitHub Webhook
+Wants=network.target
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+User={{ server_user }}
+
+Environment="USER={{ server_user }}" 
+Environment="SHELL=/bin/bash"
+Environment="HOME=/home/{{ server_user }}"
+Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+ExecStart=/usr/bin/github-webhook --config /etc/github-webhook.json
+Restart=always
+RestartSec=30
+StartLimitInterval=0

setup/www/resources/config/iojs.org

@@ -6,8 +6,8 @@ server {
 }
 
 server {
-    listen [::]:443 ssl spdy;
-    listen *:443 ssl spdy;
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
     server_name www.iojs.org;
 
     ssl_certificate ssl/iojs_chained.crt;
@@ -18,8 +18,8 @@ server {
 }
 
 server {
-    listen [::]:443 ssl spdy;
-    listen *:443 ssl spdy;
+    listen [::]:443 ssl http2;
+    listen *:443 ssl http2;
     server_name iojs.org;
 
     ssl_certificate ssl/iojs_chained.crt;
@@ -36,13 +36,13 @@ server {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/iojs.org-access.log nodejs;
-    error_log /var/log/nginx/iojs.org-error.log;
+    access_log /var/log/nginx/iojs/iojs.org-access.log nodejs;
+    error_log /var/log/nginx/iojs/iojs.org-error.log;
 
     gzip on;
     gzip_static on;
     gzip_disable "MSIE [1-6]\.";
-    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss image/svg+xml;
 
     root /home/www/iojs;
     default_type text/plain;

setup/www/resources/config/libuv.org

@@ -1,5 +1,6 @@
 server {
     listen *:80;
+    listen [::]:80;
     server_name dist.libuv.org;
 
     keepalive_timeout 60;
@@ -11,13 +12,13 @@ server {
     add_header X-Frame-Options DENY;
     add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/libuv.org-access.log nodejs;
-    error_log /var/log/nginx/libuv.org-error.log;
+    access_log /var/log/nginx/libuv/libuv.org-access.log nodejs;
+    error_log /var/log/nginx/libuv/libuv.org-error.log;
 
     gzip on;
     gzip_static on;
     gzip_disable "MSIE [1-6]\.";
-    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss image/svg+xml;
 
     root /home/libuv/www;
     default_type text/plain;

setup/www/resources/config/logrotate-nginx

@@ -1,4 +1,4 @@
-/var/log/nginx/*.log {
+/var/log/nginx/*.log, /var/log/nginx/nodejs/*.log, /var/log/nginx/iojs/*.log, /var/log/nginx/libuv/*.log, /var/log/nginx/benchmarking/*.log, /var/log/nginx/coverage/*.log {
         daily
         missingok
         compresscmd /usr/bin/xz
@@ -13,6 +13,7 @@
         dateyesterday
         maxsize 500M
         sharedscripts
+        rotate 36500
         prerotate
                 if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                         run-parts /etc/logrotate.d/httpd-prerotate; \

setup/www/resources/config/nightly-builder.json.j2

@@ -0,0 +1,11 @@
+{
+  "jenkinsToken": "{{ jenkins_token }}",
+  "jenkinsJobUrl": "https://ci-release.nodejs.org/job/iojs+release",
+  "jenkinsCrumbUrl": "https://ci-release.nodejs.org/crumbIssuer/api/json",
+  "githubAuthUser": "{{ github_auth_user }}",
+  "githubAuthToken": "{{ github_auth_token }}",
+  "githubOrg": "nodejs",
+  "githubRepo": "node",
+  "githubScheme": "https://github.com/",
+  "releaseUrlBase": "https://nodejs.org/download/"
+}

setup/www/resources/config/nodejs.org

@@ -16,16 +16,16 @@ server {
     listen [::]:80 default_server ipv6only=on;
     server_name nodejs.org;
 
-    access_log /var/log/nginx/nodejs.org-access.log nodejs;
-    error_log /var/log/nginx/nodejs.org-error.log;
+    access_log /var/log/nginx/nodejs/nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/nodejs/nodejs.org-error.log;
 
     keepalive_timeout 60;
     server_tokens off;
 
     gzip on;
     gzip_static on;
     gzip_disable "MSIE [1-6]\.";
-    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss image/svg+xml;
 
     # let the blog.nodejs.org redirector handle this
     location ~ ^/blog(.*) {
@@ -168,24 +168,24 @@ server {
 }
 
 server {
-    listen *:443 ssl spdy;
-    listen [::]:443 ssl spdy;
+    listen *:443 ssl http2;
+    listen [::]:443 ssl http2;
     server_name www.nodejs.org;
 
     return 301 https://nodejs.org$request_uri;
 }
 
 server {
-    listen *:443 ssl spdy;
-    listen [::]:443 ssl spdy;
+    listen *:443 ssl http2;
+    listen [::]:443 ssl http2;
     server_name blog.nodejs.org;
 
     return 301 http://blog.nodejs.org$request_uri;
 }
 
 server {
-    listen *:443 default_server ssl spdy;
-    listen [::]:443 default_server ipv6only=on ssl spdy;
+    listen *:443 default_server ssl http2;
+    listen [::]:443 default_server ipv6only=on ssl http2;
 
     server_name nodejs.org;
 
@@ -199,13 +199,13 @@ server {
     #add_header X-Frame-Options DENY;
     #add_header X-Content-Type-Options nosniff;
 
-    access_log /var/log/nginx/nodejs.org-access.log nodejs;
-    error_log /var/log/nginx/nodejs.org-error.log;
+    access_log /var/log/nginx/nodejs/nodejs.org-access.log nodejs;
+    error_log /var/log/nginx/nodejs/nodejs.org-error.log;
 
     gzip on;
     gzip_static on;
     gzip_disable "MSIE [1-6]\.";
-    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss image/svg+xml;
 
     error_page 404 @localized_404;
 

setup/www/resources/config/nodejs_ssh_config.j2

@@ -0,0 +1,4 @@
+Host benchmark
+  HostName {{ benchmark_host }}
+  User benchmark
+  IdentityFile ~/.ssh/benchmark_id_rsa

setup/www/resources/config/ssl-defaults.conf

@@ -4,14 +4,10 @@ ssl_trusted_certificate ssl/nodejs_chained.crt;
 ssl_dhparam ssl/dhparam.pem;
 
 ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
-ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 ssl_session_cache shared:nodejs:376m;
 ssl_session_timeout 24h;
 
 ssl_stapling on;
 ssl_stapling_verify on;
-
-spdy_keepalive_timeout 300;
-spdy_headers_comp 9;