Skip to content

Instantly share code, notes, and snippets.

@m-sanders

m-sanders/api.media.example.com.crt

Created November 20, 2015 20:41
Show Gist options
  • Save m-sanders/081b9b3d0b4a6a210485 to your computer and use it in GitHub Desktop.
Save m-sanders/081b9b3d0b4a6a210485 to your computer and use it in GitHub Desktop.
Download ZIP
guardian/grid config for OS X
Raw
readme.md

Readme

This is in addition to, rather than a replacement of guardian/grid/readme.md guide.

Packages

brew install graphicsmagick --with-little-cms2
brew install ExifTool
# --with-gd is required to use nginx for imgops.
brew install nginx-full --with-gd

Install AWS command line if you don't already have it:

pip install awscli

Install the front end packages and build the distribution.

cd kahuna
npm install
./dist.sh dist

Note: If you need to install node then I would recommend using nvm.

Setup Panda

See: https://github.com/guardian/pan-domain-authentication#requirements

  • When setting up panda you'll have to set the environment variable PANDA_BUCKET_NAME as s3 bucket names must be globally unique.
  • When configuring the Google App credentials be sure to add: https://media.example.com to "Authorized JavaScript origins" and https://media.example.com/oauthCallback to "Authorized redirect URIs".
  • When taking the example <domain>.settings file I originally missed that this also required a secret entry set to some random string.
  • <domain>.settings file is example.com.settings for this example.

Nginx

Deploy all of the nginx .conf, .crt and .key files to their gist locations. Copy-paste the /etc/hosts entries in this gist into /etc/hosts, you'll need sudo.

Start all of the things!

Start nginx:

sudo nginx

And you can later stop it with sudo nginx -s stop

Start elasticsearch:

cd elasticsearch
./dev-start.sh

Start each of the following media-services in a terminal:

PANDA_BUCKET_NAME={YOUR_PANDA_BUCKET_NAME} sbt 'project media-api' 'run 9001'
PANDA_BUCKET_NAME={YOUR_PANDA_BUCKET_NAME} sbt 'project thrall' 'run 9002'
PANDA_BUCKET_NAME={YOUR_PANDA_BUCKET_NAME} sbt 'project image-loader' 'run 9003'
PANDA_BUCKET_NAME={YOUR_PANDA_BUCKET_NAME} sbt 'project kahuna' 'run 9005'
PANDA_BUCKET_NAME={YOUR_PANDA_BUCKET_NAME} sbt -Dws.acceptAnyCertificate=true 'project cropper' 'run 9006'
PANDA_BUCKET_NAME={YOUR_PANDA_BUCKET_NAME} sbt 'project metadata-editor' 'run 9007'

Hit thrall to actually get it to start fetching from SNS: curl http://localhost:9002/

