This commit is contained in:
46
README.md
46
README.md
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
**Status**: Actively in development ⚠️
|
**Status**: Actively in development ⚠️
|
||||||
|
|
||||||
A modern IPTV management system that leverages AWS Cognito for secure user authentication and provides tools for EPG generation, stream validation, and cloud deployment via AWS CDK.
|
A modern IPTV management system that leverages AWS Cognito for secure user authentication and provides tools for EPG generation, stream validation, and cloud deployment via AWS CDK. It automatically provisions infrastructure, including an EC2 instance running the application behind Nginx, and uses `acme.sh` with FreeDNS for automated SSL certificate management.
|
||||||
|
|
||||||
## Key Features
|
## Key Features
|
||||||
|
|
||||||
@@ -11,7 +11,7 @@ A modern IPTV management system that leverages AWS Cognito for secure user authe
|
|||||||
- **User Authentication**:
|
- **User Authentication**:
|
||||||
- AWS Cognito integration for secure user sign-in
|
- AWS Cognito integration for secure user sign-in
|
||||||
- JWT token generation & validation
|
- JWT token generation & validation
|
||||||
- Role-based access control (RBAC) with the `require_roles` decorator
|
- Role-based access control (RBAC) with the [`require_roles`](app/auth/dependencies.py) decorator
|
||||||
(_Endpoints include both general and admin-protected routes_)
|
(_Endpoints include both general and admin-protected routes_)
|
||||||
|
|
||||||
- **Stream & EPG Management**:
|
- **Stream & EPG Management**:
|
||||||
@@ -21,8 +21,11 @@ A modern IPTV management system that leverages AWS Cognito for secure user authe
|
|||||||
|
|
||||||
- **Deployment & Infrastructure**:
|
- **Deployment & Infrastructure**:
|
||||||
- Infrastructure provisioning using AWS CDK ([`app.py`](app.py), [`infrastructure/stack.py`](infrastructure/stack.py))
|
- Infrastructure provisioning using AWS CDK ([`app.py`](app.py), [`infrastructure/stack.py`](infrastructure/stack.py))
|
||||||
|
- Automated SSL certificate provisioning using `acme.sh` and FreeDNS DNS API.
|
||||||
|
- Nginx configured as a reverse proxy with SSL termination.
|
||||||
- Deployment scripts to deploy/destroy the stack and update running instances ([`scripts/deploy.sh`](scripts/deploy.sh), [`scripts/destroy.sh`](scripts/destroy.sh))
|
- Deployment scripts to deploy/destroy the stack and update running instances ([`scripts/deploy.sh`](scripts/deploy.sh), [`scripts/destroy.sh`](scripts/destroy.sh))
|
||||||
- Environment configuration driven by a `.env` file ([`app/utils/constants.py`](app/utils/constants.py))
|
- Environment configuration driven by a `.env` file ([`.env`](.env), [.env.example](.env.example))
|
||||||
|
- Gitea Actions workflow for automated deployment on push ([`.gitea/workflows/aws_deploy_on_push.yml`](.gitea/workflows/aws_deploy_on_push.yml)), compatible with minor changes for GitHub Actions.
|
||||||
|
|
||||||
🛠️ **In Progress**
|
🛠️ **In Progress**
|
||||||
|
|
||||||
@@ -33,6 +36,17 @@ A modern IPTV management system that leverages AWS Cognito for secure user authe
|
|||||||
|
|
||||||
## Installation & Deployment
|
## Installation & Deployment
|
||||||
|
|
||||||
|
### Prerequisites
|
||||||
|
|
||||||
|
- AWS Account and configured AWS CLI credentials.
|
||||||
|
- Node.js and npm installed (for AWS CDK).
|
||||||
|
- Python 3.8+ and pip installed.
|
||||||
|
- `uv` installed (`pip install uv`).
|
||||||
|
- A domain name hosted on FreeDNS.
|
||||||
|
- FreeDNS API credentials (username and password).
|
||||||
|
- An email address for Let's Encrypt registration.
|
||||||
|
- An SSH public key to access the EC2 instance.
|
||||||
|
|
||||||
### Local Setup
|
### Local Setup
|
||||||
|
|
||||||
1. **Clone the repository:**
|
1. **Clone the repository:**
|
||||||
@@ -52,7 +66,13 @@ A modern IPTV management system that leverages AWS Cognito for secure user authe
|
|||||||
|
|
||||||
3. **Configure environment variables:**
|
3. **Configure environment variables:**
|
||||||
|
|
||||||
Copy `.env.example` to `.env` and update credentials as needed.
