Closed ericpassmore closed 6 months ago
The domain name we use renews on 2023-12-20, but the existing payment method is no longer valid because it was associated with an employee who has left the ENF. I am collaborating with leadership to update the payment method.
As discussed via IM, we agreed to put this ticket on ice until the domain renewal is complete. This work is being tracked in engineering issue 82.
This is done. The domain name has been DMed.
I think it would be good to share the same information I did via IM here, on the ticket.
---
title: Architecture
---
flowchart TB
subgraph cf["`☁️ **Cloudflare**`"]
dns["📑 DNS"]
cert1["🎫 Certificate"]
waf["🔥 Web Application Firewall<br/>🗝️ TLS Termination<br/>🚧 Edge"]
rule["📜 Rules"]
end
subgraph aws["`☁️ **AWS**`"]
lb["🔀 Application Load Balancer<br/>🗝️ TLS Termination"]
cert2["🎫 Certificate"]
tg["🎯 Target Group"] & hc["🌡️ Health Check"]
vm["🐧 Server"]
end
subgraph clients["`👥 **Clients**`"]
client1["💻"]
client2["📱"]
client3["🖥️"]
end
tg <---> |🔓<br/>HTTP:80/1.1| vm
tg -.-x hc
hc ----> |🔓<br/>HTTP:80/1.1<br/>/healthcheck| vm
lb <---> |🔓<br/>HTTP:80/1.1| tg
lb ----- cert2
lb <---> |🔐<br/>HTTP/2<br/>TLS 1.2-1.3| waf
dns -.-x cert2
dns -.-x cert1
cert1 ~~~ cert2
waf -.- dns
waf ---- cert1
waf -.- rule
waf <---> |🔐<br/>HTTP/2<br/>TLS 1.2-1.3| client1
waf <---> |🔐<br/>HTTP/2<br/>TLS 1.2-1.3| client2
waf <---> |🔐<br/>HTTP/2<br/>TLS 1.2-1.3| client3
The nginx
config on the server was not touched.
resolved, fixed security groups to restrict access to hosts-instances
Need a DNS A name record to the replay test main orchestration service. Host name should be
replay
. No preference on the root or 2nd level domain. Have a static public IP address that will be provided when ready.This DNS name is needed for HTTPS, and to register callbacks for oAuth applications. Specifically will be doing github oAuth to authenticate users for web access to replay tests.