Raw
api.media.example.com.crt
# Location: /usr/local/etc/nginx/certs/api.media.example.com.crt
-----BEGIN CERTIFICATE-----
MIICQTCCAaoCCQCggawqROCieTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMR4wHAYDVQQDExVhcGkubWVkaWEuZXhhbXBsZS5jb20wHhcNMTUx
MTE2MjMwNzE5WhcNMTUxMjE2MjMwNzE5WjBlMQswCQYDVQQGEwJBVTETMBEGA1UE
CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
MR4wHAYDVQQDExVhcGkubWVkaWEuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALS2YyA9wksORUyeuN1i3ZJDInxdM0ezxpMpzI40zYQQV7Eu
bGWV0flFZBS9qIn0BN09r6QUlNefd0FGbYtQVt3001tv5QCmvpJra9hf0UHhYF6e
KnLuc2ZodkCfJgleJPW3hKTDJ7BPQZ8fRhW05JsVlfw49toM1tOchHRIRdP3AgMB
AAEwDQYJKoZIhvcNAQEFBQADgYEAHTzI1zbxVkWsMHf05FxAnZ8N1FQPwLMUZrSr
eG90WEq5ApAWCobGEc4gYxnxzUDfahF6mP5joaGQlYSr33n7iv+unBX2WVM/x5ak
trm4V8L94RpynB4nA4bfrgdAFK8mn/wx4fohduVjGkO6QpmykSpikZpqeXk0sD8v
MOsEwQ4=
-----END CERTIFICATE-----
Raw
api.media.example.com.key
# Location: /usr/local/etc/nginx/private/api.media.example.com.key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC0tmMgPcJLDkVMnrjdYt2SQyJ8XTNHs8aTKcyONM2EEFexLmxl
ldH5RWQUvaiJ9ATdPa+kFJTXn3dBRm2LUFbd9NNbb+UApr6Sa2vYX9FB4WBenipy
7nNmaHZAnyYJXiT1t4SkwyewT0GfH0YVtOSbFZX8OPbaDNbTnIR0SEXT9wIDAQAB
AoGAQDKzEFcgWO2e7NNONUfUEwvKiofJmeVh3BHzW2miwRHVNVqao5QP3hAqt7uQ
zkFkIPyzEwVEwz0hbo0IiX9m/CWlvFAK0OBQjLhlfVo89e3XxA4kXgB/mClad9+7
ZSqErrVUdJYcgKg7jBCt8CoJF2YIf7TKuei7liBsfD+XPaECQQDn9I1C0jLL5RCS
iQgbgxV1KLUb2eU0CaTopeDKMczdWeAUPYqJ3NqBCNs8JgXdMOMoeg9bVMhF3Ujh
R+rPcG4ZAkEAx3H+QFjskHAGnrHiw7J5RfS+cho70sMIdF8gwj9e2reWOG53uWxd
BYcHWpTkXb8un18F/M/Y9TS1/PCHI910jwJAb/rhI4xE16h7arLbBiUve8MuRAba
n1e0lFhYgGSwaYBVLJBVTJ8hob+7z3rvw8wxLj5XIZl5ojjlUVUd6A14KQJBALN3
Y+3LFrOx2oMaVo76Hh5Q6L4L1SEF1qnAn92q4FO3Nzl4TctQMzQyGO/tYsDos688
9kpTTUr4L3p3hWNEdwkCQDv1bRgF1KyzhZejcu+vuTHJjS919z7+hMDMXY9c9RiM
nSjV+xSmZ8K+6mJ/ezz8Og29bxiV3B02cY5DnkSm//s=
-----END RSA PRIVATE KEY-----
Raw
cropper.media.example.com.crt
# Location: /usr/local/etc/nginx/certs/cropper.media.example.com.crt
-----BEGIN CERTIFICATE-----
MIICSTCCAbICCQDZj/4UWdUKtjANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMSIwIAYDVQQDExljcm9wcGVyLm1lZGlhLmV4YW1wbGUuY29tMB4X
DTE1MTExNjIzMDc0MloXDTE1MTIxNjIzMDc0MlowaTELMAkGA1UEBhMCQVUxEzAR
BgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEiMCAGA1UEAxMZY3JvcHBlci5tZWRpYS5leGFtcGxlLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAuHB8rlxlDvMXq2H82KUWsizC+fs0CeJZUhAJ
JfsWeD7PkISDqGhNfIkRQIg7JFJN5fi5Zd74aVtLhI3ni0I+2D1Qz8GNJsnpRUlR
JP9YGOB4DA81TCH6UUgQzLTBkLuCic6mg+q/dKYbDcwfHQKocSUmxioJOJH3uKa7
d844E50CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBeBHLPW2tKQkoNqy/GZEt7xZpV
FJ+/HDXeNyFrR7c04rgn2nW9ZNDEtKgql5gZGQNHtZ8AnzVWJx7qHEgTa42Qfhp1
03haHBBdGOFI4zckVYwfQhrA0zI4h2i1T0EhYqIyTXgh6h0ZBHp6QaY+5YzbiSIl
