Skip to content

Commit

Permalink
Merge pull request #42 from hazelops/core-443
Browse files Browse the repository at this point in the history
Proxy pick up nginx config
  • Loading branch information
igorkotof authored Nov 9, 2022
2 parents f668c7a + d4a7d4b commit 9dd5cd0
Show file tree
Hide file tree
Showing 14 changed files with 64 additions and 114 deletions.
13 changes: 10 additions & 3 deletions ecs-modules/ecs-task/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,11 @@ locals {
"Resource" = "*"
},
{
"Effect" : "Allow",
"Action" : [
"Effect" = "Allow",
"Action" = [
"firehose:PutRecordBatch"
],
"Resource" : [
"Resource" = [
"*"
]
},
Expand All @@ -148,6 +148,13 @@ locals {
"arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter${local.ssm_secret_path}/*",
"arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter${local.ssm_global_secret_path}/*"
]
},
{
"Action" = [
"kms:Decrypt"
],
"Effect" = "Allow",
"Resource" = "*"
}
])
}
Expand Down
23 changes: 0 additions & 23 deletions examples/web-nginx-proxy/data.tf

This file was deleted.

92 changes: 45 additions & 47 deletions examples/web-nginx-proxy/main.tf
Original file line number Diff line number Diff line change
@@ -1,28 +1,48 @@
# Versions
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
required_version = ">= 1.0"
}

# Data
data "aws_route53_zone" "root" {
name = "${var.root_domain_name}."
private_zone = false
}

# Main
module "vpc" {
source = "registry.terraform.io/terraform-aws-modules/vpc/aws"
version = "~> 3.0"

name = "${var.env}-vpc"
cidr = "10.30.0.0/16"
cidr = "10.0.0.0/16"

azs = [
"${var.aws_region}a"
"${var.aws_region}a",
"${var.aws_region}b"
]
public_subnets = [
"10.30.10.0/23"
"10.0.10.0/23",
"10.0.12.0/23"
]

private_subnets = [
"10.30.20.0/23"
"10.0.20.0/23"
]

enable_nat_gateway = true
single_nat_gateway = true
manage_default_network_acl = true
default_network_acl_name = "${var.env}-${var.namespace}"
}
resource "aws_security_group" "default_permissive" {
name = "${var.env}-default-permissive"
vpc_id = module.vpc.vpc_id
description = "Managed by Terraform"

ingress {
protocol = -1
Expand All @@ -42,20 +62,12 @@ resource "aws_security_group" "default_permissive" {
]
}

tags = {
Terraform = "true"
Env = var.env
Name = "${var.env}-default-permissive"
}
}

resource "aws_route53_record" "env_ns_record" {
zone_id = data.aws_route53_zone.root.id
name = "${var.env}.${var.root_domain_name}"
type = "NS"
// ttl = "172800"

// Fast TTL for dev
ttl = "60"
records = aws_route53_zone.env_domain.name_servers
}
Expand All @@ -64,62 +76,48 @@ resource "aws_route53_zone" "env_domain" {
name = "${var.env}.${var.root_domain_name}"
}


module "ecs" {
source = "registry.terraform.io/terraform-aws-modules/ecs/aws"
version = "~> 4.0"
cluster_name = "${var.env}-${var.namespace}"
}

module "web_complete" {
module "web_proxy" {
source = "../.."

name = "app"
app_type = "web"
env = var.env
namespace = var.namespace
ecs_cluster_name = local.ecs_cluster_name

# Proxy enabling
web_proxy_enabled = true
name = "app"
app_type = "web"
env = var.env
namespace = var.namespace

# Nginx Proxy enabling
web_proxy_enabled = true
# We mount a shared volume to /etc/nginx dir in our container. In order to the web proxy to work - your app must copy(create) Nginx config template to /etc/nginx/templates/default.conf.template. See proxied-prj/entrypoint.sh.

