Home/iptv-manager-service
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added SSL cert generation and installation. Moved variables to ENV
All checks were successful
AWS Deploy on Push / build (push) Successful in 4m15s
Details

Browse Source
This commit is contained in:
Stefano Fiorini
2025-05-20 12:45:55 -05:00
parent 5bc7a72a92
commit 732667cf64
8 changed files with 102 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example Normal file
View File

@@ -0,0 +1,3 @@
FREEDNS_User=MyFreeDNSUsername
FREEDNS_Password=MyFreeDNSPassword
DOMAIN_NAME=mydomain.com

4
.gitea/workflows/aws_deploy_on_push.yml
View File

@@ -39,6 +39,10 @@ jobs:
- name: Deploy to AWS - name: Deploy to AWS
run: cdk deploy --app="python3 ${PWD}/app.py" --require-approval=never run: cdk deploy --app="python3 ${PWD}/app.py" --require-approval=never
env:
FREEDNS_User: ${{ secrets.FREEDNS_USER }}
FREEDNS_Password: ${{ secrets.FREEDNS_PASSWORD }}
DOMAIN_NAME: ${{ secrets.DOMAIN_NAME }}
- name: Install AWS CLI - name: Install AWS CLI
run: | run: |

3
.vscode/settings.json vendored
View File

@@ -11,11 +11,14 @@
"dotenv", "dotenv",
"fastapi", "fastapi",
"fiorinis", "fiorinis",
"freedns",
"fullchain",
"gitea", "gitea",
"iptv", "iptv",
"nohup", "nohup",
"passlib", "passlib",
"pyjwt", "pyjwt",
"reloadcmd",
"starlette", "starlette",
"stefano", "stefano",
"uvicorn", "uvicorn",

23
app.py
View File

@@ -1,7 +1,28 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import os
import aws_cdk as cdk import aws_cdk as cdk
from infrastructure.stack import IptvUpdaterStack from infrastructure.stack import IptvUpdaterStack
app = cdk.App() app = cdk.App()
IptvUpdaterStack(app, "IptvUpdater")
# Read environment variables for FreeDNS credentials
freedns_user = os.environ.get("FREEDNS_User")
freedns_password = os.environ.get("FREEDNS_Password")
domain_name = os.environ.get("DOMAIN_NAME")
if not freedns_user or not freedns_password:
raise ValueError("FREEDNS_User and FREEDNS_Password environment variables must be set.")
if not domain_name:
raise ValueError("DOMAIN_NAME environment variable must be set.")
IptvUpdaterStack(app, "IptvUpdaterStack",
freedns_user=freedns_user,
freedns_password=freedns_password,
domain_name=domain_name,
# If you don't specify 'env', the stack will be deployed to the account and region that are
# configured in your AWS CLI profile. Defaulting to the environment where the CLI is configured.
# env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),
)
app.synth() app.synth()

21
infrastructure/stack.py
View File

@@ -11,7 +11,15 @@ from aws_cdk import (
from constructs import Construct from constructs import Construct
class IptvUpdaterStack(Stack): class IptvUpdaterStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: def __init__(
self,
scope: Construct,
construct_id: str,
freedns_user: str,
freedns_password: str,
domain_name: str,
**kwargs
) -> None:
super().__init__(scope, construct_id, **kwargs) super().__init__(scope, construct_id, **kwargs)
# Create VPC # Create VPC
@@ -151,11 +159,20 @@ class IptvUpdaterStack(Stack):
# Creates a userdata object for Linux hosts # Creates a userdata object for Linux hosts
userdata = ec2.UserData.for_linux() userdata = ec2.UserData.for_linux()
# Add environment variables for acme.sh from parameters
userdata.add_commands(
f'export FREEDNS_User="{freedns_user}"',
f'export FREEDNS_Password="{freedns_password}"',
f'export DOMAIN_NAME="{domain_name}"'
)
# Adds one or more commands to the userdata object. # Adds one or more commands to the userdata object.
userdata.add_commands( userdata.add_commands(
f'echo "COGNITO_USER_POOL_ID={user_pool.user_pool_id}" >> /etc/environment', f'echo "COGNITO_USER_POOL_ID={user_pool.user_pool_id}" >> /etc/environment',
f'echo "COGNITO_CLIENT_ID={client.user_pool_client_id}" >> /etc/environment', f'echo "COGNITO_CLIENT_ID={client.user_pool_client_id}" >> /etc/environment',
f'echo "COGNITO_CLIENT_SECRET={client.user_pool_client_secret.to_string()}" >> /etc/environment' f'echo "COGNITO_CLIENT_SECRET={client.user_pool_client_secret.to_string()}" >> /etc/environment',
f'echo "DOMAIN_NAME={domain_name}" >> /etc/environment'
) )
userdata.add_commands(str(userdata_file, 'utf-8')) userdata.add_commands(str(userdata_file, 'utf-8'))

24
infrastructure/userdata.sh
View File

@@ -32,11 +32,33 @@ Restart=always
WantedBy=multi-user.target WantedBy=multi-user.target
EOF EOF
# Install and configure acme.sh
curl https://get.acme.sh | sh -s email=stefano@fiorinis.com
# Configure acme.sh to use DNS API for FreeDNS
. "/root/.acme.sh/acme.sh.env"
acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME}
sudo mkdir -p /etc/nginx/ssl
acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \
--key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \
--fullchain-file /etc/nginx/ssl/cert.pem \
--reloadcmd "service nginx force-reload"
# Create nginx config # Create nginx config
cat << 'EOF' > /etc/nginx/conf.d/iptvUpdater.conf cat << 'EOF' > /etc/nginx/conf.d/iptvUpdater.conf
server { server {
listen 80; listen 80;
server_name $HOSTNAME; server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem;
location / { location / {
proxy_pass http://127.0.0.1:8000; proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host; proxy_set_header Host $host;

13
scripts/deploy.sh
View File

@@ -1,7 +1,18 @@
#!/bin/bash #!/bin/bash
# Load environment variables from .env file if it exists
if [ -f .env ]; then
export $(cat .env | xargs)
fi
# Check if required environment variables are set
if [ -z "$FREEDNS_User" ] || [ -z "$FREEDNS_Password" ] || [ -z "$DOMAIN_NAME" ]; then
echo "Error: FREEDNS_User, FREEDNS_Password, and DOMAIN_NAME must be set as environment variables or in a .env file."
exit 1
fi
# Deploy infrastructure # Deploy infrastructure
cdk deploy cdk deploy --app="python3 ${PWD}/app.py"
# Update application on running instances # Update application on running instances
INSTANCE_IDS=$(aws ec2 describe-instances \ INSTANCE_IDS=$(aws ec2 describe-instances \

17
scripts/destroy.sh
View File

@@ -1,4 +1,19 @@
#!/bin/bash #!/bin/bash
# Load environment variables from .env file if it exists
if [ -f ${PWD}/.env ]; then
export $(cat ${PWD}/.env | xargs)
fi
# Check if required environment variables are set
if [ -z "$FREEDNS_User" ] || [ -z "$FREEDNS_Password" ] || [ -z "$DOMAIN_NAME" ]; then
echo "Error: FREEDNS_User, FREEDNS_Password, and DOMAIN_NAME must be set as environment variables or in a .env file."
exit 1
fi
# Optional: Print the variables being used (for verification)
echo "Using DOMAIN_NAME: $DOMAIN_NAME"
echo "Using FREEDNS_User: $FREEDNS_User" # Be cautious printing passwords
# Destroy infrastructure # Destroy infrastructure
cdk destroy --force cdk destroy --app="python3 ${PWD}/app.py" --force