The AMI is the base for the reverse proxy using NginX without configuring any settings. The require settings are loaded at startup and restart from a S3 bucket. This process is in place to allow autoscalling picking up changes without rebuild and deployment of a new AMI.
Before a successful terraform apply can be run following requisites need to be in place.
- Run
terraform applyon ds-infrastructure-web - Add values manually to Systems Manager Parameter Store
- Add values manually to Secrets Manager
- Create several AMIs in ds-ami-build
Running terraform apply on ds-infrastructure-web will create most of the basic networking and services on which private web will run.
The private web installation depends on the existence of a PostgreSQL database.
It is highly recommended to run at least one replica in the live environment.
Use the GitHub Action in ds-ami-build repo to prepare the ami(s) which will be use during terraform apply on **ds-infrastructure-web **.
Most values required will me set during terraform apply in ds-infrastructure-web.
Following values would need to be stored manually in the Systems Manager Parameter Store:
- /application/web/frontend/waf/ip_set - comma separated string containing either a list of allowed or blocked IP address ranges in CIDR notation.
- /infrastructure/certificate-manager/wildcard-certificate-arn - containing the certificate arn for the valid wildcard certificate; might have been put in place by other application installations.
- /infrastructure/certificate-manager/us-east-1-wildcard-certificate-arn - wildcard certificate used by CloudFront; similar to the wildcard certificate for the domain above.
This are database or other secrets which are confidential and should not be saved in a repository.
Please read any documentation in the ds-ami-build repo in regards of the required build for further information.
- NginX instance - web-rp-primer*
- Frontend instance - web-frontend-primer*
Public files uploaded to the web side are stored on EFS which is shared between the reverse proxy and Frontend instances. The mounting point for RP is /var/nationalarchives.gov.uk and for Frontend /app
There is no fixed directory structure in place but it is recommended to follow use root directories for the file families
/css - all css files
/js - all js files
/media - all images and media files
/error-pages - all error pages which are triggered from NginX \