-
Notifications
You must be signed in to change notification settings - Fork 98
Expand file tree
/
Copy pathfastly-static.tf
More file actions
153 lines (127 loc) · 3.66 KB
/
fastly-static.tf
File metadata and controls
153 lines (127 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
locals {
fastly_domain_name = "fastly-${var.static_domain_name}"
}
resource "fastly_service_vcl" "static" {
name = var.static_domain_name
domain {
name = local.fastly_domain_name
}
domain {
name = var.static_domain_name
}
backend {
name = data.aws_s3_bucket.static.bucket
address = data.aws_s3_bucket.static.bucket_regional_domain_name
override_host = data.aws_s3_bucket.static.bucket_regional_domain_name
use_ssl = true
port = 443
ssl_cert_hostname = data.aws_s3_bucket.static.bucket_regional_domain_name
}
default_ttl = var.static_ttl
# The VCL snippets can be tested here: https://fiddle.fastly.dev/fiddle/eb4b0dfb
snippet {
name = "list files in S3"
type = "recv"
content = <<-VCL
if (req.url ~ "^\/dist\/\d{4}-\d{2}-\d{2}(\/|\/index.html)?$") {
set req.url = "/list-files.html";
}
VCL
}
snippet {
name = "detect rustup.sh requests"
type = "recv"
content = <<-VCL
if (req.url ~ "^\/rustup\.sh$") {
error 618 "redirect";
}
VCL
}
snippet {
name = "enable segmented caching"
type = "recv"
content = <<-VCL
set req.enable_segmented_caching = true;
set segmented_caching.block_size = 10000000;
VCL
}
# The streaming miss feature streams responses back to clients immediately,
# which reduces the first-byte latency.
# https://docs.fastly.com/en/guides/streaming-miss
snippet {
name = "enable streaming miss"
type = "fetch"
content = <<-VCL
if (req.url.ext ~ "^(?:gz|xz|zip)$") {
set beresp.do_stream = true;
}
VCL
}
snippet {
name = "set cache key for dist"
type = "fetch"
content = <<-VCL
if (req.url ~ "^\/dist\/") {
set beresp.http.Surrogate-Key = "dist";
}
VCL
}
snippet {
name = "redirect rustup.sh to rustup.rs"
type = "error"
content = <<-VCL
if (obj.status == 618 && obj.response == "redirect") {
set obj.status = 301;
set obj.response = "Moved permanently";
set obj.http.Location = "https://sh.rustup.rs";
synthetic {"
#!/bin/bash
echo "The location of rustup.sh has moved."
echo "Run the following command to install from the new location:"
echo " curl https://sh.rustup.rs -sSf | sh"
"};
return (deliver);
}
VCL
}
logging_datadog {
name = "datadog"
token = data.aws_ssm_parameter.datadog_api_key.value
}
logging_s3 {
name = "s3-request-logs"
bucket_name = data.aws_s3_bucket.logs.bucket
s3_iam_role = aws_iam_role.fastly_assume_role.arn
domain = "s3.us-west-1.amazonaws.com"
path = "/fastly-requests/${var.static_domain_name}/"
compression_codec = "zstd"
}
}
module "fastly_tls_subscription" {
source = "../fastly-tls-subscription"
certificate_authority = "globalsign"
aws_route53_zone_id = data.aws_route53_zone.static.id
domains = [
local.fastly_domain_name,
var.static_domain_name
]
}
resource "aws_route53_record" "fastly_static_domain" {
zone_id = data.aws_route53_zone.static.id
name = local.fastly_domain_name
type = "CNAME"
ttl = 300
allow_overwrite = true
records = module.fastly_tls_subscription.destinations
}
resource "aws_route53_record" "weighted_static_fastly" {
zone_id = data.aws_route53_zone.static.id
name = var.static_domain_name
type = "CNAME"
ttl = 300
records = [aws_route53_record.fastly_static_domain.fqdn]
weighted_routing_policy {
weight = var.static_fastly_weight
}
set_identifier = "fastly"
}