From d5942a75e08649f2831c48aff22c58295fb085b0 Mon Sep 17 00:00:00 2001
From: Isaac Hunter <ikehunter5@gmail.com>
Date: Sun, 17 Nov 2024 15:07:05 -0500
Subject: [PATCH] add s3 bucket for static files, implement in network compose
 and k8s

---
 docker-compose.network.yml                    |  1 +
 {deploy => infra}/.terraform.lock.hcl         |  0
 {deploy => infra}/README.md                   |  0
 {deploy => infra}/docker-compose.yml          |  0
 {deploy => infra}/ec2.tf                      |  0
 {deploy => infra}/load-balancer.tf            |  0
 {deploy => infra}/main.tf                     |  0
 {deploy => infra}/network.tf                  |  0
 {deploy => infra}/outputs.tf                  |  0
 {deploy => infra}/sample.tfvars               |  0
 infra/scripts/create-public-bucket.sh         | 44 +++++++++++++++++++
 .../templates/ec2/server-setup.sh.tpl         |  0
 .../s3/s3-allow-public-access-policy.json.tpl | 16 +++++++
 {deploy => infra}/variables.tf                |  0
 k8s/configs.yml                               |  1 +
 proxy/default.conf.tpl                        | 18 ++++++--
 16 files changed, 76 insertions(+), 4 deletions(-)
 rename {deploy => infra}/.terraform.lock.hcl (100%)
 rename {deploy => infra}/README.md (100%)
 rename {deploy => infra}/docker-compose.yml (100%)
 rename {deploy => infra}/ec2.tf (100%)
 rename {deploy => infra}/load-balancer.tf (100%)
 rename {deploy => infra}/main.tf (100%)
 rename {deploy => infra}/network.tf (100%)
 rename {deploy => infra}/outputs.tf (100%)
 rename {deploy => infra}/sample.tfvars (100%)
 create mode 100755 infra/scripts/create-public-bucket.sh
 rename {deploy => infra}/templates/ec2/server-setup.sh.tpl (100%)
 create mode 100644 infra/templates/s3/s3-allow-public-access-policy.json.tpl
 rename {deploy => infra}/variables.tf (100%)

diff --git a/docker-compose.network.yml b/docker-compose.network.yml
index a521b9a..b7b8b37 100644
--- a/docker-compose.network.yml
+++ b/docker-compose.network.yml
@@ -56,6 +56,7 @@ services:
       - SERVER_URI=server-jbx:9000
       - WEBSOCKET_URI=server-jbx:9000
       - CLUB_MANAGER_URI=club-app-network:9000
+      - PUBLIC_STATIC_URI=jukebox-client-631bab280a434e28995fd3fcafd1fa5a.s3-website-us-east-1.amazonaws.com
 
