Notify PaaS Route Service
This is a Nginx application which is a proxy for all apps that run on the PaaS and restricts access to them by IP address.
If a user's IP address is not in our allowed list then we can instead allow access using a username and password.
We currently use this in preview and staging to make sure only our team can access our preview and staging environments.
Requirements
- Cloud Foundry CLI (https://docs.cloudfoundry.org/cf-cli/install-go-cli.html)
- Jinja CLI. You can install this using
pip install jinja2-cli
.
Deployment
The default application name is "route-service". If you want to change this (or you want to deploy multiple route services), set the PAAS_APP_NAME environment variable for the make commands.
The default domain name is "cloudapps.digital". If you want to change this (or you want to bind to different domains), set the PAAS_DOMAIN environment variable for the make commands.
The secret values are read from the notifications-credentials repository using pass, so you have to set the NOTIFY_CREDENTIALS environment variable to your local credentials repository path. The values are read from credentials/http_auth/notify/password
.
The instance count can be set with the PAAS_INSTANCES environment variable (1 by default).
Deploying the route service application
If you're deploying the very first time, simply run:
make <PaaS space> cf-push
For zero-downtime deployments use the following command:
make <PaaS space> cf-deploy
If the zero-downtime deployment couldn't finish you can rollback to the previous version:
make <PaaS space> cf-rollback
Registering the application as a user-provided service
You only need to do this once per PaaS space.
make <PaaS space> cf-create-route-service
Register the application as a route-service for a route
You only need to do this once per PaaS space and for all routes.
make <PaaS space> <app_name> cf-bind-route-service
Where app_name
either admin
or api
which will bind the www.
or api.
subdomain respectively.
Complete installation example
In this example we are deploying the route service to preview and binding two applications to it, which are accessible on app-01.cloudapps.digital and app-02.cloudapps.digital.
# First installation:
make preview cf-push
make preview cf-create-route-service
# Run this for every applicaton once
make preview cf-bind-route-service SUBDOMAIN=app-01
make preview cf-bind-route-service SUBDOMAIN=app-02
# For any future deployments only run:
make preview cf-deploy