WorldWideTelescope
/
wwt-terraform-infra
зеркало из https://github.com/WorldWideTelescope/wwt-terraform-infra.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
wwt-terraform-infra/prod/web-frontend.tf

420 строки
11 KiB
HCL
Исходник Ответственный История

# Terraform definitions of WWT's web frontend: the App Gateway etc.
resource "azurerm_resource_group" "web_frontend_legacy" {
name = var.legacyNameFrontendGroup
location = var.location
lifecycle {
prevent_destroy = true
}
}
# The App Gateway and supporting resources
resource "azurerm_public_ip" "frontend" {
name = "wwtappgw1-pip1"
resource_group_name = azurerm_resource_group.web_frontend_legacy.name
location = azurerm_resource_group.web_frontend_legacy.location
sku = "Standard"
allocation_method = "Static"
lifecycle {
prevent_destroy = true
}
}
resource "azurerm_virtual_network" "frontend" {
name = "wwtbackend-rm-vnet"
location = azurerm_resource_group.web_frontend_legacy.location
resource_group_name = azurerm_resource_group.web_frontend_legacy.name
address_space = ["192.168.0.0/16"]
subnet {
name = "subnet-1"
address_prefix = "192.168.1.0/24"
}
subnet {
name = "GatewaySubnet"
address_prefix = "192.168.0.0/24"
}
lifecycle {
prevent_destroy = true
}
}
resource "azurerm_user_assigned_identity" "gateway" {
name = "wwtappgw1-ssl-mgd-identity"
resource_group_name = azurerm_resource_group.web_frontend_legacy.name
location = azurerm_resource_group.web_frontend_legacy.location
}
resource "azurerm_application_gateway" "frontend" {
name = "wwtappgw1"
resource_group_name = azurerm_resource_group.web_frontend_legacy.name
location = azurerm_resource_group.web_frontend_legacy.location
enable_http2 = true
sku {
name = "Standard_v2"
tier = "Standard_v2"
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.gateway.id]
}
autoscale_configuration {
max_capacity = 20
min_capacity = 2
}
frontend_ip_configuration {
name = "appGwPublicFrontendIp"
public_ip_address_id = azurerm_public_ip.frontend.id
}
frontend_port {
name = "port_80"
port = 80
}
frontend_port {
name = "port_443"
port = 443
}
gateway_ip_configuration {
name = "appGatewayIpConfig"
subnet_id = "${azurerm_virtual_network.frontend.id}/subnets/subnet-1"
}
http_listener {
name = "anyhost-http"
frontend_ip_configuration_name = "appGwPublicFrontendIp"
frontend_port_name = "port_80"
protocol = "Http"
}
http_listener {
name = "anyhost-https"
frontend_ip_configuration_name = "appGwPublicFrontendIp"
frontend_port_name = "port_443"
protocol = "Https"
ssl_certificate_name = "anyhost-httpsvaultCert"
}
# Backend address pools
backend_address_pool {
# Although this backend is no longer used, if you try to get rid of it,
# Terraform gets confused and wants to rewrite all of the other backends.
name = "wwtappgw1-vm-backend"
fqdns = ["10.0.0.4", "10.0.0.5"]
}
backend_address_pool {
name = "wwtappgw1-proxy-backend"
fqdns = [azurerm_linux_web_app.core_proxy.default_hostname]
}
backend_address_pool {
name = "wwtappgw1-static-backend"
fqdns = [azurerm_storage_account.permanent_data_staticweb.primary_web_host]
}
backend_address_pool {
name = "wwtappgw1-nginx-core-prod-backend"
fqdns = [azurerm_linux_web_app.core_nginx.default_hostname]
}
backend_address_pool {
name = "wwtappgw1-core-data-backend"
fqdns = [azurerm_linux_web_app.data.default_hostname]
}
backend_address_pool {
name = "wwtappgw1-core-mvc-backend"
fqdns = [azurerm_windows_web_app.communities.default_hostname]
}
# Backend HTTP settings
backend_http_settings {
name = "webstatic-http-setting"
affinity_cookie_name = "ApplicationGatewayAffinity"
cookie_based_affinity = "Disabled"
host_name = azurerm_storage_account.permanent_data_staticweb.primary_web_host
port = 80
protocol = "Http"
request_timeout = 20
}
backend_http_settings {
name = "rehost-http-setting"
affinity_cookie_name = "ApplicationGatewayAffinity"
cookie_based_affinity = "Disabled"
pick_host_name_from_backend_address = true
port = 80
protocol = "Http"
request_timeout = 20
trusted_root_certificate_names = []
}
backend_http_settings {
name = "corevm-http-setting"
affinity_cookie_name = "ApplicationGatewayAffinity"
cookie_based_affinity = "Disabled"
host_name = "worldwidetelescope.org"
pick_host_name_from_backend_address = false
port = 80
protocol = "Http"
request_timeout = 20
trusted_root_certificate_names = []
}
# Request routing rules
request_routing_rule {
name = "anyhost-https-path-routing"
rule_type = "PathBasedRouting"
http_listener_name = "anyhost-https"
