Merge branch 'master' into javascript-init

.gitignore

@@ -1,13 +1,12 @@
-.idea/
+# Keys and secrets
 files/public.pem
 files/modulus.pem
-conf/ssl/*.pem
-conf/wikidot.ini
-conf/wikijump.ini
-/tmp
-/web/files--common/tmp
-/web/files--common/dist/
-/web/files--sites
-/vendor
-composer.phar
-node_modules/
+*.pem
+
+# Editor files
+.idea/
+.*.swp
+
+# Miscellaneous
+*.bak
+*~

README.md

@@ -0,0 +1,7 @@
+# Wikijump
+
+----
+
+## About
+
+Wikijump is a platform for creating wikis, based on [Wikidot](http://wikidot.com/).

docs/development.md

@@ -0,0 +1,27 @@
+# Local Development
+
+The `installer` folder has everything you need to run a local Wikijump install either in a container or on metal or a VM.
+
+### Installation
+
+You can create a docker container using the following:
+
+```bash
+$ docker build . -t scpwiki/wikijump:local
+$ docker create --name wikijump -p 8080:80 scpwiki/wikijump:local
+$ docker start wikijump
+```
+
+Instead of building Wikijump locally, you can also pull the image from the Docker Hub:
+
+```bash
+$ docker create --name wikijump -p 8080:80 scpwiki/wikijump:latest
+```
+
+Then terminate it:
+
+```bash
+$ docker stop wikijump
+```
+
+Alternatively, you can install to your local system using `install.sh`. This may require tinkering depending on your exact platform and environment.

infra/terraform/dev/.gitignore

@@ -0,0 +1,29 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*

infra/terraform/dev/acm.tf

@@ -0,0 +1 @@
+../prod/acm.tf

infra/terraform/dev/cloudfront.tf

@@ -0,0 +1 @@
+../prod/cloudfront.tf

infra/terraform/dev/codebuild.tf

@@ -0,0 +1 @@
+../prod/codebuild.tf

infra/terraform/dev/codepipeline.tf

@@ -0,0 +1 @@
+../prod/codepipeline.tf

infra/terraform/dev/ecr.tf

@@ -0,0 +1 @@
+../prod/ecr.tf

infra/terraform/dev/ecs.tf

@@ -0,0 +1 @@
+../prod/ecs.tf

infra/terraform/dev/elasticache.tf

@@ -0,0 +1 @@
+../prod/elasticache.tf

infra/terraform/dev/elb.tf

@@ -0,0 +1 @@
+../prod/elb.tf

infra/terraform/dev/master.tf

@@ -0,0 +1 @@
+../prod/master.tf

infra/terraform/dev/rds.tf

@@ -0,0 +1 @@
+../prod/rds.tf

infra/terraform/dev/s3.tf

@@ -0,0 +1 @@
+../prod/s3.tf

infra/terraform/dev/ssm.tf

@@ -0,0 +1 @@
+../prod/ssm.tf

infra/terraform/dev/variables.tf

@@ -0,0 +1 @@
+../prod/variables.tf

infra/terraform/dev/vpc.tf

@@ -0,0 +1 @@
+../prod/vpc.tf

infra/terraform/dev/wikijump.auto.tfvars

@@ -0,0 +1,14 @@
+# Meta
+environment         = "production"
+web_domain          = "wikijump.com"
+files_domain        = "wjfiles.com"
+
+# VPC
+vpc_cidr_block      = "10.173.0.0/16"
+elb_subnet          = "10.173.0.0/24"
+container_subnet    = "10.173.10.0/24"
+database_subnet     = "10.173.20.0/24"
+cache_subnet        = "10.173.30.0/24"
+
+# Cloudfront/ELB
+cf_auth_token       = "e421b736-aa0f-4fbf-9965-b6fce423c826"

infra/terraform/prod/.gitignore

@@ -0,0 +1,29 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*

infra/terraform/prod/README.md

@@ -0,0 +1,3 @@
+# wikijump-deploy
+Terraform files for deployment of Wikijump cloud environments.
+

infra/terraform/prod/acm.tf

@@ -0,0 +1,13 @@
+resource "aws_acm_certificate" "cf_wildcard_cert" {
+    domain_name                 = var.web_domain
+    subject_alternative_names   = [
+        var.files_domain,
+        "*.${var.web_domain}",
+        "*.${var.files_domain}"
+    ]
+    validation_method           = "DNS"
+
+    lifecycle {
+        create_before_destroy   = true
+    }
+}

