From e07f0d3b905546f90465171e91ca69444bf62714 Mon Sep 17 00:00:00 2001 From: Mahdi Khanzadi Date: Sun, 29 Dec 2024 12:10:12 +0100 Subject: [PATCH] ensure remote directory exists --- .github/workflows/backend.yaml | 84 ++++------ .github/workflows/frontend.yaml | 84 ++++------ .github/workflows/infrastructure.yaml | 103 ++++++------ backend/app.go | 8 + infrastructure/Makefile | 6 +- infrastructure/compose.mongodb.yaml | 2 +- infrastructure/compose.nats.yaml | 34 +--- infrastructure/resources.tf | 229 +++++++++++++++++++++++++- 8 files changed, 360 insertions(+), 190 deletions(-) diff --git a/.github/workflows/backend.yaml b/.github/workflows/backend.yaml index 1c343a05..d2822696 100644 --- a/.github/workflows/backend.yaml +++ b/.github/workflows/backend.yaml @@ -1,8 +1,7 @@ name: Backend CI and CD + on: push: - branches: - - main paths: - .github/** - backend/** @@ -47,50 +46,37 @@ jobs: run: | docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest - # cd: - # runs-on: ubuntu-latest - - # # This job will be invoked only on default branch - # if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} - - # permissions: - # packages: write - # contents: read - - # needs: - # - ci - - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - - # - name: Provide image name and version - # run: | - # IMAGE_ID=$(echo $REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME | tr '[A-Z]' '[a-z]') - # IMAGE_VERSION=${{ github.sha }} - # echo "IMAGE_ID=$IMAGE_ID" >> "$GITHUB_ENV" - # echo "IMAGE_VERSION=$IMAGE_VERSION" >> "$GITHUB_ENV" - - # - name: Build image - # run: | - # docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest - - # - name: Log in to registry - # run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - # - name: Push image - # run: | - # docker push $IMAGE_ID:$IMAGE_VERSION - # docker push $IMAGE_ID:latest - - # - uses: actions/setup-node@v3 - # with: - # node-version: "18" - - # - name: deploy to production - # env: - # LIARA_TOKEN: ${{ secrets.LIARA_API_TOKEN }} - # LIARA_BACKEND_APP_NAME: ${{secrets.LIARA_BACKEND_APP_NAME}} - # run: | - # npm i -g @liara/cli@7 - # liara deploy --image $IMAGE_ID:$IMAGE_VERSION --platform=docker --port="80" --app="$LIARA_BACKEND_APP_NAME" --api-token="$LIARA_TOKEN" --detach + cd: + runs-on: ubuntu-latest + + if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} + + permissions: + packages: write + contents: read + + needs: + - ci + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Provide image name and version + run: | + IMAGE_ID=$(echo $REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME | tr '[A-Z]' '[a-z]') + IMAGE_VERSION=${{ github.sha }} + echo "IMAGE_ID=$IMAGE_ID" >> "$GITHUB_ENV" + echo "IMAGE_VERSION=$IMAGE_VERSION" >> "$GITHUB_ENV" + + - name: Build image + run: | + docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest + + - name: Log in to registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Push image + run: | + docker push $IMAGE_ID:$IMAGE_VERSION + docker push $IMAGE_ID:latest diff --git a/.github/workflows/frontend.yaml b/.github/workflows/frontend.yaml index 16a1bb1d..00b4e20d 100644 --- a/.github/workflows/frontend.yaml +++ b/.github/workflows/frontend.yaml @@ -1,8 +1,7 @@ name: Frontend CI and CD + on: push: - branches: - - main paths: - .github/** - frontend/** @@ -42,50 +41,37 @@ jobs: run: | docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest - # cd: - # runs-on: ubuntu-latest - - # # This job will be invoked only on default branch - # if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} - - # permissions: - # packages: write - # contents: read - - # needs: - # - ci - - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - - # - name: Provide image name and version - # run: | - # IMAGE_ID=$(echo $REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME | tr '[A-Z]' '[a-z]') - # IMAGE_VERSION=${{ github.sha }} - # echo "IMAGE_ID=$IMAGE_ID" >> "$GITHUB_ENV" - # echo "IMAGE_VERSION=$IMAGE_VERSION" >> "$GITHUB_ENV" - - # - name: Build image - # run: | - # docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest - - # - name: Log in to registry - # run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - # - name: Push image - # run: | - # docker push $IMAGE_ID:$IMAGE_VERSION - # docker push $IMAGE_ID:latest - - # - uses: actions/setup-node@v3 - # with: - # node-version: "18" - - # - name: deploy to production - # env: - # LIARA_TOKEN: ${{ secrets.LIARA_API_TOKEN }} - # LIARA_FRONTEND_APP_NAME: ${{secrets.LIARA_FRONTEND_APP_NAME}} - # run: | - # npm i -g @liara/cli@7 - # liara deploy --image $IMAGE_ID:$IMAGE_VERSION --platform=docker --port="3000" --app="$LIARA_FRONTEND_APP_NAME" --api-token="$LIARA_TOKEN" --detach + cd: + runs-on: ubuntu-latest + + if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} + + permissions: + packages: write + contents: read + + needs: + - ci + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Provide image name and version + run: | + IMAGE_ID=$(echo $REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME | tr '[A-Z]' '[a-z]') + IMAGE_VERSION=${{ github.sha }} + echo "IMAGE_ID=$IMAGE_ID" >> "$GITHUB_ENV" + echo "IMAGE_VERSION=$IMAGE_VERSION" >> "$GITHUB_ENV" + + - name: Build image + run: | + docker build . --file Dockerfile --target production --tag $IMAGE_ID:$IMAGE_VERSION --tag $IMAGE_ID:latest + + - name: Log in to registry + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Push image + run: | + docker push $IMAGE_ID:$IMAGE_VERSION + docker push $IMAGE_ID:latest diff --git a/.github/workflows/infrastructure.yaml b/.github/workflows/infrastructure.yaml index 44acba29..e3c1ff8c 100644 --- a/.github/workflows/infrastructure.yaml +++ b/.github/workflows/infrastructure.yaml @@ -1,15 +1,12 @@ name: Infrastructure CI and CD + on: - push: - branches: - - main - paths: - - .github/** - - infrastructure/** - pull_request: - paths: - - .github/** - - infrastructure/** + workflow_run: + workflows: + - Frontend CI and CD + - Backend CI and CD + types: + - completed defaults: run: @@ -20,6 +17,7 @@ env: TF_VAR_instance_name: backend EC2_SSH_ADDRESS: ${{ secrets.EC2_SSH_ADDRESS }} + EC2_SSH_ENDPOINT: ${{ secrets.EC2_SSH_USER }}@${{ secrets.EC2_SSH_ADDRESS }} jobs: ci: @@ -58,9 +56,6 @@ jobs: cd: runs-on: ubuntu-latest - # This job will be invoked only on default branch - if: ${{ always() && format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} - needs: - ci @@ -92,57 +87,63 @@ jobs: - name: Deploy services run: | - # setup ssh key + # Setup ssh key echo "${{ secrets.EC2_SSH_PRIVATE_KEY }}" > ~/ec2-key.pem chmod 400 ~/ec2-key.pem + mkdir -p ~/.ssh + ssh-keyscan -H $EC2_SSH_ADDRESS >> ~/.ssh/known_hosts + # Ensure remote directory exists - ssh -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${{ secrets.EC2_SSH_ADDRESS }} "mkdir -p /opt/deployment/" + ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT << 'EOF' + sudo mkdir -p /opt/deployment + sudo chown ${{ secrets.EC2_SSH_USER }}:${{ secrets.EC2_SSH_USER }} /opt/deployment + EOF > /dev/null 2>&1 - # copy files - scp -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ./* ${{ secrets.EC2_SSH_ADDRESS }}:/opt/deployment/ + # Copy files + scp -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ./* $EC2_SSH_ENDPOINT:/opt/deployment/ > /dev/null 2>&1 - # connect and deploy services - ssh -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${{ secrets.EC2_SSH_ADDRESS }} << 'EOF' - VOLUME_PATH="${{ secrets.VOLUME_PATH }}" + # Connect and deploy services + ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT << 'EOF' + export VOLUME_PATH="${{ secrets.VOLUME_PATH }}" - MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}" - MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}" + export MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}" + export MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}" - DASHBOARD_MONGO_USERNAME="${{ secrets.DASHBOARD_MONGO_USERNAME }}" - DASHBOARD_MONGO_PASSWORD="${{ secrets.DASHBOARD_MONGO_PASSWORD }}" - DASHBOARD_MONGO_MONGODB_URL="mongodb://${{ secrets.MONGO_USERNAME }}:${{ secrets.MONGO_PASSWORD }}@mongodb:27017" + export DASHBOARD_MONGO_USERNAME="${{ secrets.DASHBOARD_MONGO_USERNAME }}" + export DASHBOARD_MONGO_PASSWORD="${{ secrets.DASHBOARD_MONGO_PASSWORD }}" + export DASHBOARD_MONGO_MONGODB_URL="mongodb://${{ secrets.MONGO_USERNAME }}:${{ secrets.MONGO_PASSWORD }}@mongodb:27017" - BACKEND_NATS_URL="${{ secrets.BACKEND_NATS_URL }}" - BACKEND_PRIVATE_KEY="${{ secrets.BACKEND_PRIVATE_KEY }}" + export BACKEND_NATS_URL="${{ secrets.BACKEND_NATS_URL }}" + export BACKEND_PRIVATE_KEY="${{ secrets.BACKEND_PRIVATE_KEY }}" - BACKEND_MONGO_HOST="mongodb" - BACKEND_MONGO_PORT="27017" - BACKEND_MONGO_SCHEME="mongodb" - BACKEND_MONGO_DATABASE_NAME="${{ secrets.BACKEND_MONGO_DATABASE_NAME }}" - BACKEND_MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}" - BACKEND_MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}" + export BACKEND_MONGO_HOST="mongodb" + export BACKEND_MONGO_PORT="27017" + export BACKEND_MONGO_SCHEME="mongodb" + export BACKEND_MONGO_DATABASE_NAME="${{ secrets.BACKEND_MONGO_DATABASE_NAME }}" + export BACKEND_MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}" + export BACKEND_MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}" - BACKEND_MAIL_SMTP_PASSWORD="${{ secrets.BACKEND_MAIL_SMTP_PASSWORD }}" - BACKEND_MAIL_SMTP_HOST="${{ secrets.BACKEND_MAIL_SMTP_HOST }}" - BACKEND_MAIL_SMTP_FROM="${{ secrets.BACKEND_MAIL_SMTP_FROM }}" - BACKEND_MAIL_SMTP_USERNAME="${{ secrets.BACKEND_MAIL_SMTP_USERNAME }}" - BACKEND_MAIL_SMTP_PORT="${{ secrets.BACKEND_MAIL_SMTP_PORT }}" + export BACKEND_MAIL_SMTP_PASSWORD="${{ secrets.BACKEND_MAIL_SMTP_PASSWORD }}" + export BACKEND_MAIL_SMTP_HOST="${{ secrets.BACKEND_MAIL_SMTP_HOST }}" + export BACKEND_MAIL_SMTP_FROM="${{ secrets.BACKEND_MAIL_SMTP_FROM }}" + export BACKEND_MAIL_SMTP_USERNAME="${{ secrets.BACKEND_MAIL_SMTP_USERNAME }}" + export BACKEND_MAIL_SMTP_PORT="${{ secrets.BACKEND_MAIL_SMTP_PORT }}" - BACKEND_S3_ENDPOINT="${{ secrets.BACKEND_S3_ENDPOINT }}" - BACKEND_S3_SECRET_KEY="${{ secrets.BACKEND_S3_SECRET_KEY }}" - BACKEND_S3_ACCESS_KEY="${{ secrets.BACKEND_S3_ACCESS_KEY }}" - BACKEND_S3_USE_SSL="${{ secrets.BACKEND_S3_USE_SSL }}" - BACKEND_S3_BUCKET_NAME="${{ secrets.BACKEND_S3_BUCKET_NAME }}" + export BACKEND_S3_ENDPOINT="${{ secrets.BACKEND_S3_ENDPOINT }}" + export BACKEND_S3_SECRET_KEY="${{ secrets.BACKEND_S3_SECRET_KEY }}" + export BACKEND_S3_ACCESS_KEY="${{ secrets.BACKEND_S3_ACCESS_KEY }}" + export BACKEND_S3_USE_SSL="${{ secrets.BACKEND_S3_USE_SSL }}" + export BACKEND_S3_BUCKET_NAME="${{ secrets.BACKEND_S3_BUCKET_NAME }}" - APP_IMAGE="${{ secrets.APP_IMAGE }}" + export APP_IMAGE="${{ secrets.APP_IMAGE }}" - PORTAINER_ADMIN_PASSWORD="${{ secrets.PORTAINER_ADMIN_PASSWORD }}" + export PORTAINER_ADMIN_PASSWORD="${{ secrets.PORTAINER_ADMIN_PASSWORD }}" - FRONTEND_IMAGE="${{ secrets.FRONTEND_IMAGE }}" - NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL="${{ secrets.NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL }}" - INTERNAL_BACKEND_BASE_URL="${{ secrets.INTERNAL_BACKEND_BASE_URL }}" - NEXT_PUBLIC_FILES_BASE_URL="${{ secrets.NEXT_PUBLIC_FILES_BASE_URL }}" + export FRONTEND_IMAGE="${{ secrets.FRONTEND_IMAGE }}" + export NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL="${{ secrets.NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL }}" + export INTERNAL_BACKEND_BASE_URL="${{ secrets.INTERNAL_BACKEND_BASE_URL }}" + export NEXT_PUBLIC_FILES_BASE_URL="${{ secrets.NEXT_PUBLIC_FILES_BASE_URL }}" # Run Docker Compose cd /opt/deployment/ @@ -154,5 +155,5 @@ jobs: -f compose.backend.yaml \ -f compose.frontend.yaml \ -f compose.proxy.yaml \ - up -d - EOF + up --detach --pull always + EOF > /dev/null 2>&1 diff --git a/backend/app.go b/backend/app.go index 977d6cef..277d275d 100644 --- a/backend/app.go +++ b/backend/app.go @@ -138,6 +138,14 @@ func App(ctx context.Context) (http.Handler, func()) { panic(err) } + log.Println( + os.Getenv("S3_ENDPOINT"), + os.Getenv("S3_ACCESS_KEY"), + os.Getenv("S3_SECRET_KEY"), + os.Getenv("S3_USE_SSL"), + os.Getenv("S3_BUCKET_NAME"), + ) + fileStorage, err := minio.New(minio.Options{ Endpoint: os.Getenv("S3_ENDPOINT"), AccessKey: os.Getenv("S3_ACCESS_KEY"), diff --git a/infrastructure/Makefile b/infrastructure/Makefile index 7d6a734f..2aaff00c 100644 --- a/infrastructure/Makefile +++ b/infrastructure/Makefile @@ -2,6 +2,8 @@ export TF_VAR_project_name = tarhche export TF_VAR_instance_name = backend export EC2_SSH_ADDRESS = +export EC2_SSH_USER = +export EC2_SSH_ENDPOINT = ${EC2_SSH_USER}@${EC2_SSH_ADDRESS} export VOLUME_PATH = ./tmp/volume_01 export MONGO_USERNAME = test @@ -67,7 +69,7 @@ public_key: ssh-keygen -y -f ssh-private-key.pem > ssh-public-key.pub ssh: - ssh -i "ssh-private-key.pem" ${EC2_SSH_ADDRESS} + ssh -i "ssh-private-key.pem" ${EC2_SSH_ENDPOINT} up: docker compose \ @@ -77,7 +79,7 @@ up: -f compose.backend.yaml \ -f compose.frontend.yaml \ -f compose.proxy.yaml \ - up -d + up --detach --pull always down: docker compose \ diff --git a/infrastructure/compose.mongodb.yaml b/infrastructure/compose.mongodb.yaml index 24a7727c..1c1ac3e1 100644 --- a/infrastructure/compose.mongodb.yaml +++ b/infrastructure/compose.mongodb.yaml @@ -8,7 +8,7 @@ services: MONGO_INITDB_ROOT_USERNAME: ${MONGO_USERNAME} MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD} volumes: - - ./${VOLUME_PATH}/mongodb:/data + - ${VOLUME_PATH}/mongodb:/data mongodashboard: image: mongo-express diff --git a/infrastructure/compose.nats.yaml b/infrastructure/compose.nats.yaml index 81cc7097..d3e621db 100644 --- a/infrastructure/compose.nats.yaml +++ b/infrastructure/compose.nats.yaml @@ -5,38 +5,8 @@ services: networks: - nats volumes: - - ./${VOLUME_PATH}/nats:/data - command: "--jetstream --store_dir /data --cluster_name NATS --cluster nats://0.0.0.0:6222 --http_port 8222" - nats-1: - image: nats:2.10 - restart: unless-stopped - networks: - - nats - depends_on: - - nats - volumes: - - ./${VOLUME_PATH}/nats-1:/data - command: "--jetstream --store_dir /data --cluster_name NATS --cluster nats://0.0.0.0:6222 --routes=nats://ruser:T0pS3cr3t@nats:6222" - nats-2: - image: nats:2.10 - restart: unless-stopped - networks: - - nats - depends_on: - - nats - volumes: - - ./${VOLUME_PATH}/nats-2:/data - command: "--jetstream --store_dir /data --cluster_name NATS --cluster nats://0.0.0.0:6222 --routes=nats://ruser:T0pS3cr3t@nats:6222" - nats-3: - image: nats:2.10 - restart: unless-stopped - networks: - - nats - depends_on: - - nats - volumes: - - ./${VOLUME_PATH}/nats-3:/data - command: "--jetstream --store_dir /data --cluster_name NATS --cluster nats://0.0.0.0:6222 --routes=nats://ruser:T0pS3cr3t@nats:6222" + - ${VOLUME_PATH}/nats:/data + command: ["--jetstream", "-m", "8222", "-p", "4222"] networks: nats: diff --git a/infrastructure/resources.tf b/infrastructure/resources.tf index f9911832..992c0b3d 100644 --- a/infrastructure/resources.tf +++ b/infrastructure/resources.tf @@ -105,7 +105,7 @@ resource "aws_instance" "backend" { sudo echo "/dev/xvdf /volume_01 ext4 defaults,nofail 0 0" | sudo tee -a /etc/fstab # tools - sudo apt install -y wget python3 ca-certificates curl htop jq vim + sudo apt install -y wget python3 ca-certificates curl htop jq vim make # Add Docker's official GPG key: sudo install -m 0755 -d /etc/apt/keyrings @@ -156,7 +156,7 @@ resource "aws_instance" "backend" { import { to = aws_eip.backend - id = "eipalloc-0adaac6f91269c716" + id = "eipalloc-02bceef376bc05f89" } resource "aws_eip" "backend" { @@ -168,6 +168,162 @@ resource "aws_eip" "backend" { } } +import { + to = aws_lb.tarhche + id = "arn:aws:elasticloadbalancing:eu-central-1:381491955644:loadbalancer/app/tarhche/6953bf38e49158d7" +} + +resource "aws_lb" "tarhche" { + name = "tarhche" + internal = false + load_balancer_type = "application" + idle_timeout = 60 + ip_address_type = "ipv4" + enable_deletion_protection = true + + security_groups = [ + aws_security_group.backend.id, + ] + + subnets = [ + "subnet-0d68a01f5a4861c65", + "subnet-0fca4d198b88d68d6", + "subnet-0c8f8df628e715018", + ] + + tags = { + project_name = var.project_name + } +} + +import { + to = aws_lb_target_group.http + id = "arn:aws:elasticloadbalancing:eu-central-1:381491955644:targetgroup/HTTP/374d0a16b08c8d4a" +} + +resource "aws_lb_target_group" "http" { + name = "HTTP" + port = 80 + protocol = "HTTP" + vpc_id = "vpc-04db3e4490d90be8e" + ip_address_type = "ipv4" + proxy_protocol_v2 = false + + lambda_multi_value_headers_enabled = false + + health_check { + path = "/" + interval = 30 + timeout = 5 + healthy_threshold = 5 + unhealthy_threshold = 2 + } + + tags = { + project_name = var.project_name + } +} + +# resource "aws_lb_target_group_attachment" "backend_http" { +# target_group_arn = aws_lb_target_group.http.arn +# target_id = aws_instance.backend.id +# port = 80 +# } + +import { + to = aws_lb_listener.http + id = "arn:aws:elasticloadbalancing:eu-central-1:381491955644:listener/app/tarhche/6953bf38e49158d7/637c8770b5e4d6ed" +} + +resource "aws_lb_listener" "http" { + load_balancer_arn = aws_lb.tarhche.arn + port = 80 + protocol = "HTTP" + + default_action { + order = 1 + type = "redirect" + target_group_arn = aws_lb_target_group.http.arn + + redirect { + host = "#{host}" + path = "/#{path}" + port = "443" + protocol = "HTTPS" + query = "#{query}" + status_code = "HTTP_301" + } + } + + tags = { + project_name = var.project_name + } +} + +import { + to = aws_lb_listener.https + id = "arn:aws:elasticloadbalancing:eu-central-1:381491955644:listener/app/tarhche/6953bf38e49158d7/ab1c7847cbb6f739" +} + +resource "aws_lb_listener" "https" { + load_balancer_arn = aws_lb.tarhche.arn + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" + certificate_arn = aws_acm_certificate.tarhche_com.arn + + default_action { + order = 1 + type = "forward" + target_group_arn = aws_lb_target_group.http.arn + + forward { + stickiness { + duration = 3600 + enabled = false + } + + target_group { + arn = aws_lb_target_group.http.arn + weight = 1 + } + } + } + + tags = { + project_name = var.project_name + } +} + +import { + to = aws_route53domains_registered_domain.tarhche-com + id = "tarhche.com" +} + +resource "aws_route53domains_registered_domain" "tarhche-com" { + domain_name = "tarhche.com" + + name_server { + name = "ns-1611.awsdns-09.co.uk" + } + + name_server { + name = "ns-1254.awsdns-28.org" + } + + name_server { + name = "ns-143.awsdns-17.com" + } + + name_server { + name = "ns-769.awsdns-32.net" + } + + tags = { + project_name = var.project_name + } +} + import { to = aws_route53_zone.tarhche_com id = "Z0951095A7CDVGITDCUP" @@ -192,8 +348,29 @@ resource "aws_route53_record" "a_record_tarhche_com" { zone_id = aws_route53_zone.tarhche_com.id name = "tarhche.com" type = "A" - ttl = 300 - records = ["3.125.118.7"] + + alias { + name = aws_lb.tarhche.dns_name + zone_id = aws_lb.tarhche.zone_id + evaluate_target_health = true + } +} + +import { + to = aws_route53_record.a_record_all_tarhche_com + id = "${aws_route53_zone.tarhche_com.id}_*.tarhche.com_A" +} + +resource "aws_route53_record" "a_record_all_tarhche_com" { + zone_id = aws_route53_zone.tarhche_com.id + name = "*.tarhche.com" + type = "A" + + alias { + name = aws_lb.tarhche.dns_name + zone_id = aws_lb.tarhche.zone_id + evaluate_target_health = true + } } import { @@ -220,8 +397,12 @@ resource "aws_route53_record" "a_record_tarhche_ir" { zone_id = aws_route53_zone.tarhche_ir.id name = "tarhche.ir" type = "A" - ttl = 300 - records = ["3.125.118.7"] + + alias { + evaluate_target_health = true + name = aws_lb.tarhche.dns_name + zone_id = aws_lb.tarhche.zone_id + } } import { @@ -237,3 +418,39 @@ resource "aws_s3_bucket" "tarhche-backend" { project_name = var.project_name } } + +import { + to = aws_acm_certificate.tarhche_com + id = "arn:aws:acm:eu-central-1:381491955644:certificate/a446a0ad-9cac-479f-a1d6-59b983d633d6" +} + +resource "aws_acm_certificate" "tarhche_com" { + domain_name = "tarhche.com" + validation_method = "DNS" + + subject_alternative_names = [ + "tarhche.com", + "*.tarhche.com", + ] + + lifecycle { + create_before_destroy = true + } + + tags = { + project_name = var.project_name + } +} + +import { + to = aws_route53_record.tarhche_com_ssl_validation + id = "${aws_route53_zone.tarhche_com.id}__e7a6f01cbe22cb6d1db5c70fb80299a8.tarhche.com_CNAME" +} + +resource "aws_route53_record" "tarhche_com_ssl_validation" { + zone_id = aws_route53_zone.tarhche_com.id + name = "_e7a6f01cbe22cb6d1db5c70fb80299a8.tarhche.com" + type = "CNAME" + records = ["_0fdeb4d57a8f62c9a90a8f77b0146a14.zfyfvmchrl.acm-validations.aws."] + ttl = 60 +}