V1i2Zh1TjaNgNbBdFg==
-----END CERTIFICATE-----
Raw
cropper.media.example.com.key
# Location: /usr/local/etc/nginx/private/cropper.media.example.com.key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC4cHyuXGUO8xerYfzYpRayLML5+zQJ4llSEAkl+xZ4Ps+QhIOo
aE18iRFAiDskUk3l+Lll3vhpW0uEjeeLQj7YPVDPwY0myelFSVEk/1gY4HgMDzVM
IfpRSBDMtMGQu4KJzqaD6r90phsNzB8dAqhxJSbGKgk4kfe4prt3zjgTnQIDAQAB
AoGAHtmh4UBPHwsGQIJpWotymmbmTg34jFax/gn0nce74G0RJukjZH3dyCDdI+Al
lFO39+l8iU+cWXMN1KQvwJlaDWRWYQ3TyoJAGl4lvC9KxpXDy67uISxpqYMelr3N
0gyzDLMn69/7ohhiyI/XlL+d3AwFDwo/BlTfoxJPk+Ce70ECQQDwFTRfJt/WYDmr
Gvjb+nIHI/5pO6GMYXYzgefcmsXHcmvB90/qP6PLnAi3SH/mW5u7q75yQSxQeBTP
2lXvtO21AkEAxKrgdXudQ7d1H3Jqm50JJ3W95yK4Hd43lpZqvlszhIxTJn+toPLa
VaQ5GSHMQabAiXLs1Lz3AbKlJfxPrxX/SQJBAInjI9kicpylV3m2XAe7p5ICUjQO
U5JUx5Z9nbVODxml1c3pRLS9KE3gqADcWtjq9F6tHQxx8gmlbg6Sz5iEyaECQDz0
GQ1QerV6LrrIY3JHgYbRX0I76ISZUvFBPWQyMA1s0HimKdIwcqsIcwnvB7dxT0tK
a0ykJIpKLBVR1gCV+MECQDStKfZXRsaUH7RfyYPTsUE6RQhqD+tK+NAkxeoUtI7O
hVKrC23XQJK+5NmAH0GRxzyCOcdcih3zhJL3nkd7O6U=
-----END RSA PRIVATE KEY-----
Raw
grid-settings.ini
; Location: /etc/gu/grid-settings.ini
[aws]
; Cloudformation stackname. Hint aws cloudformation list-stacks | grep "media-service-"
stack-name = media-service-DEV
[properties]
; Domain root of your site, e.g. media.foobar.co.uk
domain_root = media.example.com
; Token used to access mxpanel. See https://mixpanel.com/help/questions/articles/where-can-i-find-my-project-token
; I don't believe this is required, but I just signed up to their demo...openssl rand -base64 48
mixpanel_token =
; Comma separated list of CORS domains.
cors = api.media.example.com, media.example.com, loader.media.example.com, media-imgops.example.com, cropper.media.example.com, media-metadata.example.com, media-usage.example.com
; Configuration for pan domain authentication. See https://github.com/guardian/pan-domain-authentication
panda_domain = example.com
; Configuration for pan domain authentication. See https://github.com/guardian/pan-domain-authentication
panda_aws_key =
; Configuration for pan domain authentication. See https://github.com/guardian/pan-domain-authentication
panda_aws_secret =
; The minimum number of messages to retrieve from SQS to be deemed healthy. We set this to 5.
sqs_message_min_frequency = 5
; An API key that has access to the media-api, used to run a local ftp server.
ftp_key =
Raw
hosts
# Location /etc/hosts
# media-service
127.0.0.1 api.media.example.com
127.0.0.1 loader.media.example.com
127.0.0.1 media.example.com
127.0.0.1 cropper.media.example.com
127.0.0.1 media-metadata.example.com
127.0.0.1 media-imgops.example.com
127.0.0.1 media-usage.example.com
Raw
imgops.conf
