Reverse Proxy
The vagov-revproxy service is a reverse proxy designed to accept traffic coming from the Trusted Internet Connection (TIC) and direct that traffic towards private S3 resources (static content, ie. css, images, etc.).
Static site content is housed within a bucket or multiple buckets (AWS S3) for the respective environment of the traffic (sandbox, dev, staging, or prod).
Our reverse proxy nodes use OpenResty®, an enhanced version of Nginx core.
Configuration
The deployment of the reverse proxy configuration:
Each deployment calls the nginx file nginx_website_server which passes the corresponding properties depending on each environment. It also calls nginx_revproxy_redirects to handle the port 80/443 requests
Nginx conf files containing the properties for each environment:
Proxy headers
Our current nginx config only provides for proxying to s3 buckets that have the same name as the site for which they are being proxied. However, in order to use a specific S3 bucket a new proxy header was created to handle this by not overriding the host header for s3 requests.
Deployment
If you update the revproxy in the devops repository from inside the /ansible/deployments directory you will need to trigger a deployment of the reverse proxy to see your changes in the appropriate environment.
- Visit the deployment job for the relevant environment: dev, staging, or production
- Find the latest successful deployment; it will be at the top of the dashboard with all steps successful.
- Click on the deployment number to visit the landing page for that deployment.
- Click "Replay" in the sidebar to deploy your changes. If you don't see, "Replay," "Rebuild" can also be used. If you don't see either option and you think you should please file an issue with the Operations team. The deployment process should take about 10 minutes.