|
Copy [.env.example](.env.example) to `.env` and update the credentials and domain information. You will need to provide:
|
||||||
|
- `FREEDNS_User`: Your FreeDNS username.
|
||||||
|
- `FREEDNS_Password`: Your FreeDNS password.
|
||||||
|
- `DOMAIN_NAME`: Your domain name registered with FreeDNS.
|
||||||
|
- `SSH_PUBLIC_KEY`: Your SSH public key string.
|
||||||
|
- `REPO_URL`: The URL of this git repository.
|
||||||
|
- `LETSENCRYPT_EMAIL`: The email address for Let's Encrypt notifications.
|
||||||
|
|
||||||
### Deploying Infrastructure
|
### Deploying Infrastructure
|
||||||
|
|
||||||
@@ -70,9 +90,11 @@ The project uses AWS CDK to provision the required AWS resources.
|
|||||||
./scripts/deploy.sh
|
./scripts/deploy.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
This script will read variables from your `.env` file, synthesize the CDK stack, deploy it to AWS, and then use AWS SSM to update the application code on the newly created EC2 instance. The EC2 instance's userdata script will handle the installation of dependencies, Nginx, `acme.sh`, and the initial certificate provisioning using the FreeDNS API credentials passed via environment variables.
|
||||||
|
|
||||||
3. **Update application on running instances:**
|
3. **Update application on running instances:**
|
||||||
|
|
||||||
The deployment script also updates code on EC2 instances automatically via AWS SSM.
|
The deployment script ([`scripts/deploy.sh`](scripts/deploy.sh)) automatically updates the application code on running instances after the initial deployment. You can re-run this script to pull the latest code and restart the service without destroying and recreating the infrastructure.
|
||||||
|
|
||||||
4. **Destroy the stack:**
|
4. **Destroy the stack:**
|
||||||
|
|
||||||
@@ -80,9 +102,20 @@ The project uses AWS CDK to provision the required AWS resources.
|
|||||||
./scripts/destroy.sh
|
./scripts/destroy.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
This script will read variables from your `.env` file and destroy all resources created by the CDK stack.
|
||||||
|
|
||||||
|
### Automated Deployment (Gitea Actions)
|
||||||
|
|
||||||
|
The repository includes a Gitea Actions workflow definition at [`.gitea/workflows/aws_deploy_on_push.yml`](.gitea/workflows/aws_deploy_on_push.yml). This workflow is triggered on pushes to the `main` branch and automates the deployment process using AWS CDK and SSM. This workflow is largely compatible with GitHub Actions with minimal modifications.
|
||||||
|
|
||||||
|
To use the automated deployment:
|
||||||
|
|
||||||
|
1. Configure the required secrets (`AWS_ACCESS_KEY`, `AWS_SECRET_KEY`, `FREEDNS_USER`, `FREEDNS_PASSWORD`, `DOMAIN_NAME`, `SSH_PUBLIC_KEY`, `REPO_URL`, `LETSENCRYPT_EMAIL`) in your Gitea repository settings.
|
||||||
|
2. Push changes to the `main` branch.
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
- **API Endpoints**:
|
- **API Endpoints**: The application will be accessible via HTTPS on your configured domain name.
|
||||||
- Sign-in: `/signin`
|
- Sign-in: `/signin`
|
||||||
- Protected endpoints: `/protected` and `/protected_admin`
|
- Protected endpoints: `/protected` and `/protected_admin`
|
||||||
|
|
||||||
@@ -97,3 +130,4 @@ The project uses AWS CDK to provision the required AWS resources.
|
|||||||
|
|
||||||
- This project is under active development. Expect additional functionality and improvements in upcoming releases.
|
- This project is under active development. Expect additional functionality and improvements in upcoming releases.
|
||||||
- For deployment details and troubleshooting, refer to the deployment scripts and AWS CDK documentation.
|
- For deployment details and troubleshooting, refer to the deployment scripts and AWS CDK documentation.
|
||||||
|
- Ensure your FreeDNS API credentials and domain name are correctly configured in the `.env` file for `acme.sh` to function correctly.
|
||||||
|
|||||||
Reference in New Issue
Block a user