diff --git a/src/pages/outright.astro b/src/pages/outright.astro
index 8f66b59..f3c8903 100644
--- a/src/pages/outright.astro
+++ b/src/pages/outright.astro
@@ -16,7 +16,7 @@
Server Details
The Outright server is available at outright.catlord.co.uksrv1.outright.catlord.co.uk. The server is running a Minecraft 1.20.1 Fabric instance. You will
need to install the mods to connect.
@@ -30,10 +30,8 @@
-
Copy the following link:
- https://d108e7q8l7s6gv.cloudfront.net/downloads/modpacks/Outright.ziphttps://files.catlord.co.uk/Outright.zip
- Open MultiMC and click "Add Instance" in the top left.
@@ -47,10 +45,8 @@
-
Copy the following link:
- https://d108e7q8l7s6gv.cloudfront.net/downloads/modpacks/Outright.ziphttps://files.catlord.co.uk/Outright.zip
-
@@ -63,7 +59,7 @@
Modrinth
The modrinth modpack is available here.
@@ -74,7 +70,7 @@
-
Download the mods from:
https://d108e7q8l7s6gv.cloudfront.net/downloads/modpacks/OutrightMods.zip
diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
index 5c23f16..db1e5d9 100644
--- a/terraform/cloudfront.tf
+++ b/terraform/cloudfront.tf
@@ -68,42 +68,53 @@ resource "aws_cloudfront_distribution" "catlord_static_site_distribution" {
}
}
-# ===================== Outright Server =====================
-
-resource "aws_cloudfront_distribution" "outright_production_server_distribution" {
+# ===================== Static Site =====================
+resource "aws_cloudfront_distribution" "catlord_files_distribution" {
origin {
- connection_attempts = 3
- connection_timeout = 10
- domain_name = "outright.catlord.co.uk"
- origin_id = "outright.catlord.co.uk"
+ domain_name = aws_s3_bucket_website_configuration.catlord_files_website_configuration.website_endpoint
+ origin_id = "S3-catlord-files"
custom_origin_config {
- http_port = 80
- https_port = 443
- origin_protocol_policy = "http-only"
- origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
- origin_keepalive_timeout = 5
- origin_read_timeout = 30
+ http_port = 80
+ https_port = 443
+ origin_protocol_policy = "http-only"
+ origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
web_acl_id = aws_wafv2_web_acl.catlord.arn
- http_version = "http2"
+
+ aliases = [
+ "files.catlord.co.uk"
+ ]
+
+ custom_error_response {
+ error_caching_min_ttl = 0
+ error_code = 404
+ response_code = 200
+ response_page_path = "/404.html"
+ }
default_cache_behavior {
- allowed_methods = ["GET", "HEAD"]
- cached_methods = ["GET", "HEAD"]
- # Using the CachingDisabled managed policy ID
- cache_policy_id = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad"
- # Using the Managed-AllViewer managed policy ID
- origin_request_policy_id = "216adef6-5c7f-47e4-b989-5492eafa07d3"
- # Using the Managed-CORS-with-preflight-and-SecurityHeadersPolicy managed policy ID
- response_headers_policy_id = "eaab4381-ed33-4a86-88ca-d9558dc6cd63"
- compress = true
- target_origin_id = "outright.catlord.co.uk"
- viewer_protocol_policy = "redirect-to-https"
+ allowed_methods = ["GET", "HEAD"]
+ cached_methods = ["GET", "HEAD"]
+ target_origin_id = "S3-catlord-files"
+
+ forwarded_values {
+ query_string = false
+
+ cookies {
+ forward = "none"
+ }
+ }
+
+ viewer_protocol_policy = "redirect-to-https"
+ min_ttl = 31536000
+ default_ttl = 31536000
+ max_ttl = 31536000
+ compress = true
}
restrictions {
@@ -111,10 +122,16 @@ resource "aws_cloudfront_distribution" "outright_production_server_distribution"
restriction_type = "none"
}
}
-
+
viewer_certificate {
- acm_certificate_arn = aws_acm_certificate_validation.catlord_static_site_cert_validation.certificate_arn
- ssl_support_method = "sni-only"
- minimum_protocol_version = "TLSv1.2_2021"