url_path_map_name = "anyhost-https-path-routing"
priority = 10020
}
request_routing_rule {
name = "anyhost-http-path-routing"
rule_type = "PathBasedRouting"
http_listener_name = "anyhost-http"
url_path_map_name = "anyhost-http-path-routing"
priority = 10010
}
url_path_map {
name = "anyhost-https-path-routing"
default_backend_address_pool_name = "wwtappgw1-nginx-core-prod-backend"
default_backend_http_settings_name = "rehost-http-setting"
default_rewrite_rule_set_name = "global-cors-and-cache"
path_rule {
name = "proxy1"
backend_address_pool_name = "wwtappgw1-proxy-backend"
backend_http_settings_name = "rehost-http-setting"
rewrite_rule_set_name = "global-cors-and-cache"
paths = [
"/webserviceproxy.aspx",
"/wwtweb/webserviceproxy.aspx",
]
}
path_rule {
name = "nginx-core-prod"
backend_address_pool_name = "wwtappgw1-nginx-core-prod-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/docs/*",
"/getinvolved*",
"/support*",
"/upgrade",
"/webclient",
]
}
path_rule {
name = "core-data"
backend_address_pool_name = "wwtappgw1-core-data-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/wwtweb/*",
]
}
path_rule {
name = "core-mvc"
backend_address_pool_name = "wwtappgw1-core-mvc-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/Community*",
"/Content*",
"/Entity*",
"/File*",
"/LiveId*",
"/Logout*",
"/Profile*",
"/Rating*",
"/RatingConversion*",
"/Resource*",
"/Scripts*",
"/Search*",
"/WebServices*",
]
}
path_rule {
name = "static"
backend_address_pool_name = "wwtappgw1-static-backend"
backend_http_settings_name = "webstatic-http-setting"
paths = [
"/about*",
"/assets/*",
"/complete*",
"/connect*",
"/data/*",
"/download*",
"/engine/*",
"/home*",
"/html5sdk/*",
"/images/*",
"/learn*",
"/style.css",
"/terms*",
"/testing_webclient/*",
"/thumbnails/*",
"/use*",
"/webclient/*",
]
rewrite_rule_set_name = "global-cors-and-cache"
}
}
url_path_map {
name = "anyhost-http-path-routing"
default_backend_address_pool_name = "wwtappgw1-nginx-core-prod-backend"
default_backend_http_settings_name = "rehost-http-setting"
default_rewrite_rule_set_name = "global-cors-and-cache"
path_rule {
name = "proxy-path-rule"
backend_address_pool_name = "wwtappgw1-proxy-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/webserviceproxy.aspx",
"/wwtweb/webserviceproxy.aspx",
]
rewrite_rule_set_name = "global-cors-and-cache"
}
path_rule {
name = "nginx-core-prod"
backend_address_pool_name = "wwtappgw1-nginx-core-prod-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/docs/*",
"/getinvolved*",
"/support*",
"/upgrade",
"/webclient",
]
}
path_rule {
name = "core-data"
backend_address_pool_name = "wwtappgw1-core-data-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/wwtweb/*",
]
}
path_rule {
name = "core-mvc"
backend_address_pool_name = "wwtappgw1-core-mvc-backend"
backend_http_settings_name = "rehost-http-setting"
paths = [
"/Community*",
"/Content*",
"/Entity*",
"/File*",
"/LiveId*",
"/Logout*",
"/Profile*",
"/Rating*",
"/RatingConversion*",
"/Resource*",
"/Scripts*",
"/Search*",
"/WebServices*",
]
}
path_rule {
name = "static"
backend_address_pool_name = "wwtappgw1-static-backend"
backend_http_settings_name = "webstatic-http-setting"
paths = [
"/about*",
"/assets/*",
"/complete*",
"/connect*",
"/data/*",
"/download*",
"/engine/*",
"/home*",
"/html5sdk/*",
"/images/*",
"/learn*",
"/style.css",
"/terms*",
"/testing_webclient/*",
"/thumbnails/*",
"/use*",
"/webclient/*",
]
rewrite_rule_set_name = "global-cors-and-cache"
}
}
rewrite_rule_set {
name = "global-cors-and-cache"
rewrite_rule {
name = "CORS"
rule_sequence = 100
response_header_configuration {
header_name = "Access-Control-Allow-Origin"
header_value = "*"
}
response_header_configuration {
header_name = "Access-Control-Allow-Methods"
header_value = "GET,POST,PUT,DELETE"
}
response_header_configuration {
header_name = "Access-Control-Allow-Headers"
header_value = "Content-Disposition,Content-Encoding,Content-Type,LiveUserToken"
}
}
rewrite_rule {
name = "Fix cache header"
rule_sequence = 100
condition {
ignore_case = true
negate = false
pattern = "/wwtweb/.*"
variable = "var_uri_path"
}
response_header_configuration {
header_name = "Cache-Control"
header_value = "public"
}
}
}
ssl_certificate {
name = "anyhost-httpsvaultCert"
key_vault_secret_id = "https://wwtssl.vault.azure.net/secrets/worldwidetelescope-org/"
}
lifecycle {
prevent_destroy = true
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку