Proxies traffic from the Federalist S3 bucket to a CDN broker. Ensures HTTPS and adds the proper headers.

To deploy the app:

$ cf push <app-name> --strategy rolling --vars-file </path/to/vars-file> -f </path/to/manifest>

If the rolling deployment fails for any reason, make sure to clean up by running: $ cf cancel-deployment

When a site is added to Federalist, it will be available through this proxy at https://federalist-proxy.app.cloud.gov/site/<owner>/<repo>. When the site is ready to go live, a CloudFront distribution with the proxy URL as its origin can be provisioned.

cf create-service cdn-route cdn-route YOUR.URL.gov-route -c '
  {
    "domain": "YOUR.URL.gov",
    "origin": "federalist-proxy.app.cloud.gov",
    "path": "/site/org/repo-name"
  }
'

This proxy adds the following headers to the response from the S3 bucket:

• Strict-Transport-Security: max-age=31536000; preload
• X-Frame-Options: SAMEORIGIN
• X-Server: Federalist

To support sites with expanded HSTS headers, the proxy uses the {{ INCLUDE_SUBDOMAINS }} environment variable to identify these requests to provide the expanded header Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. If these Federalist site domains change for any reason, the {{ INCLUDE_SUBDOMAINS }} variable will need to be updated in the manifest.yml.

  docker-compose run --no-deps --rm app npm install

  docker-compose run --no-deps --rm app npm run parse
  docker-compose run --rm app npm test 

  docker-compose run --no-deps --rm app npm run parse:integration
  docker-compose run --rm app npm run test:integration

In order for changes to the nginx.conf file or mock server to be reflected when running the tests, the dockers services must be restarted. This can be done by running docker-compose down before the above commands to parse the nginx.conf and run the tests.

Integration tests use the following S3 buckets provisioned in the sandbox space in the gsa-18f-federalist cloud.gov organization:

• proxy-integration-test-dedicated
• proxy-integration-test-shared

Before running the tests, make a copy of the .env.sample file named .env and populate with the credentials from corresponding service keys proxy-integration-test-dedicated-key and proxy-integration-test-shared-key in the sandbox space. Ex. cf t -s sandbox && cf service-key proxy-integration-test-dedicated proxy-integration-test-dedicated-key.