This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Use the official lightweight Node.js 12 image. | |
# https://hub.docker.com/_/node | |
FROM node:12-slim | |
# Create and change to the app directory. | |
WORKDIR /usr/src/app | |
# Copy application dependency manifests to the container image. | |
# A wildcard is used to ensure copying both package.json AND package-lock.json (when available). | |
# Copying this first prevents re-running npm install on every code change. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:14.04 | |
MAINTAINER li0nel | |
USER root | |
# Install CRON | |
RUN apt-get update && apt-get -y install sudo && \ | |
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 && \ | |
echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list && \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# One ALB with two listeners for HTTP and HTTPS | |
# The HTTP listener will pointed to a specific Nginx container redirecting traffic to HTTPS | |
# because neither ALB or ELB allow you to handle this through their configuration | |
LoadBalancer: | |
Type: AWS::ElasticLoadBalancingV2::LoadBalancer | |
Properties: | |
Name: !Ref EnvironmentName | |
Subnets: !Ref PublicSubnets | |
SecurityGroups: | |
- !Ref LBSecurityGroup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# One Docker registry that we will use both for the Laravel application | |
# image and our Nginx image. | |
# Note that if you give a name to the repository, CloudFormation can't | |
# update it without a full replacement. | |
ECR: | |
Type: AWS::ECR::Repository | |
Properties: | |
# RepositoryName: !Sub ${AWS::StackName}-nginx | |
RepositoryPolicyText: | |
Version: "2012-10-17" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fastcgi_cache_path /dev/shm levels=1:2 keys_zone=laravel:100m; | |
fastcgi_cache_key "$scheme$request_method$host$request_uri$query_string"; | |
server { | |
listen 80 default_server; | |
server_name laravel.info; | |
root /usr/share/nginx/html/; | |
index index.php index.html; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This security group defines who/where is allowed to access the ECS hosts directly. | |
# By default we're just allowing access from the load balancer. If you want to SSH | |
# into the hosts, or expose non-load balanced services you can open their ports here. | |
ECSSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupDescription: Access to the ECS hosts and the tasks/containers that run on them | |
SecurityGroupIngress: | |
# Only allow inbound access to ECS from the ELB |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create a script that will use the AWS Route53 CLI to insert DNS TXT records for Let's Encrypt DNS validation | |
echo 'aws route53 wait resource-record-sets-changed --id \ | |
$(aws route53 change-resource-record-sets --hosted-zone-id \ | |
"$(aws route53 list-hosted-zones-by-name --dns-name $2. | |
--query HostedZones[0].Id --output text)" \ | |
--query ChangeInfo.Id | |
--output text \ | |
--change-batch "{ | |
\"Changes\": [{ | |
\"Action\": \"$1\", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Use Let's Encrypt certbot to order a free certificate | |
certbot certonly --non-interactive --manual \ | |
--manual-auth-hook "./auth-hook.sh UPSERT your_domain.com" \ | |
--manual-cleanup-hook "./auth-hook.sh DELETE your_domain.com" \ | |
--preferred-challenge dns \ | |
--config-dir "./letsencrypt" \ | |
--work-dir "./letsencrypt" \ | |
--logs-dir "./letsencrypt" \ | |
--agree-tos \ | |
--manual-public-ip-logging-ok \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aws route53 wait resource-record-sets-changed --id \ | |
$(aws route53 change-resource-record-sets --hosted-zone-id \ | |
"$(aws route53 list-hosted-zones-by-name --dns-name $2. \ | |
--query HostedZones[0].Id --output text)" \ | |
--query ChangeInfo.Id \ | |
--output text \ | |
--change-batch "{ \ | |
\"Changes\": [{ \ | |
\"Action\": \"$1\", \ | |
\"ResourceRecordSet\": { \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The worker containers simply execute the Laravel artisan queue:work | |
# command instead of php-fpm | |
TaskDefinitionWorker: | |
Type: AWS::ECS::TaskDefinition | |
Properties: | |
Family: laravel-workers | |
ContainerDefinitions: | |
- Name: app | |
Essential: true | |
Image: !Join [ ".", [ !Ref "AWS::AccountId", "dkr.ecr", !Ref "AWS::Region", !Join [ ":", [ !Join [ "/", [ "amazonaws.com", !Ref ECR ] ], "laravel" ] ] ] ] |
NewerOlder