Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Browser side Azure static assets caching #56

Merged
merged 39 commits into from
Jan 23, 2025
Merged
Changes from 1 commit
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
947176e
Make sure to force JSON encoding for the Google analytics credentials…
ntwalibas Nov 27, 2024
bc86d61
Add setting for Google analytics api_secret.
ntwalibas Dec 9, 2024
a476932
Add new endpoint in GA cronjob to fetch url visits statistics.
ntwalibas Dec 9, 2024
3e31339
fix: add cronjob to Azure
cooper667 Dec 10, 2024
850aa31
fix: try different secrets
cooper667 Dec 10, 2024
64e91b9
feat: Azure waf
cooper667 Dec 26, 2024
df4d83a
feat: Azure waf default
cooper667 Dec 26, 2024
b2460de
add waf
cooper667 Dec 26, 2024
5dbddb4
fix: use alphanumeric name for waf policy
cooper667 Dec 27, 2024
454d638
fix: loop correctly thro exclusions
cooper667 Dec 27, 2024
c85aaac
fix: loop correctly thro exclusions
cooper667 Dec 27, 2024
01ade56
fix: comment
cooper667 Dec 27, 2024
77823fe
fix: handle custom domain in Azure WAF
cooper667 Dec 27, 2024
619d4ed
fix: handle custom domain in Azure WAF
cooper667 Dec 27, 2024
b389df1
fix: handle custom domain in Azure WAF
cooper667 Dec 27, 2024
03f2a75
fix: apply WAF to endpoint
cooper667 Dec 27, 2024
286d21f
fix: add cors for custom domain
cooper667 Dec 27, 2024
7562c82
fix: full id required
cooper667 Dec 27, 2024
915b45b
fix: full id required
cooper667 Dec 27, 2024
5966041
fix: apply WAF to giftless too
cooper667 Dec 27, 2024
835245e
fix: tidy up waf
cooper667 Dec 28, 2024
3645297
fix: tidy up waf
cooper667 Dec 28, 2024
a96aec2
fix: tidy up waf
cooper667 Dec 28, 2024
2fd8b16
fix: revert waf changes
cooper667 Dec 28, 2024
f10fa5b
Merge branch 'master' into azure_waf
cooper667 Dec 28, 2024
245b577
fix: async waf
cooper667 Dec 28, 2024
d58dec5
Merge branch 'azure_waf' of ssh://github.com/fjelltopp/fjelltopp-ansi…
cooper667 Dec 28, 2024
c45cdd5
fix: tidy and fix domain assignment
cooper667 Dec 28, 2024
675bb9d
fix: tidy and fix domain assignment
cooper667 Dec 28, 2024
94fe692
fix: correclt handle async loop
cooper667 Dec 28, 2024
e99c900
fix: lookup rules before applying
cooper667 Dec 29, 2024
541d7d5
fix: lookup rules before applying
cooper667 Dec 29, 2024
578f3db
fix: use BICEP for waf policy
cooper667 Dec 30, 2024
28ba854
fix: add new rule exclusion
cooper667 Dec 30, 2024
0d5bb96
fix: put new override WAF rule in the correct group
cooper667 Dec 31, 2024
7b7d9a7
feat: add static asset caching for Azure deploys
cooper667 Dec 31, 2024
6b5e882
feat: more extensions
cooper667 Dec 31, 2024
2e69fe5
fix: enable compression and caching
cooper667 Jan 1, 2025
11df59e
Merge branch 'master' into azure_static_assets
cooper667 Jan 23, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix: apply WAF to giftless too
cooper667 committed Dec 27, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
commit 59660412a33ff70a6f8926282e6cef46143d4113
18 changes: 15 additions & 3 deletions roles/setup-azure-frontdoor/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -351,17 +351,29 @@
when: custom_afd_domain_id is defined

- set_fact:
endpoint_full_id: "/subscriptions/{{ subscription_output.subscriptions[0].subscription_id }}/resourcegroups/{{ resource_group_name }}/providers/Microsoft.Cdn/profiles/{{ resource_prefix }}-afd/afdendpoints/{{ ckan_endpoint_name }}"
ckan_endpoint_full_id: "/subscriptions/{{ subscription_output.subscriptions[0].subscription_id }}/resourcegroups/{{ resource_group_name }}/providers/Microsoft.Cdn/profiles/{{ resource_prefix }}-afd/afdendpoints/{{ ckan_endpoint_name }}"
when: custom_afd_domain_id is not defined

- set_fact:
giftless_endpoint_full_id: "/subscriptions/{{ subscription_output.subscriptions[0].subscription_id }}/resourcegroups/{{ resource_group_name }}/providers/Microsoft.Cdn/profiles/{{ resource_prefix }}-afd/afdendpoints/{{ giftless_endpoint_name }}"

- set_fact:
waf_policy_id: "/subscriptions/{{ subscription_output.subscriptions[0].subscription_id }}/resourcegroups/{{ resource_group_name }}/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/{{ waf_policy_name }}"

- name: Apply the WAF policy to the endpoint
- name: Apply the WAF policy to the CKAN endpoint
command: >
az afd security-policy create \
--resource-group {{ resource_group_name }} \
--profile-name {{ resource_prefix }}-afd \
--security-policy-name "{{ alphanumeric_resource_name_prefix | lower }}secpolicy" \
--domains {{ custom_afd_domain_id | ternary(custom_afd_domain_full_id, ckan_endpoint_full_id) }} \
--waf-policy {{ waf_policy_id }}

- name: Apply the WAF policy to the Giftless endpoint
command: >
az afd security-policy create \
--resource-group {{ resource_group_name }} \
--profile-name {{ resource_prefix }}-afd \
--security-policy-name "{{ alphanumeric_resource_name_prefix | lower }}secpolicy" \
--domains {{ custom_afd_domain_id | ternary(custom_afd_domain_full_id, endpoint_full_id) }} \
--domains {{ giftless_endpoint_full_id }} \
--waf-policy {{ waf_policy_id }}