windlessuser · November 8, 2019 21:20
diff --git a/deploy-stack.ts b/deploy-stack.ts
 import cdk = require("@aws-cdk/core");
 import ec2 = require("@aws-cdk/aws-ec2");
 import secretsmanager = require("@aws-cdk/aws-secretsmanager");
 import rds = require("@aws-cdk/aws-rds");
 import ecs = require("@aws-cdk/aws-ecs");
 import ecs_patterns = require("@aws-cdk/aws-ecs-patterns");

 export class DeployStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    // If we want Private subnets we NEED a NAT Gateway - Humbug >.>
    const vpc = new ec2.Vpc(this, "VPC", {
      natGateways: 1,
      maxAzs: 2
    });

    //Let's autogenerate a Password for Our DB.
    //@nathanpeck gave me a better way todo this But I can't remember right now
    const dbpass = new secretsmanager.Secret(this, "DBPass", {
      generateSecretString: {
        excludeCharacters: '/@"',
        excludePunctuation: true
      }
    });

    // Security Group for our DB that should only allow access from the ECS Task
    const dbSecurityGroup = new ec2.SecurityGroup(this, `db-security-group`, {
      vpc
    });

    const dbSubnetGroup = new rds.CfnDBSubnetGroup(this, `db-subnet-group`, {
      subnetIds: vpc.privateSubnets.map(subnet => subnet.subnetId),
      dbSubnetGroupDescription: "Subnet for the AuroraDB"
    });

    //YEs we're using Serverless Aurora Because Cheapness!
    const db = new rds.CfnDBCluster(this, "DB", {
      engine: rds.DatabaseClusterEngine.AURORA.name,
      engineMode: "serverless",
      port: 3306,
      masterUsername: "admin",
      masterUserPassword: dbpass.secretValue.toString(),
      databaseName: "laravel",
      backupRetentionPeriod: 35,
      dbSubnetGroupName: dbSubnetGroup.ref,
      vpcSecurityGroupIds: [dbSecurityGroup.securityGroupId],
      scalingConfiguration: {
        autoPause: true,
        minCapacity: 1,
        maxCapacity: 8,
        secondsUntilAutoPause: 900
      }
    });

    // Create an ECS cluster
    const cluster = new ecs.Cluster(this, "Cluster", {
      vpc
    });

    const app = new ecs_patterns.ApplicationLoadBalancedFargateService(
      cluster,
      "Laravel-Service",
      {
        cluster,
        taskImageOptions: {
          image: ecs.AssetImage.fromAsset("../laravel5-5-example"),
          environment: {
            DB_HOST: db.attrEndpointAddress,
            DB_USERNAME: "admin",
            DB_PASSWORD: dbpass.secretValue.toString(),
            DB_DATABASE: "laravel",
            APP_KEY: "base64:otWRSjXhOuajd4Dc581OQQZUOZEZaulOkZeKQDKcXlk="
          },
          containerPort: 80,
          containerName: "web",
          enableLogging: true
        }
      }
    );

    //We need to allow connections to port 3306 from the ECS Task to the Aurora DB SG
    dbSecurityGroup.connections.allowFrom(app.service, ec2.Port.tcp(3306));
  }
 }
diff --git a/docker-compose.yaml b/docker-compose.yaml
 version: '3'
 services:
  web:
    image: 1on1/laravel-example:latest
    build: .
    environment:
      DB_HOST: db
      DB_PORT: 3306
      DB_USERNAME: homestead
      DB_PASSWORD: homestead
      DB_DATABASE: homestead
    ports:
      - 8080:80
    links:
      - db
  db:
    image: mysql:5.6
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
      MYSQL_USER: homestead
      MYSQL_PASSWORD: homestead
      MYSQL_DATABASE: homestead
diff --git a/Dockerfile b/Dockerfile
 FROM php:7.3-apache-buster

 LABEL MAINTAINER Marc Byfield <[email protected]>

 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 COPY opcache.ini /usr/local/etc/php/conf.d/opcache.ini
 ENV APACHE_DOCUMENT_ROOT=/var/www/html/public \
    COMPOSER_ALLOW_SUPERUSER=1

 RUN sed -ri -e 's!/var/www/html!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/*.conf
 RUN sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf

 ADD https://raw.githubusercontent.com/mlocati/docker-php-extension-installer/master/install-php-extensions /usr/local/bin/

 RUN chmod uga+x /usr/local/bin/install-php-extensions && sync && \
        apt-get update && apt-get install -y \
        unzip \
        libmagick++-dev \
        libtool \
        libzip-dev \
        libxml2-dev \
        libgmp-dev \
    && install-php-extensions --cleanup \
        imagick \
        opcache \
        gd \
        pdo_mysql \
        pcntl \
        zip \
        intl \
        gmp \
    && rm -rf /var/lib/apt/lists/* \
    && a2enmod rewrite

 # Composer installation.
 COPY --from=composer:1.9.0 /usr/bin/composer /usr/bin/composer
 RUN composer global require hirak/prestissimo --prefer-dist --no-progress --no-suggest --classmap-authoritative \
    && composer clear-cache

 COPY . .

 RUN composer install --no-dev --no-scripts --no-progress --profile --prefer-dist --optimize-autoloader && composer update &&  chown -R www-data:www-data /var/www/html

 HEALTHCHECK CMD "curl -f http://localhost/ || exit 1"

 CMD ["sh", "-c", "sleep 10; php artisan config:clear; php artisan view:clear; php artisan route:clear; php artisan migrate:refresh; php artisan migrate --seed; apache2-foreground"]
	import cdk = require("@aws-cdk/core");
	import ec2 = require("@aws-cdk/aws-ec2");
	import secretsmanager = require("@aws-cdk/aws-secretsmanager");
	import rds = require("@aws-cdk/aws-rds");
	import ecs = require("@aws-cdk/aws-ecs");
	import ecs_patterns = require("@aws-cdk/aws-ecs-patterns");

	export class DeployStack extends cdk.Stack {
	constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
	super(scope, id, props);

	// If we want Private subnets we NEED a NAT Gateway - Humbug >.>
	const vpc = new ec2.Vpc(this, "VPC", {
	natGateways: 1,
	maxAzs: 2
	});

	//Let's autogenerate a Password for Our DB.
	//@nathanpeck gave me a better way todo this But I can't remember right now
	const dbpass = new secretsmanager.Secret(this, "DBPass", {
	generateSecretString: {
	excludeCharacters: '/@"',
	excludePunctuation: true
	}
	});

	// Security Group for our DB that should only allow access from the ECS Task
	const dbSecurityGroup = new ec2.SecurityGroup(this, `db-security-group`, {
	vpc
	});

	const dbSubnetGroup = new rds.CfnDBSubnetGroup(this, `db-subnet-group`, {
	subnetIds: vpc.privateSubnets.map(subnet => subnet.subnetId),
	dbSubnetGroupDescription: "Subnet for the AuroraDB"
	});

	//YEs we're using Serverless Aurora Because Cheapness!
	const db = new rds.CfnDBCluster(this, "DB", {
	engine: rds.DatabaseClusterEngine.AURORA.name,
	engineMode: "serverless",
	port: 3306,
	masterUsername: "admin",
	masterUserPassword: dbpass.secretValue.toString(),
	databaseName: "laravel",
	backupRetentionPeriod: 35,
	dbSubnetGroupName: dbSubnetGroup.ref,
	vpcSecurityGroupIds: [dbSecurityGroup.securityGroupId],
	scalingConfiguration: {
	autoPause: true,
	minCapacity: 1,
	maxCapacity: 8,
	secondsUntilAutoPause: 900
	}
	});

	// Create an ECS cluster
	const cluster = new ecs.Cluster(this, "Cluster", {
	vpc
	});

	const app = new ecs_patterns.ApplicationLoadBalancedFargateService(
	cluster,
	"Laravel-Service",
	{
	cluster,
	taskImageOptions: {
	image: ecs.AssetImage.fromAsset("../laravel5-5-example"),
	environment: {
	DB_HOST: db.attrEndpointAddress,
	DB_USERNAME: "admin",
	DB_PASSWORD: dbpass.secretValue.toString(),
	DB_DATABASE: "laravel",
	APP_KEY: "base64:otWRSjXhOuajd4Dc581OQQZUOZEZaulOkZeKQDKcXlk="
	},
	containerPort: 80,
	containerName: "web",
	enableLogging: true
	}
	}
	);

	//We need to allow connections to port 3306 from the ECS Task to the Aurora DB SG
	dbSecurityGroup.connections.allowFrom(app.service, ec2.Port.tcp(3306));
	}
	}
	version: '3'
	services:
	web:
	image: 1on1/laravel-example:latest
	build: .
	environment:
	DB_HOST: db
	DB_PORT: 3306
	DB_USERNAME: homestead
	DB_PASSWORD: homestead
	DB_DATABASE: homestead
	ports:
	- 8080:80
	links:
	- db
	db:
	image: mysql:5.6
	environment:
	MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
	MYSQL_USER: homestead
	MYSQL_PASSWORD: homestead
	MYSQL_DATABASE: homestead
	FROM php:7.3-apache-buster

	LABEL MAINTAINER Marc Byfield <[email protected]>

	RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
	COPY opcache.ini /usr/local/etc/php/conf.d/opcache.ini
	ENV APACHE_DOCUMENT_ROOT=/var/www/html/public \
	COMPOSER_ALLOW_SUPERUSER=1

	RUN sed -ri -e 's!/var/www/html!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/sites-available/*.conf
	RUN sed -ri -e 's!/var/www/!${APACHE_DOCUMENT_ROOT}!g' /etc/apache2/apache2.conf /etc/apache2/conf-available/*.conf

	ADD https://raw.githubusercontent.com/mlocati/docker-php-extension-installer/master/install-php-extensions /usr/local/bin/

	RUN chmod uga+x /usr/local/bin/install-php-extensions && sync && \
	apt-get update && apt-get install -y \
	unzip \
	libmagick++-dev \
	libtool \
	libzip-dev \
	libxml2-dev \
	libgmp-dev \
	&& install-php-extensions --cleanup \
	imagick \
	opcache \
	gd \
	pdo_mysql \
	pcntl \
	zip \
	intl \
	gmp \
	&& rm -rf /var/lib/apt/lists/* \
	&& a2enmod rewrite

	# Composer installation.
	COPY --from=composer:1.9.0 /usr/bin/composer /usr/bin/composer
	RUN composer global require hirak/prestissimo --prefer-dist --no-progress --no-suggest --classmap-authoritative \
	&& composer clear-cache

	COPY . .

	RUN composer install --no-dev --no-scripts --no-progress --profile --prefer-dist --optimize-autoloader && composer update && chown -R www-data:www-data /var/www/html

	HEALTHCHECK CMD "curl -f http://localhost/ \|\| exit 1"

	CMD ["sh", "-c", "sleep 10; php artisan config:clear; php artisan view:clear; php artisan route:clear; php artisan migrate:refresh; php artisan migrate --seed; apache2-foreground"]