Skip to content

Setup review hosts in private subnet

Joren Vrancken requested to merge review-host-url into master

Closes #997 (closed)

Description

This merge requests does the following:

  • It uses a new version of the EC2 instance template. The new template creates instances in a private subnet. Instances do not get a public IPv4 address anymore.

  • It replaces the use of .reviewhost domains with *.public.review.technicie.nl and *.private.review.technicie.nl domains. *.public.review.technicie.nl points to refter (a server that acts as a NAT gateway from the public subnet to the private subnet). *.private.review.technicie.nl points to private IPv4 addresses within the private review subnet.

refter has the following nginx config to route the HTTP traffic:

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name _;
	
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;

	server_name _;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/public.review.technicie.nl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/public.review.technicie.nl/privkey.pem;

	return 404;
	
}

server {
	listen 443;
	listen [::]:443;

	server_name "~^(?<mr_slug>[-a-z0-9]{1,63})\.public\.review\.technicie\.nl$";
	
	ssl on;
	ssl_certificate /etc/letsencrypt/live/public.review.technicie.nl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/public.review.technicie.nl/privkey.pem;
	
	location / {
		resolver 127.0.0.53;
		proxy_pass http://$mr_slug.private.review.technicie.nl$request_uri;
	}
}
  • HTTPS does not seem to be working correctly in the current setup (for me atleast). This MR does work with HTTPS.

After this is merged. The following things should be cleaned up:

  • The IAM users and policies that are not used anymore.
  • The .reviewhost hosted zone in Route 53.
  • The old EC2 instance and VPC setup.
Edited by Joren Vrancken

Merge request reports