# Location: /usr/local/etc/nginx/servers/imgops.conf
server {
listen 9008;
charset utf-8;
proxy_intercept_errors on;
location /_ {
return 200 'OK';
add_header Content-Type text/plain;
}
location / {
# We're using Google here as a resolver
# as Amazon's 172.16.0.23 is very very slow
resolver 8.8.8.8 8.8.4.4;
set $bucket media-service-dev-imagebucket-{CHANGE-THIS!!!};
# We might need to review what we do with bigger images
image_filter test;
image_filter_buffer 75M;
image_filter_interlace on;
image_filter_jpeg_quality $arg_q;
image_filter resize $arg_w $arg_h;
proxy_pass http://$bucket.s3.amazonaws.com$request_uri;
}
}
Raw
loader.media.example.com.crt
# /usr/local/etc/nginx/certs/loader.media.example.com.crt
-----BEGIN CERTIFICATE-----
MIICRzCCAbACCQCGz1MAuLIaeTANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMSEwHwYDVQQDExhsb2FkZXIubWVkaWEuZXhhbXBsZS5jb20wHhcN
MTUxMTE2MjMwNzUxWhcNMTUxMjE2MjMwNzUxWjBoMQswCQYDVQQGEwJBVTETMBEG
A1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
THRkMSEwHwYDVQQDExhsb2FkZXIubWVkaWEuZXhhbXBsZS5jb20wgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAMg1ijuW2/LEDwU7vB9Q8tEkvWnsDB9Uhtt1peZ9
FFt/+hNwvbWWFT8x2flNW7TJ6sWtq/g5QLGZkAy5I1CoDAPJmvdBSAc8614kdWIH
8N8tInlsWtX54Wnpx3OHbPbNR0VaEt8cVAfT2Br3djg0ChIH2G1Y4YmtLfZY3bxA
r0j/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAwW3e2gFMbOCz0muaqAj91h6DGgxl
19F91EbVi198c6GmzoLdTB4UxATxM4prza5Vd65TsleXHqzxsTASmVtolssg5D4Z
4fnK1u1EsrLOBYSgRr2rp9Y/oIH9dAqNNFYI6Vh1Wg+F9YS2KM5jsTSk/28MDfmV
ZJPT8VcUIsnVyok=
-----END CERTIFICATE-----
Raw
loader.media.example.com.key
# Location: /usr/local/etc/nginx/private/loader.media.example.com.key
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDINYo7ltvyxA8FO7wfUPLRJL1p7AwfVIbbdaXmfRRbf/oTcL21
lhU/Mdn5TVu0yerFrav4OUCxmZAMuSNQqAwDyZr3QUgHPOteJHViB/DfLSJ5bFrV
+eFp6cdzh2z2zUdFWhLfHFQH09ga93Y4NAoSB9htWOGJrS32WN28QK9I/wIDAQAB
AoGAChJvdtn7DLaCTvAXYbfvz0e647ZFUdotwqKjivnl6UiB6zJzyMvZG8nFPn5+
y5SQ5Ar9qMowj/66uXki5q7dk8hkzioc6u33m2L/XP6wm++jzdt0JY8mYqpp+mdl
igivLNnUjJELMhqkCNgVs9EEcdW7+ES9QPxqp5beDfuB20kCQQDuKh32NnYKIcnf
p5Nhb5dT3DCj4Hjb7xlRT6aIi71lNBvICgdZp+Njmj95dVx/6+7DdrosyMA+4L89
dL9vA+FFAkEA1zPGgliwHE5Tsp2DBMxkyp6bdNpBh4zEiYKHtLtghd/zrvcvsA5G
nZOKk1BMUALlNrsl9MWmIJsENUtCvBircwJBAOnxFwM91c74B6sYmU1xZs0qEeE3
YqBvCYh0W9nuobiiadOh/jxUDKlO36C35oeFQkBgBFpvS1+4NkHwxwYOYp0CQQCv
Be/8EQ9iZh3SViK541ZSKH78oYnMKaOqxtuCFScimorBEU7anDG4dMeumg8Gv+QW
CE2NbrZ3LDxW79fdzR6bAkA97xjHF92OiItw7x9nvBDRXpC+i0GS3sXBZbjQdo6t
bSQPRe5i0C/iwrIefzwpBySUs1MB3Dw0p+bp/dmgZgB8
-----END RSA PRIVATE KEY-----
Raw
media-imgops.example.com.crt
# Location: /usr/local/etc/nginx/certs/media-imgops.example.com.crt
-----BEGIN CERTIFICATE-----
