in lib/index.ts [75:143]
constructor(scope: Construct, id: string, props: S3ProxyFarmProps) {
super(scope, id);
this.websiteIndexDocument = props.websiteIndexDocument || this.websiteIndexDocument;
this.allowedCIDRRanges = Array.isArray(props.allowedCIDRRanges) && props.allowedCIDRRanges.length ? props.allowedCIDRRanges : this.allowedCIDRRanges;
this.proxyFarmSecurityGroup = new ec2.SecurityGroup(this, 'autoscaling-group-security-group', {
vpc: props.vpc,
});
for (const cidrRange of this.allowedCIDRRanges) {
this.proxyFarmSecurityGroup.addIngressRule(ec2.Peer.ipv4(cidrRange), ec2.Port.tcp(this.proxyPort), 'allow proxy access from CIDR range');
}
const proxyFarmAsgProps = deepmerge({
vpc: props.vpc,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO),
machineImage: new ec2.AmazonLinuxImage(),
associatePublicIpAddress: false,
securityGroup: this.proxyFarmSecurityGroup,
vpcSubnets: {
subnetType: ec2.SubnetType.PRIVATE,
},
minCapacity: 1,
maxCapacity: 3,
}, props.autoScalingGroupProps || {}, {
isMergeableObject: isPlainObject
});
this.proxyFarmAsg = new autoscaling.AutoScalingGroup(this, 'autoscaling-group', proxyFarmAsgProps);
const cpuUtilizationScalingProps: autoscaling.CpuUtilizationScalingProps = deepmerge({
targetUtilizationPercent: 80,
cooldown: Duration.seconds(300),
}, props.cpuUtilizationScalingProps || {}, {
isMergeableObject: isPlainObject
});
this.proxyFarmAsg.scaleOnCpuUtilization('scaling-policy', cpuUtilizationScalingProps);
// Configure Proxy (Nginx) on instance startup
this.proxyFarmAsg.userData.addCommands(`
#!/bin/bash
amazon-linux-extras enable nginx1
yum -y install nginx
cat <<EOF > /etc/nginx/conf.d/reverse-proxy.conf
server {
listen ${this.proxyPort};
listen [::]:${this.proxyPort};
${this.allowedCIDRRanges.map((cidrRange) => ` allow ${cidrRange};`).join('\n')}
deny all;
location = / {
proxy_pass ${props.websiteBucket.bucketWebsiteUrl}/${this.websiteIndexDocument};
}
location / {
proxy_pass ${props.websiteBucket.bucketWebsiteUrl};
}
}
EOF
service nginx restart
`);
}