Upgrades to Leverage CloudFront Features and Improved Update Performa…

…nce (#113) * WIP - Something is wrong with file ingestion. But this updates how the cloudfront distribution is configured, deals better with updates, and thinks critically about the S3 vs CloudFront CORS header configurations. * D-32: This adds support for HTTP/2, but that required I update the AWS SDK which led to some more configuration tweaks. This adds support for TLSv1.2, superior S3 - CloudFront Header synchronization logic, and more robust CloudFront configuration updates. * DS-32: Tuned the update detection for CloudFront configuration and Route53 record updates. Cleaned up the logging a little bit. * Version bump * Trying a less permissive node engine value * Adjusted travis job, because Node 9 is messing things up there. * Stupid version bump
pandastrike · Nov 6, 2017 · 133bfc4 · 133bfc4
1 parent 2628359
commit 133bfc4
Show file tree

Hide file tree

Showing 17 changed files with 5,006 additions and 87 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,5 @@
 language: node_js
 node_js:
-  - "node"
   - "6"
   - "5"
   - "4"

diff --git a/configuration-schema/definitions.yaml b/configuration-schema/definitions.yaml
@@ -42,15 +42,36 @@ environment:
       type: object
       additionalProperties: false
       properties:
+        httpVersion:
+          description:
+            Determines the network protocol to serve content to clients. HTTP/2
+            is newer and more awesome, so when this value is omitted, Haiku
+            deafults to that protocol.
+          type: string
+          enum: [ "http1.1", "http2" ]
+
         ssl:
-          description: Sets whether CloudFront should use SSL when serving.
+          description:
+            Determines if CloudFront should use SSL when serving.  When this is
+            omitted, Haiku defaults to false. Don't forget to have your SSL cert
+            sorted before you set it to true.
           type: boolean
 
+        protocol:
+          description:
+            Sets the TLS protocol version to use when setting up your site to
+            serve over HTTPS.  Higher versions are not supported by older
+            clients, but they leverage more robust cryptography and signalling.
+            When this is omitted, Haiku defaults to vTLSv1.2_2018.
+          type: string
+          enum: [ "SSLv3", TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018" ]
+
         expires:
           description:
             The maximum amount of time, in seconds, that an object stays
             cached in the edge server before additional requests are forwarded
-            to the S3 bucket to check for updates.
+            to the S3 bucket to check for updates.  When this value is omitted,
+            Haiku defaults to 60 seconds.
           type: integer
           minimum: 0
           maximum: 3153600000
@@ -60,7 +81,8 @@ environment:
             Sets the extent to which content is cached on CloudFronts edge
             servers.  By limiting to edge servers in cheaper locations
             throughout the world, you can lower your expenses at the cost of
-            less coverage.  Defaults to 100, which is cheapest.
+            less coverage.  When this value is omitted, Haiku defaults to 100,
+            which is cheapest, but comes with the smallest coverage area.
           anyOf:
             - type: string
               enum: [ "100", "200", "All"]
@@ -75,7 +97,6 @@ environment:
             default headers, but not cache them.  You may specify a wildcard,
             which forwards all headers, but it cannot leverage caching.
           type: array
-          minItems: 1
           items:
             type: string
             minLength: 1
@@ -94,10 +115,12 @@ cors:
 
 corsRuleDefault:
   description:
-    This defines the CORS rule when specifying the default, permissive configuration.
-    It allows GET requests from any domain, using any headers, and exposes all headers in the response.
+    This defines the CORS rule when specifying an easy, permissive configuration.  This circumvents
+    the browser's enforcement of the CORS mechanism by allowing GET requests from any domain,
+    using any headers.  This is good for getting started, but consider setting this to something
+    more specific as your project matures.
   type: string
-  enum: [ default ]
+  enum: [ permissive, wildstyle, fuck-it, fuck-this-thing-in-particular ]
 
 corsRuleSingle:
   description:

diff --git a/examples/cross-site-cdn/h9.yaml b/examples/cross-site-cdn/h9.yaml
@@ -8,8 +8,7 @@ aws:
   site:
     index: index
     error: 404
-  cors: default
-
+  cors: permissive
 
   environments:
     staging:
@@ -25,10 +24,6 @@ aws:
         expires: 1800 # 30 minutes
         ssl: true
         priceClass: 100
-        headers:
-          - Origin
-          - Access-Control-Request-Method
-          - Access-Control-Request-Headers
 
     nonSSL:
       hostnames:

diff --git a/examples/cross-site-cdn/www/index.jade b/examples/cross-site-cdn/www/index.jade
@@ -9,7 +9,7 @@ html(lang="en")
     script(type='text/javascript', src='/site.js')
   body
 
-    h1 Hello There
+    h1 Hello There!
     p If you're seeing this page, you've successfully deployed the test page.  Click the button below to confirm JavaScript functionality.
 
     button(onclick="reveal()") Click Me!