#11842 AWS: create Cloudfront distribution for openQA cloud
Closed: Fixed a month ago by kevin. Opened a month ago by dbrouwer.

Describe what you would like us to do:

Hi! For the next phase in our proof-of concept cloud openQA deployment we need to have an https domain name - something like - "https://openqa.exp.fedoraproject.org" with SSL/TLS certificates.

I discussed this with @adamwill and I think we're open to suggestions about the best way to proceed, but @dcavalca mentioned that the easiest approach might be to create an AWS distribution for our existing EC2 webserver and then adding a CNAME for our domain name.

I don't have permission to create a distribution, so, would you please create a distribution for our origin domain:
i-0793458d18be115e2 (openqa-exp)

When do you need this to be done by? (YYYY/MM/DD)

At your convenience, but please let me know if you think it's going to be a problem or very long delay so we can look at other ways to keep the project moving forward :)

This should be doable... we typically use the 'fedorainfracloud.org' domain for resources all in the cloud.

Would a openqa.fedorainfracloud.org or the like work for the hostname?

Yes that would be 100% fine and great - thanks!

Metadata Update from @phsmoura:
- Issue assigned to kevin
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, low-trouble, ops

a month ago

Hi Kevin - Just a heads up I am changing the configuration so that we are not using a bare metal EC2 for the web server. If you look for the "FedoraGroup=qa" tag you'll see the instances i'm working with including the proposed "openqa-webserver".

ok, so what should I use for Origin domain/path here? Once I have that I can create the cloudfront distrib, then set dns to point openqa.fedorainfracloud.org to that right?

Do you just want me to add a 'openqa-nocache.fedorainfracloud.org' pointing to your instance/elasticip and use that?

Also, re-reading this, you may not actually want caching here, you just want a dns name pointing to your setup?
Or do you need the caching?

Happy to do whatever to get you moving forward.

Can we use the dns "openqa.fedorainfracloud.org" as the origin domain/path for the cloudfront distribution?

Then point the dns name to the openqa webserver is on Elastic IP using the non-privileged port 1443.

And yes please disable all the caching since the openqa tests are constantly working/updating.

Well, if you don't need any caching at this point, perhaps I just set dns to that ip and you handle things directly?

But I guess you wanted cloudfront to deal with ssl?
Other options: certbot, apache mod_md ?

DNS to that ip would be great.

Yes, whatever is easiest for ssl certs, it definitely doesn't have to be cloudfront.

ok. Added. Should be live in a few minutes.

If you want to look at just using certbot or mod_md on the instance, that should be pretty simple... can you investigate that and let us know back here if that doesn't work out and you need us to handle ssl?

Great the dns is working. :)
Yes, I'll investigate more the ssl options and let you know. Thanks very much for your help.

Sorry this has taken a while to get to. ;(

I'll close this one now and you can reopen or open a new one with further issues?

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a month ago

Login to comment on this ticket.

Boards 1
ops Status: Backlog