Merge pull request #158 from vrk-kpa/REKDAT-48_redirect_to_suomi_fi

REKDAT-48: Redirect to suojattudata.suomi.fi

cdk/bin/cdk.ts

@@ -188,15 +188,17 @@ const NginxStackDev = new NginxStack(app, 'NginxStack-dev', {
   environment: devStackProps.environment,
   vpc: VpcStackDev.vpc,
   allowRobots: "false",
-  certificate: CertificateStackDev.newCertificate,
+  certificate: CertificateStackDev.certificate,
+  newCertificate: CertificateStackDev.newCertificate,
   cluster: EcsClusterStackDev.cluster,
   namespace: EcsClusterStackDev.namespace,
   domainName: devStackProps.domainName,
   fqdn: devStackProps.fqdn,
   secondaryDomainName: devStackProps.secondaryDomainName,
   secondaryFqdn: devStackProps.secondaryFqdn,
   loadBalancer: LoadBalancerStackDev.loadBalancer,
-  zone: SubDomainStackDev.newSubZone,
+  zone: SubDomainStackDev.subZone,
+  newZone: SubDomainStackDev.newSubZone,
   taskDef: {
     taskCpu: 256,
     taskMem: 512,
@@ -386,15 +388,17 @@ const NginxStackProd = new NginxStack(app, 'NginxStack-prod', {
   environment: prodStackProps.environment,
   vpc: VpcStackProd.vpc,
   allowRobots: "false",
-  certificate: CertificateStackProd.newCertificate,
+  certificate: CertificateStackProd.certificate,
+  newCertificate: CertificateStackProd.newCertificate,
   cluster: EcsClusterStackProd.cluster,
   namespace: EcsClusterStackProd.namespace,
   domainName: prodStackProps.domainName,
   fqdn: prodStackProps.fqdn,
   secondaryDomainName: prodStackProps.secondaryDomainName,
   secondaryFqdn: prodStackProps.secondaryFqdn,
   loadBalancer: LoadBalancerStackProd.loadBalancer,
-  zone: DomainStackProd.newPublicZone,
+  zone: DomainStackProd.publicZone,
+  newZone: DomainStackProd.newPublicZone,
   taskDef: {
     taskCpu: 256,
     taskMem: 512,

cdk/lib/certificate-stack.ts

@@ -8,10 +8,10 @@ export class CertificateStack extends Stack {
     constructor(scope: Construct, id: string, props: CertificateStackProps) {
         super(scope, id, props);
 
-        //this.certificate = new acm.Certificate(this, 'Certificate', {
-        //    domainName: props.zone.zoneName,
-        //    validation: acm.CertificateValidation.fromDns(props.zone)
-        //})
+        this.certificate = new acm.Certificate(this, 'Certificate', {
+            domainName: props.zone.zoneName,
+            validation: acm.CertificateValidation.fromDns(props.zone)
+        })
 
         this.newCertificate = new acm.Certificate(this, 'NewCertificate', {
           domainName: props.newZone.zoneName,

cdk/lib/ckan-stack.ts

@@ -108,8 +108,7 @@ export class CkanStack extends Stack {
       DB_CKAN_HOST: props.ckanInstance.instanceEndpoint.hostname,
       DB_CKAN: "ckan",
       DB_CKAN_USER: props.ckanInstanceCredentials.username,
-      DOMAIN_NAME: props.domainName,
-      SECONDARY_DOMAIN_NAME: props.secondaryDomainName,
+      DOMAIN_NAME: props.secondaryDomainName,
       SITE_PROTOCOL: 'https',
       SMTP_HOST: pSmtpHost.stringValue,
       SMTP_FROM: pSmtpFrom.stringValue,

cdk/lib/nginx-stack-props.ts

@@ -4,8 +4,10 @@ import {aws_certificatemanager, aws_elasticloadbalancingv2, aws_route53} from "a
 export interface NginxStackProps extends EcsStackProps {
   allowRobots: string,
   certificate: aws_certificatemanager.ICertificate,
+  newCertificate: aws_certificatemanager.ICertificate,
   loadBalancer: aws_elasticloadbalancingv2.IApplicationLoadBalancer,
   zone: aws_route53.IPublicHostedZone,
+  newZone: aws_route53.IPublicHostedZone,
   domainName: string,
   secondaryDomainName: string,
   fqdn: string,

cdk/lib/nginx-stack.ts

@@ -94,6 +94,19 @@ export class NginxStack extends Stack {
       openListener: false
     });
 
+    this.nginxService.listener.addCertificates("certificates", [props.newCertificate])
+
+    this.nginxService.listener.addAction("Redirect", {
+      action: aws_elasticloadbalancingv2.ListenerAction.redirect({
+        host: props.secondaryDomainName,
+        permanent: true
+      }),
+      conditions: [
+        aws_elasticloadbalancingv2.ListenerCondition.hostHeaders([props.domainName])
+      ],
+      priority: 10
+    })
+
 
     this.nginxService.targetGroup.configureHealthCheck({
       path: '/health',
@@ -118,6 +131,11 @@ export class NginxStack extends Stack {
       zone: props.zone,
       target: aws_route53.RecordTarget.fromAlias(new aws_route53_targets.LoadBalancerTarget(props.loadBalancer))
     })
+
+    const newRecord = new aws_route53.ARecord(this, 'newSubDomainRecord', {
+      zone: props.newZone,
+      target: aws_route53.RecordTarget.fromAlias(new aws_route53_targets.LoadBalancerTarget(props.loadBalancer))
+    })
   }
 }
 

cdk/lib/sub-domain-stack.ts

@@ -8,9 +8,9 @@ export class SubDomainStack extends Stack {
     constructor(scope: Construct, id: string, props: SubDomainStackProps) {
         super(scope, id, props);
 
-        //this.subZone = new aws_route53.PublicHostedZone(this, 'SubZone', {
-        //    zoneName: props.subDomainName + ".suojattudata.suomi.fi"
-        //})
+        this.subZone = new aws_route53.PublicHostedZone(this, 'SubZone', {
+            zoneName: props.subDomainName + ".suojattudata.suomi.fi"
+        })
 
         this.newSubZone = new aws_route53.PublicHostedZone(this, 'NewSubZone', {
           zoneName: props.subDomainName + ".suojattudata.fi"
@@ -26,11 +26,11 @@ export class SubDomainStack extends Stack {
 
         const delegationRole = aws_iam.Role.fromRoleArn(this, 'delegationRole', delegationRoleArn)
 
-        //new aws_route53.CrossAccountZoneDelegationRecord(this, 'delegate', {
-        //    delegatedZone: this.subZone,
-        //    delegationRole: delegationRole,
-        //    parentHostedZoneName: "suojattudata.suomi.fi"
-        //})
+        new aws_route53.CrossAccountZoneDelegationRecord(this, 'delegate', {
+            delegatedZone: this.subZone,
+            delegationRole: delegationRole,
+            parentHostedZoneName: "suojattudata.suomi.fi"
+        })
 
         new aws_route53.CrossAccountZoneDelegationRecord(this, 'newDelegate', {
           delegatedZone: this.newSubZone,