From d886e28f02125203e0e8c206c4a66b2554f9ab36 Mon Sep 17 00:00:00 2001 From: Dougal Rea Date: Wed, 21 Aug 2024 12:12:25 +0100 Subject: [PATCH 1/6] Add env vars --- terraform/backend/faucet-backend.tf | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/terraform/backend/faucet-backend.tf b/terraform/backend/faucet-backend.tf index 2f3687a..13215ca 100644 --- a/terraform/backend/faucet-backend.tf +++ b/terraform/backend/faucet-backend.tf @@ -1,3 +1,10 @@ +data "aws_ssm_parameter" "private_key" { + name = "/${local.env.environment}/${local.env.project}/private_key" +} +data "aws_ssm_parameter" "recaptcha_secret_key" { + name = "/${local.env.environment}/${local.env.project}/recaptcha_secret_key" +} + variable "runtime_platform" { type = list(object({ operating_system_family = string @@ -159,6 +166,27 @@ module "ecs-lb-service-faucet-be" { namespace_id = module.namespace.namespace_id https_tg_healthcheck_path = "/api" environment_variables = [ + { + "NODE_ENV": "production" + }, + { + "PRIV_KEY": data.aws_ssm_parameter.private_key.value + }, + { + "CHAIN_TAG": "0x27" + }, + { + "FAUCET_PORT": "8080" + }, + { + "RECAPCHA_SECRET_KEY": data.aws_ssm_parameter.recaptcha_secret_key.value + }, + { + "FAUCET_CORS": "faucet.vecha.in" + }, + { + "REVERSE_PROXY": "yes" + }, ] log_metric_filters = [ { From f47e1f82d19335c9444bac99e1ff99af15dfa3c9 Mon Sep 17 00:00:00 2001 From: Dougal Rea Date: Thu, 22 Aug 2024 09:57:26 +0100 Subject: [PATCH 2/6] Update config.json --- config.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/config.json b/config.json index b98995b..e09c95a 100644 --- a/config.json +++ b/config.json @@ -1,11 +1,11 @@ { - "vet": 500, - "thor": 500, - "vetLimit": 1000000000, - "thorLimit": 10000, - "networkAPIAddr": "http://127.0.0.1:8669", - "maxAddressTimes": 5, - "maxIPTimes": 10, - "certificateExpiration": 600, - "recapchaMinScore": 0.5 -} \ No newline at end of file + "vet": 500, + "thor": 500, + "vetLimit": 1000000000, + "thorLimit": 20000, + "networkAPIAddr": "https://testnet.vechain.org", + "maxAddressTimes": 5, + "maxIPTimes": 10, + "certificateExpiration": 600, + "recapchaMinScore": 0.5 +} From 6b334153e611e94bd8202474b0dbc601be5243a6 Mon Sep 17 00:00:00 2001 From: Dougal Rea Date: Thu, 22 Aug 2024 10:39:28 +0100 Subject: [PATCH 3/6] Update faucet-backend.tf --- terraform/backend/faucet-backend.tf | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/terraform/backend/faucet-backend.tf b/terraform/backend/faucet-backend.tf index 13215ca..0f793f2 100644 --- a/terraform/backend/faucet-backend.tf +++ b/terraform/backend/faucet-backend.tf @@ -164,28 +164,35 @@ module "ecs-lb-service-faucet-be" { alb_sg = [module.alb-sg.security_group_id] enable_deletion_protection = true namespace_id = module.namespace.namespace_id - https_tg_healthcheck_path = "/api" + https_tg_healthcheck_path = "/requests" environment_variables = [ { - "NODE_ENV": "production" + "name": "NODE_ENV" + "value": "production" }, { - "PRIV_KEY": data.aws_ssm_parameter.private_key.value + "name": "PRIV_KEY" + "value": data.aws_ssm_parameter.private_key.value }, { - "CHAIN_TAG": "0x27" + "name": "CHAIN_TAG" + "value": "0x27" }, { - "FAUCET_PORT": "8080" + "name": "FAUCET_PORT" + "value": "8080" }, { - "RECAPCHA_SECRET_KEY": data.aws_ssm_parameter.recaptcha_secret_key.value + "name": "RECAPCHA_SECRET_KEY" + "value": data.aws_ssm_parameter.recaptcha_secret_key.value }, { - "FAUCET_CORS": "faucet.vecha.in" + "name": "FAUCET_CORS" + "value": "faucet.vecha.in" }, { - "REVERSE_PROXY": "yes" + "name": "REVERSE_PROXY" + "value": "yes" }, ] log_metric_filters = [ From 0cff3282e886923a343c588d6262a675d8c43bd4 Mon Sep 17 00:00:00 2001 From: Dougal Rea Date: Thu, 22 Aug 2024 11:29:05 +0100 Subject: [PATCH 4/6] Update domains.tf --- terraform/backend/domains.tf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/terraform/backend/domains.tf b/terraform/backend/domains.tf index 67cda12..eb834ac 100644 --- a/terraform/backend/domains.tf +++ b/terraform/backend/domains.tf @@ -12,5 +12,13 @@ module "faucet-domains" { subdomain_type = "CNAME" create_cert = true # Cert domain will default to env.domain_name (or just domain_name for prod), but can be overriden here. - cert_domain_override = "${local.domain_prefix}.vechain.org" + cert_domain_override = "api.