lpasquali
commented
3 years ago @simboss @etj @randomorder
As Simone asked I am presenting the result of investigation, I limited the research to two solutions:
- one on the ckan-vm docker system
- one azure managed services oriented
Solution 1 Addition to existing docker-compose of an nginx+letsencrypt proxy
With this addition to here and somem more addition to provisioning script I made for provisioning nginx configuration:
swag:
image: ghcr.io/linuxserver/swag
container_name: swag
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- URL=${CKAN_SITE_URL}
- SUBDOMAINS=www,
- VALIDATION=http
- EMAIL=admin@${CKAN_SITE_URL} #optional
- ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS= #optional
- STAGING=false #optional
volumes:
- $HOME/nginx/config:/config
ports:
- 443:443
- 80:80 #optional
restart: unless-stoppedI could start http and https on the ckan-vm using everything that comes with it (fqdn, public address) this would should be not long, and I probably do it in a couple of hours
Solution 2 Azure application Gateway
This solution would use a managed service, but even if managed there would be needed more effort tha namagin a few bash scripts and the docker composition as in Solutions 1, also this solution comes with no https by default and must be handled and automated, it probably would require one day to be implemented: https://docs.microsoft.com/en-us/azure/application-gateway/overview
considered costs of 1 (almost none as vm is already up for ckan) and time of producing a good implementation of 2 I'd endorse Solution 1
etj
At the moment the access is on port 5000 exposed by CKAN.
Allow only access to 80 (or 443).