Moves to DigitalOcean from AWS (#4)
* Moves to DigitalOcean from AWS * README * Removes deployment workflow --------- Co-authored-by: Joe Carstairs <65492573+Sycamost@users.noreply.github.com>
This commit is contained in:
Joe Carstairs
44
README.md
44
README.md
@@ -9,39 +9,19 @@ Structure:
|
||||
|
||||
## Infrastructure
|
||||
|
||||
The infrastructure has these components:
|
||||
The infrastructure is on DigitalOcean.
|
||||
|
||||
- AWS Route53Domains (for domain name registration)
|
||||
- AWS Route53 (for domain name resolution)
|
||||
- AWS CloudFront (for path-based routing)
|
||||
- AWS S3 (for static website hosting)
|
||||
The website is hosted using the App Platform service from DigitalOcean. This is
|
||||
free for static websites, and is quite flexible to add in extra apps as Droplets
|
||||
or Functions at a later time if I so please.
|
||||
|
||||
The CloudFront bit is needed, because S3 static website hosting can only accept
|
||||
HTTP requests. CloudFront manages receiving HTTPS requests and forwarding them
|
||||
to HTTP.
|
||||
DigitalOcean App Platform re-deploys the website every time there's an update to
|
||||
the `main` branch in this repo.
|
||||
|
||||
The S3 bucket includes a secret string of random characters. This is because
|
||||
when you set up static website hosting, the S3 API becomes open to the internet,
|
||||
and there's no way to turn this off. So you are theoretically open to DDoS
|
||||
attacks, for which you will be charged. Including a random string in the bucket
|
||||
name makes it less likely that an attacker will find the bucket to send requests
|
||||
to.
|
||||
|
||||
The secret is stored in a GitHub secret called `S3_BUCKET_SUFFIX` so that it can
|
||||
be accessed by GitHub Actions workflows.
|
||||
|
||||
## Invalidating the CloudFront cache
|
||||
|
||||
When you update pages, you’ll need to invalidate the CloudFront cache in order
|
||||
for CloudFront to serve the new versions before the caches expire (which could
|
||||
be a while). Here’s how to do it:
|
||||
|
||||
1. Go to the CloudFront console
|
||||
2. Select the distribution for this website
|
||||
3. Go to the Invalidations tab
|
||||
4. Add a new Invalidation
|
||||
5. Include all pages you’ve updated
|
||||
- Use the relative URL, not the filepath, e.g. "/blog/" not "/blog/index.html"
|
||||
- Include the trailing "/" or it won’t work
|
||||
- You can use wildcards to make life easier, e.g. "/blog/2024/01/29/*"
|
||||
All the DigitalOcean infrastructure is managed using Terraform. The code for
|
||||
this is in the `infrastructure/` directory.
|
||||
|
||||
The domain, however, is registered on AWS. The nameservers registered in AWS
|
||||
have to be kept manually up-to-date with the DigitalOcean nameservers. These
|
||||
shouldn't change, though, so this is unlikely to need intervention more than
|
||||
once.
|
||||
|
||||
Reference in New Issue
Block a user