add scripts for cdn

change aes mode to cfb in encrypt / decrypt in Security

Azaion.Services/Security.cs

@@ -19,10 +19,11 @@ public static class Security
         if (key is not { Length: > 0 }) throw new ArgumentNullException(nameof(key));
 
         using var aes = Aes.Create();
+        aes.Mode = CipherMode.CFB;
         aes.Key = SHA256.HashData(Encoding.UTF8.GetBytes(key));
         aes.GenerateIV();
-
         using var encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
+
         await using var cs = new CryptoStream(toStream, encryptor, CryptoStreamMode.Write, leaveOpen: true);
 
         // Prepend IV to the encrypted data
@@ -43,8 +44,9 @@ public static class Security
         var iv = new byte[aes.BlockSize / 8];
         _ = await encryptedStream.ReadAsync(iv, cancellationToken);
         aes.IV = iv;
-
+        aes.Mode = CipherMode.CFB;
         using var decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
+
         await using var cryptoStream = new CryptoStream(encryptedStream, decryptor, CryptoStreamMode.Read, leaveOpen: true);
 
         // Read and write in chunks

env/api/02-nginx-docker-registry.sh

@@ -63,6 +63,18 @@ server {
     ssl_certificate /etc/letsencrypt/live/api.azaion.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/api.azaion.com/privkey.pem;
 
+    location /cdn/ {
+      alias /var/www/cdn.azaion.com/;
+      expires 3560d;
+      access_log_off;
+      log_not_found off;
+      gzip_static on;
+
+      autoindex on;
+      autoindex_exact_size off;
+      autoindex_localtime on;
+    }
+
     location / {
         proxy_pass http://localhost:4000;  # API service running on port 4000
         proxy_set_header Host \$host;

env/api/start-container.sh

@@ -1,6 +1,6 @@
 docker run \
         --env-file .env \
         -p 4000:8080 \
-        -v /root/content:/app/Content \
-        -v /root/logs:/app/logs
+        -v /root/api/content:/app/Content \
+        -v /root/api/logs:/app/logs
         --name azaion.api docker.azaion.com/api

env/cdn/01-install-minio.sh

@@ -0,0 +1,14 @@
+mkdir -p ~/cdn/data
+
+certbot certonly --standalone -d cdn.azaion.com
+
+cd /etc/letsencrypt/live/cdn.azaion.com-0001 || exit
+
+chmod -R 755 privkey.pem
+ln -s privkey.pem private.key
+
+chmod -R 755 fullchain.pem
+ln -s fullchain.pem public.crt
+cd ~ || exit
+
+sh restart-minio.sh

env/cdn/02-install-miniio-cli.sh

@@ -0,0 +1,6 @@
+
+MC_BINARY_PATH="/usr/local/bin/mc"
+wget https://dl.min.io/client/mc/release/linux-amd64/mc -O ${MC_BINARY_PATH}
+chmod +x ${MC_BINARY_PATH}
+export PATH=$PATH:${MC_BINARY_PATH} >> ~/.profile
+source ~/.profile

env/cdn/03-config-minio.sh

@@ -0,0 +1,12 @@
+mc alias set cdn http://localhost:9020 azaion-cdn-admin AzAA2onCdDmNinnn_CDN_1
+
+mc admin user add cdn azaion-cdn-uploader AaazzA2onCuuPlonad_CerrDN_1
+mc admin policy create cdn CDNUploadPolicy uploader_policy.json
+mc admin policy attach cdn CDNUploadPolicy --user azaion-cdn-uploader
+
+
+mc admin user add cdn azaion-cdn-user AaazzA2onCussSerrrErDN_1
+mc admin policy create cdn CDNUserPolicy user_policy.json
+mc admin policy attach cdn CDNUserPolicy --user azaion-cdn-user
+
+mc mb cdn/models

env/cdn/restart-minio.sh

@@ -0,0 +1,15 @@
+docker stop minio
+docker rm minio
+
+docker run \
+   -p 9020:9000 \
+   -p 9021:9001 \
+   --name minio \
+   -v ~/minio/data:/data \
+   -v /etc/letsencrypt/live/cdn.azaion.com-0001:/certs \
+   -e "MINIO_ROOT_USER=azaion-cdn-admin" \
+   -e "MINIO_ROOT_PASSWORD=AzAA2onCdDmNinnn_CDN_1" \
+   quay.io/minio/minio server /data \
+   --address ":9000" \
+   --console-address ":9001" \
+   --certs-dir /certs

env/cdn/uploader_policy.json

@@ -0,0 +1,17 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject"
+      ],
+      "Resource": ["arn:aws:s3:::models/*"]
+    },
+        {
+            "Effect": "Allow",
+            "Action": [ "s3:ListBucket" ],
+            "Resource": [ "arn:aws:s3:::models" ]
+        }
+    ]
+}

env/cdn/user_policy.json

@@ -0,0 +1,15 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [ "s3:GetObject" ],
+      "Resource": ["arn:aws:s3:::models/*"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [ "s3:ListBucket" ],
+      "Resource": [ "arn:aws:s3:::models" ]
+    }
+  ]
+}

env/rabbit/02-rabbit-configure.sh

@@ -29,8 +29,12 @@ rabbitmqctl set_permissions azaion_receiver "" "" ".*"
   # put   export PATH="$PATH:/etc/rabbitmq"    to the end of the ~/.profile
   source ~/.profile
 # 2.2 declare queues with x-queue-type stream:
-  rabbitmqadmin declare queue name=azaion-annotations arguments='{"x-queue-type": "stream", "max-segment-size-bytes": 5368709118}'
-  rabbitmqadmin declare queue name=azaion-annotations-confirm arguments='{"x-queue-type": "stream", "max-segment-size-bytes": 5368709118}'
+
+  rabbitmqadmin delete queue name=azaion-annotations
+  rabbitmqadmin declare queue name=azaion-annotations arguments='{"x-queue-type": "stream", "max-length-bytes": 5368709120}'
+  rabbitmqadmin delete queue name=azaion-annotations-confirm
+  rabbitmqadmin declare queue name=azaion-annotations-confirm arguments='{"x-queue-type": "stream", "max-length-bytes": 5368709120}'
+  rabbitmqadmin delete queue name=azaion-commands
   rabbitmqadmin declare queue name=azaion-commands
 # 2.3 configure rabbitmq
   # edit /etc/rabbitmq/rabbitmq.conf