Run fixtures on non-privileged port

But it will still be providing 443 at the load balancer. #patch
ministryofjustice · Oct 15, 2024 · ede895d · ede895d
1 parent df58597
commit ede895d
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 10 deletions.
diff --git a/fixtures/Dockerfile b/fixtures/Dockerfile
@@ -24,9 +24,9 @@ COPY fixtures/static static
 COPY fixtures/templates templates
 COPY docs/schemas static/schemas
 
-EXPOSE 80
+EXPOSE 8080
 
 RUN addgroup -S app && adduser -S -g app app
 USER app
 
-CMD [ "flask", "run", "--host", "0.0.0.0", "--port", "80"]
+CMD [ "flask", "run", "--host", "0.0.0.0", "--port", "8080"]
diff --git a/terraform/modules/fixtures_service/ecs.tf b/terraform/modules/fixtures_service/ecs.tf
@@ -19,7 +19,7 @@ resource "aws_ecs_service" "fixtures" {
   load_balancer {
     target_group_arn = aws_lb_target_group.fixtures.arn
     container_name   = "fixtures"
-    container_port   = 80
+    container_port   = 8080
   }
 
   network_configuration {
@@ -60,8 +60,8 @@ locals {
       name                   = "fixtures",
       portMappings = [
         {
-          containerPort = 80,
-          hostPort      = 80,
+          containerPort = 8080,
+          hostPort      = 8080,
           protocol      = "tcp"
         }
       ],

diff --git a/terraform/modules/fixtures_service/load_balancer.tf b/terraform/modules/fixtures_service/load_balancer.tf
@@ -57,7 +57,7 @@ resource "aws_lb_listener_rule" "fixtures" {
 
 resource "aws_lb_target_group" "fixtures" {
   name                 = "fixtures-${var.environment_name}-http"
-  port                 = 80
+  port                 = 8080
   protocol             = "HTTP"
   target_type          = "ip"
   vpc_id               = var.vpc_id

diff --git a/terraform/modules/fixtures_service/load_balancer_security.tf b/terraform/modules/fixtures_service/load_balancer_security.tf
@@ -39,8 +39,8 @@ resource "aws_security_group" "loadbalancer_gov_wifi" {
 resource "aws_security_group_rule" "loadbalancer_egress_to_ecs" {
   type                     = "egress"
   protocol                 = "tcp"
-  from_port                = 80
-  to_port                  = 80
+  from_port                = 8080
+  to_port                  = 8080
   security_group_id        = aws_security_group.loadbalancer_gov_wifi.id
   source_security_group_id = aws_security_group.ecs.id
 

diff --git a/terraform/modules/fixtures_service/security_group.tf b/terraform/modules/fixtures_service/security_group.tf
@@ -8,8 +8,8 @@ resource "aws_security_group" "ecs" {
 resource "aws_security_group_rule" "alb_ingress" {
   type                     = "ingress"
   protocol                 = "tcp"
-  from_port                = 80
-  to_port                  = 80
+  from_port                = 8080
+  to_port                  = 8080
   source_security_group_id = aws_security_group.loadbalancer_gov_wifi.id
   security_group_id        = aws_security_group.ecs.id
   description              = "Inbound from the ALB"