MIICRzCCAbACCQCBjjyCiGVJ5jANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMSEwHwYDVQQDExhtZWRpYS1pbWdvcHMuZXhhbXBsZS5jb20wHhcN
MTUxMTE2MjMwODA5WhcNMTUxMjE2MjMwODA5WjBoMQswCQYDVQQGEwJBVTETMBEG
A1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg
THRkMSEwHwYDVQQDExhtZWRpYS1pbWdvcHMuZXhhbXBsZS5jb20wgZ8wDQYJKoZI
hvcNAQEBBQADgY0AMIGJAoGBAMjK3Q2QGaMlNUG7BF3dKxvOQedRaLYOYkIwnTT0
XqDo6n2mquxJ3mbeQWwj/fOO5LLQ7W4JARL4fVbrmF4TIpGN0iyFpvRjFHN9r5UY
HMgJKMuHlAlsaFB7PvEfeLrsd4pbIOlYczXSpg01MqJVinrqmTKJoZp5PFdDeHaa
/KcFAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAdQ9mJ1thE5WiChR7yBuqN6WzSDtx
WkhxhmiUqVNN6TLoS90o44f4vshLUvy81YFqXoL5xGsYdVTeLaqabVfvpt4whFVr
FLspKDw7NDO87M8BCQsbq86zDIZoqTzq1jtiZZ0oc0+rlDeXZRK1X+cry6MgZ41K
CCo7KFZz7vGmbxI=
-----END CERTIFICATE-----
Raw
media-imgops.example.com.key
# Location: /usr/local/etc/nginx/private/media-imgops.example.com.key
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDIyt0NkBmjJTVBuwRd3SsbzkHnUWi2DmJCMJ009F6g6Op9pqrs
Sd5m3kFsI/3zjuSy0O1uCQES+H1W65heEyKRjdIshab0YxRzfa+VGBzICSjLh5QJ
bGhQez7xH3i67HeKWyDpWHM10qYNNTKiVYp66pkyiaGaeTxXQ3h2mvynBQIDAQAB
AoGAblVq2oUQUWGkvhWx9JIPmhvggudtDn0g6RYljG+rf+f80ka/LU/58bS3ZmDw
ruEaMlgz3377JB1/Yj/bXfZNy4tKHjH2TXje4KNsjvBnO0pemLhcATXj5+yf0AA9
Q4izfAUl4bUmQfK4j9DBmzyTw8KR2nZY/Mp4bwK2+iaJsoECQQD5Dm/a+XeC2xqk
rSISh3cP+bUTDCSST7Q9UVZ35prSM7z1pnjR2KXeoAA4u3D2iQgXQa09cLwd0BEn
NQOP1CrdAkEAzmP1HAtbC0ztkxugOgB9Z+Vyl4d0zgDarmsyaV/h5r9nbJLRAzS+
PQbbeLde4UX5ctJ3Vank2BoAQHJyPJRGSQJABN81bPEoV1T15nbEjdw8hgF6e07n
gD0y52gp6tqF+MquTZfeESzNwdcbagCwqwHvOJU+UE9ePq8NRtkQosWhuQJAEAK5
FP/chDfnhi3ydA1trQ2johWj/gca78TpGDuT7q6Se124USNaTqmlhOvUtG0VOM8S
6tZPJmR9+IHoUsK94QJAXMmD7a71gwHaxrWuZKWxOXsEglLzZSCiFY/djKSy9wcq
n4OTq0rCW611HEn3om1xDbko2vvwx3XW7sWmb9ADkg==
-----END RSA PRIVATE KEY-----
Raw
media-metadata.example.com.crt
# Location: /usr/local/etc/nginx/certs/media-metadata.example.com.crt
-----BEGIN CERTIFICATE-----
MIICSzCCAbQCCQDdbJNtMVYIYDANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMSMwIQYDVQQDExptZWRpYS1tZXRhZGF0YS5leGFtcGxlLmNvbTAe
Fw0xNTExMTYyMzA4MTZaFw0xNTEyMTYyMzA4MTZaMGoxCzAJBgNVBAYTAkFVMRMw
EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQxIzAhBgNVBAMTGm1lZGlhLW1ldGFkYXRhLmV4YW1wbGUuY29tMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC65k3ypKB4KW/LWN6WmHWLO6uLhuiE3jap
6vOdyRgHCzQ++2wD5KBjpSlPYg74Ep4iF8iFn4lyycGig51GYXfzPQrXxYeZIr5j
r7HCuYEzRGg/mtjCuA7B9TC6OaQgG95aWPb7BYnfumcSMelUaTYUmCamBM2E1h39
1TlzugpQ0wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACdRMIQpqqkmT91Y+o8XKBoJ
hu5w2TVKSMRERP8mvONmXdmpqqBk1UO+VlFGC/gWPccLrEL+ao82QeQMU7eFU+3z
x/fxNaMHnRW0LZfjsrUlze1usipZDRWFnmbw7r8NAYF75Z5YxZ6au9JS195r7PSi
c+tcoyjsBWN8FUDkx6Lt
-----END CERTIFICATE-----
Raw
media-metadata.example.com.key