     # attach: false
 
diff --git a/deploy/.terraform.lock.hcl b/infra/.terraform.lock.hcl
similarity index 100%
rename from deploy/.terraform.lock.hcl
rename to infra/.terraform.lock.hcl
diff --git a/deploy/README.md b/infra/README.md
similarity index 100%
rename from deploy/README.md
rename to infra/README.md
diff --git a/deploy/docker-compose.yml b/infra/docker-compose.yml
similarity index 100%
rename from deploy/docker-compose.yml
rename to infra/docker-compose.yml
diff --git a/deploy/ec2.tf b/infra/ec2.tf
similarity index 100%
rename from deploy/ec2.tf
rename to infra/ec2.tf
diff --git a/deploy/load-balancer.tf b/infra/load-balancer.tf
similarity index 100%
rename from deploy/load-balancer.tf
rename to infra/load-balancer.tf
diff --git a/deploy/main.tf b/infra/main.tf
similarity index 100%
rename from deploy/main.tf
rename to infra/main.tf
diff --git a/deploy/network.tf b/infra/network.tf
similarity index 100%
rename from deploy/network.tf
rename to infra/network.tf
diff --git a/deploy/outputs.tf b/infra/outputs.tf
similarity index 100%
rename from deploy/outputs.tf
rename to infra/outputs.tf
diff --git a/deploy/sample.tfvars b/infra/sample.tfvars
similarity index 100%
rename from deploy/sample.tfvars
rename to infra/sample.tfvars
diff --git a/infra/scripts/create-public-bucket.sh b/infra/scripts/create-public-bucket.sh
new file mode 100755
index 0000000..98b633f
--- /dev/null
+++ b/infra/scripts/create-public-bucket.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Docs:
+# Creating buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+# cli create-bucket: https://docs.aws.amazon.com/cli/latest/reference/s3api/create-bucket.html
+# cli public access block: https://docs.aws.amazon.com/cli/latest/reference/s3api/put-public-access-block.html
+# cli bucket acls: https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-acl.html
+# cli bucket website: https://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-website.html
+
+# Context: infra/
+
+set -e
+
+BUCKET_PREFIX="jukebox-client"
+REGION="us-east-1"
+
+# Create bucket with unique name
+export bucket_name="$BUCKET_PREFIX-$(uuidgen | tr -d - | tr '[:upper:]' '[:lower:]' )"
+aws s3api create-bucket \
+  --bucket "$bucket_name" \
+  --region "$REGION" \
+  --object-ownership BucketOwnerPreferred > /dev/null
+
+# Disable default security protocols, allow public access
+aws s3api put-public-access-block \
+  --bucket "$bucket_name" \
+  --public-access-block-configuration "BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false" > /dev/null
+
+
+# Create policy so public can only read bucket content
+aws s3api put-bucket-policy \
+  --bucket "$bucket_name" \
+  --policy "$(envsubst < ./templates/s3/s3-allow-public-access-policy.json.tpl)" > /dev/null
+  
+# Create s3 static website hosting
+aws s3api put-bucket-website \
+  --bucket "$bucket_name" \
+  --website-configuration '{ "IndexDocument": { "Suffix": "index.html" } }' > /dev/null
+  
+bucket_uri="$bucket_name.s3-website-$REGION.amazonaws.com"
+echo "Bucket upload uri: s3://$bucket_name"
+echo "Bucket proxy uri: $bucket_uri"
+echo "Bucket endpoint: http://$bucket_uri"
+  
diff --git a/deploy/templates/ec2/server-setup.sh.tpl b/infra/templates/ec2/server-setup.sh.tpl
similarity index 100%
rename from deploy/templates/ec2/server-setup.sh.tpl
rename to infra/templates/ec2/server-setup.sh.tpl
diff --git a/infra/templates/s3/s3-allow-public-access-policy.json.tpl b/infra/templates/s3/s3-allow-public-access-policy.json.tpl
new file mode 100644
index 0000000..85e65ed
--- /dev/null
+++ b/infra/templates/s3/s3-allow-public-access-policy.json.tpl
@@ -0,0 +1,16 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+      {
+          "Sid": "PublicReadGetObject",
+          "Effect": "Allow",
+          "Principal": "*",
+          "Action": [
+              "s3:GetObject"
+          ],
+          "Resource": [
+              "arn:aws:s3:::${bucket_name}/*"
+          ]
+      }
+  ]
+}
\ No newline at end of file
diff --git a/deploy/variables.tf b/infra/variables.tf
similarity index 100%
rename from deploy/variables.tf
rename to infra/variables.tf
diff --git a/k8s/configs.yml b/k8s/configs.yml
index 3951238..73713da 100644
--- a/k8s/configs.yml
+++ b/k8s/configs.yml
@@ -28,6 +28,7 @@ data:
   SERVER_URI: 'jukebox-service:9000'
   CLUB_MANAGER_URI: 'club-service:9000'
   WEBSOCKET_URI: 'jukebox-service:9000'
+  PUBLIC_STATIC_URI: 'jukebox-client-631bab280a434e28995fd3fcafd1fa5a.s3-website-us-east-1.amazonaws.com'
 
 ---
 apiVersion: v1
diff --git a/proxy/default.conf.tpl b/proxy/default.conf.tpl
index f1119ba..847f150 100644
--- a/proxy/default.conf.tpl
+++ b/proxy/default.conf.tpl
@@ -96,12 +96,22 @@ server {
     proxy_set_header Connection "upgrade";
   }
   
+  # location /api/docs {
+  #   root /vol/client;
+  #   index index.html index.htm;
+    
+  #   try_files $uri $uri/ /index.html /vol/apidoc/;
+  #   error_page 404 =200 /index.html;
+  # }
+  
   location / {
-    root /vol/client;
-    index index.html index.htm;
+    proxy_intercept_errors on;
+    proxy_redirect off;
+    proxy_hide_header X-Amz-Id-2;
+    proxy_hide_header X-Amz-Request-Id;
     
-    try_files $uri $uri/ /index.html /vol/apidoc/;
-    error_page 404 =200 /index.html;
+    error_page 400 403 404 500 =200 /index.html;
+    proxy_pass "http://$PUBLIC_STATIC_URI/jukebox-client/";
   }
   
 }
\ No newline at end of file