# Image should have some customization, see Dockerfile example at ./simple-prj
# Containers
docker_registry = local.docker_registry
image_id = local.image_id
docker_image_tag = local.docker_image_tag
iam_instance_profile = local.iam_instance_profile
key_name = local.key_name
ecs_cluster_name = module.ecs.cluster_name
docker_registry = var.docker_registry
docker_image_tag = var.docker_image_tag

# Load Balancer
public = true
https_enabled = false
alb_health_check_path = "/"
alb_security_groups = local.alb_security_groups
alb_security_groups = [aws_security_group.default_permissive.id]
tls_cert_arn = local.tls_cert_arn

# EFS settings
efs_enabled = false
efs_mount_point = "/mnt/efs"
efs_root_directory = "/"

# Network
vpc_id = local.vpc_id
public_subnets = local.public_subnets
private_subnets = local.private_subnets
security_groups = local.security_groups
root_domain_name = var.root_domain_name
zone_id = local.zone_id
route53_health_check_enabled = false
domain_names = [
"app.${var.root_domain_name}"
]
vpc_id = module.vpc.vpc_id
public_subnets = module.vpc.public_subnets
private_subnets = module.vpc.private_subnets
security_groups = [aws_security_group.default_permissive.id]
root_domain_name = var.root_domain_name
zone_id = aws_route53_zone.env_domain.id

# Environment variables
app_secrets = [
]
environment = {
ENV = var.env
APP_NAME = "App"
}
}

2 changes: 1 addition & 1 deletion examples/web-nginx-proxy/output.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ output "private_subnet_cidrs" {
}

output "cloudwatch_log_group" {
value = module.web_complete.cloudwatch_log_group
value = module.web_proxy.cloudwatch_log_group
}

output "ecs_cluster_name" {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,17 @@ RUN set -ex && \
ln -s /usr/bin/python3 /usr/bin/python

# Copy files and pipenv
COPY ${PROJECT_PATH}/public/index.html ./public/index.html
COPY ${PROJECT_PATH}/public/style.css ./public/style.css
COPY ${PROJECT_PATH}/app.py ./
COPY ${PROJECT_PATH}/Pipfile* ./
COPY ${PROJECT_PATH}/nginx.conf.template ./
COPY ${PROJECT_PATH}/docker-entrypoint.sh /
COPY ${PROJECT_PATH}/entrypoint.sh /


RUN python3 -m pip install pipenv

RUN pipenv install --deploy --system

ENTRYPOINT ["/docker-entrypoint.sh"]
ENTRYPOINT ["/entrypoint.sh"]

EXPOSE 3000
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
client_max_body_size 20M;

upstream app {
# Puma socket, as defined previously
# Application server socket, as defined previously
server ${APP_HOST} fail_timeout=10;
}

Expand All @@ -16,7 +16,7 @@ server {
add_header Cache-Control public;
}

try_files $uri/index.html $uri @app;
try_files $uri @app;

location @app {
proxy_pass http://app;
Expand Down
3 changes: 3 additions & 0 deletions examples/web-nginx-proxy/proxied-prj/public/style.css
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
body {
background-color: powderblue;
}
6 changes: 0 additions & 6 deletions examples/web-nginx-proxy/simple-prj/public/index.html

This file was deleted.

21 changes: 0 additions & 21 deletions examples/web-nginx-proxy/variables.tf
Original file line number Diff line number Diff line change
@@ -1,28 +1,7 @@
locals {
env = var.env
namespace = var.namespace

public_subnets = module.vpc.public_subnets
private_subnets = module.vpc.private_subnets
vpc_id = module.vpc.vpc_id
security_groups = [aws_security_group.default_permissive.id]
alb_security_groups = [aws_security_group.default_permissive.id]
root_domain_name = var.root_domain_name
zone_id = aws_route53_zone.env_domain.id

image_id = data.aws_ami.amazon_linux_ecs_generic.id
docker_registry = var.docker_registry
docker_image_tag = var.docker_image_tag

ecs_cluster_name = module.ecs.cluster_name
tls_cert_arn = length(module.env_acm.acm_certificate_arn) > 0 ? module.env_acm.acm_certificate_arn : null
}

variable "env" {}
variable "namespace" {}
variable "aws_profile" {}
variable "aws_region" {}
variable "ssh_public_key" {}
variable "docker_registry" {}
variable "docker_image_tag" {}
variable "root_domain_name" {}
8 changes: 0 additions & 8 deletions examples/web-nginx-proxy/versions.tf

This file was deleted.

0 comments on commit 9dd5cd0

Please sign in to comment.