# Location: /usr/local/etc/nginx/private/media-metadata.example.com.key
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC65k3ypKB4KW/LWN6WmHWLO6uLhuiE3jap6vOdyRgHCzQ++2wD
5KBjpSlPYg74Ep4iF8iFn4lyycGig51GYXfzPQrXxYeZIr5jr7HCuYEzRGg/mtjC
uA7B9TC6OaQgG95aWPb7BYnfumcSMelUaTYUmCamBM2E1h391TlzugpQ0wIDAQAB
AoGAF4WUmc0ORREx+K2eleVqJbPEyzKXYOF2j7v6HQmJ9Jj8YlDSL0s+xEus/0ig
CaiOLkw/+FEzwzaRIBrgWFM7/THKCcK2zN0E+nuDY1gRdYm97biFpG7+HCNXCjY8
PbEVw9N9AcsKsVEa1JqtmV8HjADfK8mAencLV7ihC5GuewECQQDcrHkmE6q7C/sl
2yMIdUatD76Bv+uiOkeMWX/gr6WNX1oIXiNBo9pYRuM9iNx/xbshJgHtRhrEjmr0
HZBb5Y/RAkEA2NG4XGTMROCbrGsk7D3oRUxaqMKGfcozWZh7vFL1zDdWb9t46YBU
eVZibjmbhhbdzBJfya2HoaT3UZD06aBDYwJBAKd0qipe2jw+h0Le2+LbO9qwC9zi
Cql8mDbE4+lY4MQ7C1M2PILfGB3NDTvw04KSRcKN2QB5Jm7ps/ezR4y000ECQCkI
j76UqQAEDhI0eNlo4fNzftjfb7qQsOUs8YXzoWcTtf0XaSuvyMzp51j6+A8JdtJv
S8eMWtXhtZivOVqZpQcCQBM8QyzWp9xLWlNIBYOX3WfYpF8k5/8IP3OUotlgwMuc
WMoci7ghf7+HhdKTx2Dsr02wwGRUAMX2RVNb6QGvcTc=
-----END RSA PRIVATE KEY-----
Raw
media-service.conf
# Location: /usr/local/etc/nginx/servers/media-service.conf
# Media API 9001
server {
server_name api.media.example.com;
listen 443;
keepalive_timeout 70;
ssl on;
ssl_certificate /usr/local/etc/nginx/certs/api.media.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/private/api.media.example.com.key;
location / {
proxy_pass http://localhost:9001;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# Image Loader 9003
server {
server_name loader.media.example.com;
listen 443;
keepalive_timeout 70;
ssl on;
ssl_certificate /usr/local/etc/nginx/certs/loader.media.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/private/loader.media.example.com.key;
location / {
proxy_pass http://localhost:9003;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# Kahuna 9005
server {
server_name media.example.com;
listen 443;
keepalive_timeout 70;
ssl on;
ssl_certificate /usr/local/etc/nginx/certs/media.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/private/media.example.com.key;
location / {
proxy_pass http://localhost:9005;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# Cropper 9006
server {
server_name cropper.media.example.com;
listen 443;
keepalive_timeout 70;
ssl on;
ssl_certificate /usr/local/etc/nginx/certs/cropper.media.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/private/cropper.media.example.com.key;
location / {
proxy_pass http://localhost:9006;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# Metadata Editor 9007
server {
server_name media-metadata.example.com;
listen 443;
keepalive_timeout 70;
ssl on;
ssl_certificate /usr/local/etc/nginx/certs/media-metadata.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/private/media-metadata.example.com.key;
