admin/bodyshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in dev-patrick (pull request #10)

Browse Source 
Dev patrick
This commit is contained in:
Patrick Fic
2020-10-07 03:43:02 +00:00
parent 60114d3d02 914ccb6d55
commit 5f6cdf5bf8
8 changed files with 1 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.ebextensions/00_cleanup.config
View File

@@ -1,5 +0,0 @@
commands:
10_cleanup:
command: |
sudo rm -f /opt/elasticbeanstalk/hooks/configdeploy/post/*
sudo rm -f /etc/nginx/conf.d/*

13
.ebextensions/01_setup.config
View File

@@ -1,13 +0,0 @@
Resources:
sslSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: {"Fn::GetAtt" : ["AWSEBSecurityGroup", "GroupId"]}
IpProtocol: tcp
ToPort: 443
FromPort: 443
CidrIp: 0.0.0.0/0
packages:
yum:
epel-release: []

105
.ebextensions/02_nginx.config
View File

@@ -1,105 +0,0 @@
files:
"/etc/nginx/nginx.pre":
mode: "000644"
owner: root
group: root
content: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
port_in_redirect off;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format healthd '$msec"$uri"$status"$request_time"$upstream_response_time"$http_x_forwarded_for';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
}
"/etc/nginx/conf.d/http_custom.conf":
mode: "000644"
owner: root
group: root
content: |
server {
listen 8080;
location ~ /.well-known/ {
root /var/www/letsencrypt/;
}
location / {
return 301 https://$host$request_uri;
}
}
"/etc/nginx/conf.d/https_custom.pre":
mode: "000644"
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:5000;
keepalive 256;
}
server {
listen 443 ssl default;
server_name localhost;
error_page 497 https://$host$request_uri;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
gzip on;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
ssl_certificate /etc/letsencrypt/live/ebcert/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ebcert/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
if ($host ~* ^www\.(.*)) {
set $host_without_www $1;
rewrite ^(.*) https://$host_without_www$1 permanent;
}
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
}

45
.ebextensions/03_container_commands.config
View File

@@ -1,45 +0,0 @@
container_commands:
10_setup_nginx:
command: |
sudo rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf
sudo rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
sudo rm -f /tmp/deployment/config/#etc#nginx#nginx.conf
sudo rm -f /etc/nginx/nginx.conf
sudo mv /etc/nginx/nginx.pre /etc/nginx/nginx.conf
sudo service nginx stop
sudo service nginx start
20_install_certbot:
command: |
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
30_create_webroot_path:
command: |
sudo rm -rf /var/www/letsencrypt/
sudo mkdir /var/www/letsencrypt/
40_configure_cert:
command: |
certbot_command="/usr/local/bin/certbot-auto certonly --webroot --webroot-path /var/www/letsencrypt --debug --non-interactive --email ${LETSENCRYPT_EMAIL} --agree-tos --expand --keep-until-expiring"
for domain in $(echo ${LETSENCRYPT_DOMAIN} | sed "s/,/ /g")
do
certbot_command="$certbot_command --domains $domain"
done
eval $certbot_command
50_link_cert:
command: |
domain="$( cut -d ',' -f 1 <<< "${LETSENCRYPT_DOMAIN}" )";
if [ -d /etc/letsencrypt/live ]; then
domain_folder_name="$(ls /etc/letsencrypt/live | sort -n | grep $domain | head -1)";
if [ -d /etc/letsencrypt/live/${domain_folder_name} ]; then
ln -sfn /etc/letsencrypt/live/${domain_folder_name} /etc/letsencrypt/live/ebcert
fi
fi
60_enable_https_config:
command: |
sudo mv /etc/nginx/conf.d/https_custom.pre /etc/nginx/conf.d/https_custom.conf
sudo service nginx stop
sudo service nginx start

11
.ebextensions/04_configdeploy_post_hooks.config
View File

@@ -1,11 +0,0 @@
files:
# Elastic Beanstalk recreates the default configuration during every configuration deployment
"/opt/elasticbeanstalk/hooks/configdeploy/post/99_kill_default_nginx.sh":
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash -xe
rm -f /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf
service nginx stop
service nginx start

8
.ebextensions/05_cron.config
View File

@@ -1,8 +0,0 @@
files:
# Cron to renew cert
"/etc/cron.d/certbot_renew":
mode: "000644"
owner: root
group: root
content: |
@weekly root /usr/local/bin/certbot-auto renew

9
.elasticbeanstalk/config.yml
View File

@@ -1,9 +0,0 @@
branch-defaults:
master:
environment: Bodyshop-prod
global:
application_name: bodyshop
default_ec2_keyname: e-yqpq3yupbk
default_platform: Node.js running on 64bit Amazon Linux/4.14.1
default_region: ca-central-1
sc: git

2
hasura/config.yaml
View File

@@ -1,2 +1,2 @@
endpoint: https://bodyshop-dev-db.herokuapp.com endpoint: https://bodyshop-dev-db.herokuapp.com
#endpoint: https://bodyshop-staging-db.herokuapp.com/ #endpoint: https://db.imex.online