Goals

  • Use https (through load balancer)
  • Redirect all port 80 traffic to 443
  • Redirect all www and * traffic to https://psd401.net
  • Keep old site live at http://old.psd401.net
  • Currently a placeholder until Joomla is deployed to the Amazon Cloud

Observations of old DNS

Private DNS
  • www is a CNAME to vmnocwsapache06.psd401.net.
  • (Same as parent folder) is a Host pointed to 172.16.1.19 (vmnocwsapache06)
    • Cannot make a CNAME for the parent folder
  • joomla3test.psd401.net is a CNAME to vmnocwsapache06.psd401.net.
Public DNS
  • www, * and @ are Hosts pointed to 168.212.245.19
  • Firewall directs 168.212.245.19 to apache06 at 172.16.1.19 on the Outside-PSD interface.

Changes made July 1st 2015

Private DNS
  • www and wwwtest set as a CNAME to vmnocwsldblnc01.psd401.net.
  • (Same as parent folder) set as a Host to 172.16.1.110
Public DNS
  • www, * and @ set as a CNAME to vmnocwsldblnc01.psd401.net
    • vmnocwsldblnc01.psd401.net is currently a Host to 168.212.245.70
  • Firewall directs 168.212.245.70 to the load balancer at 172.16.1.110
Load balancer configuration
  • Created conf at /etc/nginx/sites-available/psd401.net
    • Linked ln -s /etc/nginx/sites-available/psd401.net /etc/nginx/sites-enabled/psd401.net
  • Redirect incomming psd401.net traffic to https ssl
  • Create a default server for the load balancer to direct all unmatched sites to PSD home.
  • psd upstream to joomla3test.psd401.net

Here is /etc/nginx/sites-available/psd401.net in all it's glory

Redirect port 80 to 443
server {  
  listen 80;
  server_name psd401.net;
  rewrite ^/(.*) https://psd401.net/$1 permanent;
}
Redirect www to PSD home on 80 and 443
server {  
  listen 80;
  listen 443;
  server_name www.psd401.net;
  rewrite ^/(.*) https://psd401.net/$1 permanent;
}
Redirect wwwtest to PSD home on 80 and 443
server {  
  listen 80;
  listen 443;
  server_name wwwtest.psd401.net;
  rewrite ^/(.*) https://psd401.net/$1 permanent;
}
Redirect wildcard non matching requests to PSD home
server {  
  listen 443;
  listen 80 default_server;
  rewrite ^/(.*) https://psd401.net/$1 permanent;
}
Dynamic upstream to direct traffic to current joomla3test, change at a later time
upstream psdserver {  
  server joomla3test.psd401.net;
}
The primary server config that handles forwarding
server {  
  listen 443 ssl;
  server_name psd401.net;

  location / {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
    proxy_set_header Host psdserver;
    dav_methods PUT DELETE;
    proxy_pass http://psdserver;
    fastcgi_read_timeout 60000;
    fastcgi_send_timeout 60000;
    send_timeout 60000;
    proxy_read_timeout 60000;
    proxy_send_timeout 60000;
  }
}

Changes yet to be made

  • Migrate Joomla3test to it's final resting place on Amazon's Cloud running inside an immutable Docker container image
  • Update load balancer upstream to point to Amazon's Cloud
  • Upload nginx configuration to Amazon Cloud load balancer