location / {
proxy_pass http://localhost:9007;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# Imgops 9008
server {
server_name media-imgops.example.com;
listen 443;
keepalive_timeout 70;
ssl on;
ssl_certificate /usr/local/etc/nginx/certs/media-imgops.example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/private/media-imgops.example.com.key;
location / {
proxy_pass http://localhost:9008;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# usage 9009
# Note: Usage is a guardian specific service and it doesn't make sense to run it.
Raw
media.example.com.crt
# Location: /usr/local/etc/nginx/certs/media.example.com.crt
-----BEGIN CERTIFICATE-----
MIICcTCCAdoCCQDrgUcHPcI5aDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRowGAYDVQQLExFtZWRpYS5leGFtcGxlLmNvbTEaMBgGA1UEAxMR
bWVkaWEuZXhhbXBsZS5jb20wHhcNMTUxMTE2MjMxMDA2WhcNMTUxMjE2MjMxMDA2
WjB9MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMY
SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQLExFtZWRpYS5leGFtcGxl
LmNvbTEaMBgGA1UEAxMRbWVkaWEuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAMKvalfwbsR17pdikOQmMbXkvocrbYjyOwuLG7OODSI2Hhhx
qwbw2R91y3wL340e+1Sz48P3xyvEx4gw+8TX+Md4y7KPYl1lVeU2kn6Iy1KPNVwJ
m6zRw2+53v1prle9nwfVEESExqAkxiNS6rMbNekV6NvMRu6IsWnSS0lqUciFAgMB
AAEwDQYJKoZIhvcNAQEFBQADgYEAMXw8lY3GxjSV9CCBYMeR66mV2ciFyhxPZtkP
s6Xdywqx7S1Jx2X23yx9XkZ1DRR/2sqUvuL9wI5U2h3+oT9CSgoZyUaJgqKGb+G1
2X4ZNozVXhIjS1Ji9sfZe1ms6oEH3Qg2E9Pq1TP6x/Slc9iAfz1wMQUyn9zv7dTE
TIJXye8=
-----END CERTIFICATE-----
Raw
media.example.com.key
# Location: /usr/local/etc/nginx/private/media.example.com.key
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDCr2pX8G7Ede6XYpDkJjG15L6HK22I8jsLixuzjg0iNh4YcasG
8Nkfdct8C9+NHvtUs+PD98crxMeIMPvE1/jHeMuyj2JdZVXlNpJ+iMtSjzVcCZus
0cNvud79aa5XvZ8H1RBEhMagJMYjUuqzGzXpFejbzEbuiLFp0ktJalHIhQIDAQAB
AoGAXSrbRnhOWgBiDNpjontQwM5WC5PR2H6rmQuaVyQ8zsl9P49uHGU4UuDpX1TD
R+KyvkdUUZ0LGLwUDO38HqiIaf5xot+AJ8G/ZRM1o4HfhW0W9X8naeQMpjRdDKlx
sp0E88inG8MPZiAoi+lE0WfnpOkfIxJuFJxTiqNnmuuHkSUCQQD3KKFdXpammvY3
GDhxG7CbABgHSt1GBK7v1yNizViuSi0R7sRIVVVfNaMg740z4ARg59/C447GMCre
HabqNHf/AkEAyaZBkKzDHRAT8dDjYzix0zIid+38tpoX4f5f8/Bh1AjY2v2dgWGv
E3IFf488CM842QyKgAMnhFaQh7aS+WvfewJAdEuM6fcY4dnmYnQmEqqZxcUciUnj
pg+MFNRhFRtUT+YdIOP9PZ/RZNRDJrsw8KjGxqY0NmqGgqClew/uuyLnFwJBAJzp
X3mpxcY2vZ5c0qRh+JYEHChAq3aYH99+psHWmvl4zO5TjZ2hGrBB+J9TIP8l6PGU
va1xRu3Gwn6ohmPKGkMCQQCvmXEFMU4wdKat1N7ukJ4cGkpwy7iqr0592QZ/Fy7b
yeVJKTwZpBlZeoKlMDRN39xzJbZ8G3i8kbsHrU1mNW12
-----END RSA PRIVATE KEY-----
@livmackintosh
Copy link

For anyone using this, I think the OAuth URLs should be: https://media-auth.example.com and https://media-auth.example.com/oauthCallback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment