diff --git a/Azaion.Services/Security.cs b/Azaion.Services/Security.cs index a51114c..dd28668 100644 --- a/Azaion.Services/Security.cs +++ b/Azaion.Services/Security.cs @@ -19,10 +19,11 @@ public static class Security if (key is not { Length: > 0 }) throw new ArgumentNullException(nameof(key)); using var aes = Aes.Create(); + aes.Mode = CipherMode.CFB; aes.Key = SHA256.HashData(Encoding.UTF8.GetBytes(key)); aes.GenerateIV(); - using var encryptor = aes.CreateEncryptor(aes.Key, aes.IV); + await using var cs = new CryptoStream(toStream, encryptor, CryptoStreamMode.Write, leaveOpen: true); // Prepend IV to the encrypted data @@ -43,8 +44,9 @@ public static class Security var iv = new byte[aes.BlockSize / 8]; _ = await encryptedStream.ReadAsync(iv, cancellationToken); aes.IV = iv; - + aes.Mode = CipherMode.CFB; using var decryptor = aes.CreateDecryptor(aes.Key, aes.IV); + await using var cryptoStream = new CryptoStream(encryptedStream, decryptor, CryptoStreamMode.Read, leaveOpen: true); // Read and write in chunks diff --git a/env/01 sh-install/01-general.sh b/env/api/01-libs-install.sh similarity index 100% rename from env/01 sh-install/01-general.sh rename to env/api/01-libs-install.sh diff --git a/env/01 sh-install/04-nginx-docker-registry.sh b/env/api/02-nginx-docker-registry.sh similarity index 91% rename from env/01 sh-install/04-nginx-docker-registry.sh rename to env/api/02-nginx-docker-registry.sh index 9fc16d3..3f78a26 100644 --- a/env/01 sh-install/04-nginx-docker-registry.sh +++ b/env/api/02-nginx-docker-registry.sh @@ -63,6 +63,18 @@ server { ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem; + location /cdn/ { + alias /var/www/cdn.azaion.com/; + expires 3560d; + access_log_off; + log_not_found off; + gzip_static on; + + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + } + location / { proxy_pass http://localhost:4000; # API service running on port 4000 proxy_set_header Host \$host; @@ -91,4 +103,4 @@ systemctl restart nginx # and then from the other machine docker login docker.azaion.com -# Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny \ No newline at end of file +# Enter Username zxsanny and pass which was set here htpasswd -c .htpasswd zxsanny diff --git a/env/01 sh-install/05 start scripts/restart-api.sh b/env/api/restart-api.sh similarity index 100% rename from env/01 sh-install/05 start scripts/restart-api.sh rename to env/api/restart-api.sh diff --git a/env/01 sh-install/05 start scripts/start-container.sh b/env/api/start-container.sh similarity index 58% rename from env/01 sh-install/05 start scripts/start-container.sh rename to env/api/start-container.sh index 102b862..72fa499 100644 --- a/env/01 sh-install/05 start scripts/start-container.sh +++ b/env/api/start-container.sh @@ -1,6 +1,6 @@ docker run \ --env-file .env \ -p 4000:8080 \ - -v /root/content:/app/Content \ - -v /root/logs:/app/logs + -v /root/api/content:/app/Content \ + -v /root/api/logs:/app/logs --name azaion.api docker.azaion.com/api \ No newline at end of file diff --git a/env/01 sh-install/05 start scripts/update-api.sh b/env/api/update-api.sh similarity index 100% rename from env/01 sh-install/05 start scripts/update-api.sh rename to env/api/update-api.sh diff --git a/env/cdn/01-install-minio.sh b/env/cdn/01-install-minio.sh new file mode 100644 index 0000000..5c56d63 --- /dev/null +++ b/env/cdn/01-install-minio.sh @@ -0,0 +1,14 @@ +mkdir -p ~/cdn/data + +certbot certonly --standalone -d cdn.azaion.com + +cd /etc/letsencrypt/live/cdn.azaion.com-0001 || exit + +chmod -R 755 privkey.pem +ln -s privkey.pem private.key + +chmod -R 755 fullchain.pem +ln -s fullchain.pem public.crt +cd ~ || exit + +sh restart-minio.sh \ No newline at end of file diff --git a/env/cdn/02-install-miniio-cli.sh b/env/cdn/02-install-miniio-cli.sh new file mode 100644 index 0000000..b699930 --- /dev/null +++ b/env/cdn/02-install-miniio-cli.sh @@ -0,0 +1,6 @@ + +MC_BINARY_PATH="/usr/local/bin/mc" +wget https://dl.min.io/client/mc/release/linux-amd64/mc -O ${MC_BINARY_PATH} +chmod +x ${MC_BINARY_PATH} +export PATH=$PATH:${MC_BINARY_PATH} >> ~/.profile +source ~/.profile diff --git a/env/cdn/03-config-minio.sh b/env/cdn/03-config-minio.sh new file mode 100644 index 0000000..4d89819 --- /dev/null +++ b/env/cdn/03-config-minio.sh @@ -0,0 +1,12 @@ +mc alias set cdn http://localhost:9020 azaion-cdn-admin AzAA2onCdDmNinnn_CDN_1 + +mc admin user add cdn azaion-cdn-uploader AaazzA2onCuuPlonad_CerrDN_1 +mc admin policy create cdn CDNUploadPolicy uploader_policy.json +mc admin policy attach cdn CDNUploadPolicy --user azaion-cdn-uploader + + +mc admin user add cdn azaion-cdn-user AaazzA2onCussSerrrErDN_1 +mc admin policy create cdn CDNUserPolicy user_policy.json +mc admin policy attach cdn CDNUserPolicy --user azaion-cdn-user + +mc mb cdn/models \ No newline at end of file diff --git a/env/cdn/restart-minio.sh b/env/cdn/restart-minio.sh new file mode 100644 index 0000000..de594ca --- /dev/null +++ b/env/cdn/restart-minio.sh @@ -0,0 +1,15 @@ +docker stop minio +docker rm minio + +docker run \ + -p 9020:9000 \ + -p 9021:9001 \ + --name minio \ + -v ~/minio/data:/data \ + -v /etc/letsencrypt/live/cdn.azaion.com-0001:/certs \ + -e "MINIO_ROOT_USER=azaion-cdn-admin" \ + -e "MINIO_ROOT_PASSWORD=AzAA2onCdDmNinnn_CDN_1" \ + quay.io/minio/minio server /data \ + --address ":9000" \ + --console-address ":9001" \ + --certs-dir /certs \ No newline at end of file diff --git a/env/cdn/uploader_policy.json b/env/cdn/uploader_policy.json new file mode 100644 index 0000000..e13a5d1 --- /dev/null +++ b/env/cdn/uploader_policy.json @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject" + ], + "Resource": ["arn:aws:s3:::models/*"] + }, + { + "Effect": "Allow", + "Action": [ "s3:ListBucket" ], + "Resource": [ "arn:aws:s3:::models" ] + } + ] +} \ No newline at end of file diff --git a/env/cdn/user_policy.json b/env/cdn/user_policy.json new file mode 100644 index 0000000..0c3c7ec --- /dev/null +++ b/env/cdn/user_policy.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ "s3:GetObject" ], + "Resource": ["arn:aws:s3:::models/*"] + }, + { + "Effect": "Allow", + "Action": [ "s3:ListBucket" ], + "Resource": [ "arn:aws:s3:::models" ] + } + ] +} \ No newline at end of file diff --git a/env/02 db-scripts/00_install.sh b/env/db/00_install.sh similarity index 100% rename from env/02 db-scripts/00_install.sh rename to env/db/00_install.sh diff --git a/env/02 db-scripts/01_permissions.sql b/env/db/01_permissions.sql similarity index 100% rename from env/02 db-scripts/01_permissions.sql rename to env/db/01_permissions.sql diff --git a/env/02 db-scripts/02_structure.sql b/env/db/02_structure.sql similarity index 100% rename from env/02 db-scripts/02_structure.sql rename to env/db/02_structure.sql diff --git a/env/01 sh-install/02-rabbit-install.sh b/env/rabbit/01-rabbit-install.sh similarity index 100% rename from env/01 sh-install/02-rabbit-install.sh rename to env/rabbit/01-rabbit-install.sh diff --git a/env/01 sh-install/03-rabbit-configure.sh b/env/rabbit/02-rabbit-configure.sh similarity index 83% rename from env/01 sh-install/03-rabbit-configure.sh rename to env/rabbit/02-rabbit-configure.sh index c23217a..5c48af6 100644 --- a/env/01 sh-install/03-rabbit-configure.sh +++ b/env/rabbit/02-rabbit-configure.sh @@ -29,8 +29,12 @@ rabbitmqctl set_permissions azaion_receiver "" "" ".*" # put export PATH="$PATH:/etc/rabbitmq" to the end of the ~/.profile source ~/.profile # 2.2 declare queues with x-queue-type stream: - rabbitmqadmin declare queue name=azaion-annotations arguments='{"x-queue-type": "stream", "max-segment-size-bytes": 5368709118}' - rabbitmqadmin declare queue name=azaion-annotations-confirm arguments='{"x-queue-type": "stream", "max-segment-size-bytes": 5368709118}' + + rabbitmqadmin delete queue name=azaion-annotations + rabbitmqadmin declare queue name=azaion-annotations arguments='{"x-queue-type": "stream", "max-length-bytes": 5368709120}' + rabbitmqadmin delete queue name=azaion-annotations-confirm + rabbitmqadmin declare queue name=azaion-annotations-confirm arguments='{"x-queue-type": "stream", "max-length-bytes": 5368709120}' + rabbitmqadmin delete queue name=azaion-commands rabbitmqadmin declare queue name=azaion-commands # 2.3 configure rabbitmq # edit /etc/rabbitmq/rabbitmq.conf