+ acm_certificate_arn = aws_acm_certificate_validation.catlord_static_site_cert_validation.certificate_arn
+ ssl_support_method = "sni-only"
+ minimum_protocol_version = "TLSv1.2_2021"
+ }
+
+ logging_config {
+ include_cookies = false
+ bucket = "${aws_s3_bucket.logging_bucket.bucket}.s3.amazonaws.com"
+ prefix = "aws_cloudfront_distribution/catlord_files_distribution/"
}
}
diff --git a/terraform/r53.tf b/terraform/r53.tf
index 3a3d8fd..e958f05 100644
--- a/terraform/r53.tf
+++ b/terraform/r53.tf
@@ -101,3 +101,15 @@ resource "aws_route53_record" "outright_servers" {
ttl = 300
records = ["149.202.89.159"]
}
+
+resource "aws_route53_record" "catlord_files" {
+ zone_id = aws_route53_zone.catlord.zone_id
+ name = "files.catlord.co.uk"
+ type = "A"
+
+ alias {
+ name = aws_cloudfront_distribution.catlord_files_distribution.domain_name
+ zone_id = aws_cloudfront_distribution.catlord_files_distribution.hosted_zone_id
+ evaluate_target_health = true
+ }
+}
diff --git a/terraform/s3.tf b/terraform/s3.tf
index 30c6280..e2aaba2 100644
--- a/terraform/s3.tf
+++ b/terraform/s3.tf
@@ -201,3 +201,88 @@ resource "aws_s3_bucket_website_configuration" "catlord_static_site_website_conf
key = "404.html"
}
}
+
+# ===================== Files =====================
+# TODO: See "aws_s3_bucket_server_side_encryption_configuration" below
+# tfsec:ignore:aws-s3-enable-bucket-encryption tfsec:ignore:aws-s3-encryption-customer-key
+resource "aws_s3_bucket" "catlord_files" {
+ bucket = "catlord-files"
+
+ tags = {
+ Name = "Files"
+ Environment = "production"
+ }
+}
+
+resource "aws_s3_bucket_acl" "catlord_files_site_acl" {
+ bucket = aws_s3_bucket.catlord_static_site.id
+ acl = "private"
+}
+
+# TODO: Configure cloudfront to use the KMS key
+# resource "aws_s3_bucket_server_side_encryption_configuration" "catlord_files_server_side_encryption_configuration" {
+# bucket = aws_s3_bucket.catlord_files.id
+
+# rule {
+# apply_server_side_encryption_by_default {
+# kms_master_key_id = aws_kms_key.static_site_bucket_key.arn
+# sse_algorithm = "aws:kms"
+# }
+# }
+# }
+
+resource "aws_s3_bucket_public_access_block" "catlord_files_public_access_block" {
+ bucket = aws_s3_bucket.catlord_files.id
+ block_public_acls = true
+ block_public_policy = true
+ ignore_public_acls = true
+ # TODO: Use aws_s3_bucket_policy to restrict access to the bucket to only CloudFront
+ restrict_public_buckets = false # tfsec:ignore:aws-s3-no-public-buckets
+}
+
+resource "aws_s3_bucket_logging" "catlord_files_logging" {
+ bucket = aws_s3_bucket.catlord_files.id
+
+ target_bucket = aws_s3_bucket.logging_bucket.id
+ target_prefix = "aws_s3_bucket/catlord_files_logging/"
+}
+
+resource "aws_s3_bucket_versioning" "catlord_files_versioning" {
+ bucket = aws_s3_bucket.catlord_files.id
+ versioning_configuration {
+ status = "Enabled"
+ }
+}
+
+resource "aws_s3_bucket_policy" "catlord_files_policy" {
+ bucket = aws_s3_bucket.catlord_files.id
+ policy = templatefile(
+ "templates/s3-static-site-policy.json",
+ { bucket = aws_s3_bucket.catlord_files.bucket }
+ )
+}
+
+resource "aws_s3_bucket_cors_configuration" "catlord_files_cors_configuration" {
+ bucket = aws_s3_bucket.catlord_files.id
+
+ cors_rule {
+ allowed_headers = ["Authorization", "Content-Length"]
+ allowed_methods = ["GET"]
+ allowed_origins = [
+ "https://files.catlord.co.uk"
+ ]
+ max_age_seconds = 3000
+ }
+}
+
+resource "aws_s3_bucket_website_configuration" "catlord_files_website_configuration" {
+ bucket = aws_s3_bucket.catlord_files.id
+
+ index_document {
+ suffix = "index.html"
+ }
+
+ error_document {
+ key = "404.html"
+ }
+}