infra/terraform/prod/cloudfront.tf

@@ -0,0 +1,46 @@
+resource "aws_cloudfront_distribution" "wikijump_cf_distro" {
+    enabled                 = true
+    is_ipv6_enabled         = true
+    default_root_object     = "index.php"
+
+    aliases                 = [var.web_domain, var.files_domain]
+
+    origin {
+        domain_name         = aws_lb.wikijump_elb.dns_name
+        origin_id           = "wikijump_elb"
+        custom_header {
+            name            = "X-CLOUDFRONT-WIKIJUMP-AUTH"
+            value           = var.cf_auth_token
+        }
+    }
+
+    restrictions {
+      geo_restriction {
+        restriction_type  = "none"
+      }
+    }
+
+    default_cache_behavior {
+    allowed_methods         = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods          = ["GET", "HEAD"]
+    target_origin_id        = "wikijump_elb"
+
+    forwarded_values {
+      query_string          = true
+
+      cookies {
+        forward             = "all"
+      }
+    }
+
+    viewer_protocol_policy  = "redirect-to-https"
+    min_ttl                 = 0
+    default_ttl             = 60
+    compress                = true
+    max_ttl                 = 60
+    }
+
+    viewer_certificate {
+        acm_certificate_arn = aws_acm_certificate.cf_wildcard_cert.arn
+  }
+}

infra/terraform/prod/codebuild.tf

@@ -0,0 +1 @@
+# TBD - May not be needed if we choose to use GitHub Actions.

infra/terraform/prod/codepipeline.tf

@@ -0,0 +1 @@
+# TBD - May not be needed if we choose to use GitHub Actions.

infra/terraform/prod/ecr.tf

@@ -0,0 +1,9 @@
+resource "aws_ecr_repository" "wikijump_ecr" {
+    name                        = "wikijump-${var.environment}"
+    encryption_configuration {
+      encryption_type = "KMS"
+    }
+    image_scanning_configuration {
+        scan_on_push            = true
+  }
+}

infra/terraform/prod/ecs.tf

@@ -0,0 +1,26 @@
+resource "aws_ecs_service" "wikijump" {
+    name    = "wikijump-${var.environment}"
+    cluster = aws_ecs_cluster.wikijump_ecs_cluster.id
+    task_definition = aws_ecs_task_definition.wikijump_task.arn
+    desired_count   = 1  # This will be a var as we grow
+
+    load_balancer {
+        target_group_arn    = aws_lb_target_group.elb_target_group.arn
+        container_name      = "wikijump"
+        container_port      = 80
+    }
+}
+
+resource "aws_ecs_task_definition" "wikijump_task" {
+    family  = "wikijump-${var.environment}-family"
+    container_definitions   = file("task-definitions/wikijump.json")
+    requires_compatibilities    = ["FARGATE"]
+    cpu                         = 256  # 1024 = 1 vCPU
+    memory                      = 512  # MiB
+}
+
+resource "aws_ecs_cluster" "wikijump_ecs_cluster" {
+  name                  = "wikijump-${var.environment}"
+  # Using Spot as a cost-saving measure for now. This will end up being dependent on environment.
+  capacity_providers    = ["FARGATE_SPOT"]
+}

infra/terraform/prod/elasticache.tf

@@ -0,0 +1,40 @@
+resource "aws_elasticache_cluster" "wikijump_cache" {
+  cluster_id           = "wikijump-cache-${var.environment}"
+  engine               = "memcached"
+  node_type            = var.cache_ec2_size
+  num_cache_nodes      = var.cache_num_nodes
+  parameter_group_name = "default.memcached1.5"
+  port                 = 11211
+  subnet_group_name    = aws_elasticache_subnet_group.cache_subnet.name
+  security_group_names = [aws_security_group.elasticache_sg.name]
+}
+
+resource "aws_elasticache_subnet_group" "cache_subnet" {
+  name       = "wikijump-${var.environment}-cache-subnet"
+  subnet_ids = [aws_subnet.cache_subnet.id]
+}
+
+resource "aws_elasticache_security_group" "elasticache_sg" {
+  name                 = "wikijump-elasticache-${var.environment}"
+  security_group_names = [aws_security_group.elasticache_sg.name]
+}
+
+resource "aws_security_group" "elasticache_sg" {
+    name            = "elasticache_sg_${var.environment}"
+    description     = "Allow 11211 inbound"
+
+    ingress {
+        description = "Memcached"
+        from_port   = 11211
+        to_port     = 11211
+        protocol    = "tcp"
+        cidr_blocks = [var.container_subnet]  # Probably a cleaner way to do this is getting vars from ECS
+    }
+
+    egress {
+        from_port   = 0
+        to_port     = 0
+        protocol    = "-1"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+}