${local.domain_prefix}.vechain.org" } + +resource aws_route53_record "backend_cname" { + zone_id = module.faucet-domains.public_zone_id + name = "api.${local.domain_prefix}.vechain.org" + type = "CNAME" + ttl = 300 + records = [module.ecs-lb-service-faucet-be.alb_dns_name] +} \ No newline at end of file From b03ba5865d4d85d42b39ea3700092e9cefa24977 Mon Sep 17 00:00:00 2001 From: Dougal Rea Date: Thu, 22 Aug 2024 14:48:40 +0100 Subject: [PATCH 5/6] 8000 and healthcheck endpoint --- Dockerfile | 2 +- src/controllers/router.ts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8385c71..45353de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,6 @@ RUN yarn install --frozen-lockfile RUN yarn build # Expose the port that the application listens on. -EXPOSE 8080 +EXPOSE 8000 CMD yarn start diff --git a/src/controllers/router.ts b/src/controllers/router.ts index 119600a..b7141a0 100644 --- a/src/controllers/router.ts +++ b/src/controllers/router.ts @@ -70,4 +70,9 @@ router.post("/requests", async (ctx) => { reportLogger.info(`IP=${remoteAddr} Address=${signer} Score=${score}`) }) +// Health check endpoint +router.get("/health", async (ctx) => { + ctx.body = "OK" +}) + export default router \ No newline at end of file From 982e301bee14d72c06b22464a056a2009b8df6c7 Mon Sep 17 00:00:00 2001 From: Dougal Rea Date: Thu, 22 Aug 2024 14:54:25 +0100 Subject: [PATCH 6/6] Update health enpoint and security group rules --- terraform/backend/faucet-backend.tf | 30 ++++++----------------------- 1 file changed, 6 insertions(+), 24 deletions(-) diff --git a/terraform/backend/faucet-backend.tf b/terraform/backend/faucet-backend.tf index 0f793f2..21b1619 100644 --- a/terraform/backend/faucet-backend.tf +++ b/terraform/backend/faucet-backend.tf @@ -57,14 +57,6 @@ module "alb-sg" { ipv6_cidr_blocks = [] security_groups = [] }, - { - description = "Allow Dynamodb TCP traffic" - from_port = 8000 - to_port = 8000 - protocol = "tcp" - cidr_blocks = [local.env.vpc_cidr] - ipv6_cidr_blocks = [] - } ] egress_rules = [ @@ -91,28 +83,18 @@ module "ecs-sg" { ingress_rules = [ { - description = "Allow Dynamodb traffic" + description = "Allow HTTP traffic from LB" from_port = 8000 to_port = 8000 protocol = "tcp" cidr_blocks = [local.env.vpc_cidr] ipv6_cidr_blocks = [] - security_groups = [] - }, - { - description = "Allow HTTP traffic" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = [local.env.vpc_cidr] - ipv6_cidr_blocks = [] - security_groups = [] } ] egress_rules = [ { - description = "Allow Oubound PostgreSQL traffic" + description = "Allow all traffic" from_port = 0 to_port = 0 protocol = "-1" @@ -120,7 +102,6 @@ module "ecs-sg" { ipv6_cidr_blocks = [] } ] - } # ECS cluster for backend service @@ -156,7 +137,8 @@ module "ecs-lb-service-faucet-be" { cpu = local.env.cpu memory = local.env.memory cidr = local.env.vpc_cidr - container_port = 8080 + container_port = 8000 + https_tg_port = 8000 runtime_platform = var.runtime_platform certificate_arn = module.faucet-domains.certificate_arn ecs_sg = [module.ecs-sg.security_group_id] @@ -164,7 +146,7 @@ module "ecs-lb-service-faucet-be" { alb_sg = [module.alb-sg.security_group_id] enable_deletion_protection = true namespace_id = module.namespace.namespace_id - https_tg_healthcheck_path = "/requests" + https_tg_healthcheck_path = "/health" environment_variables = [ { "name": "NODE_ENV" @@ -180,7 +162,7 @@ module "ecs-lb-service-faucet-be" { }, { "name": "FAUCET_PORT" - "value": "8080" + "value": "8000" }, { "name": "RECAPCHA_SECRET_KEY"