6a8582e54d
- Add Cloud for Sovereignty landing zone architecture and deployment - Implement complete legal document management system - Reorganize documentation with improved navigation - Add infrastructure improvements (Dockerfiles, K8s, monitoring) - Add operational improvements (graceful shutdown, rate limiting, caching) - Create comprehensive project structure documentation - Add Azure deployment automation scripts - Improve repository navigation and organization
5.8 KiB
CDN Configuration for Credential Seals
Current Status
CDN Provider: Not yet configured (placeholder URLs in use)
Default URL Pattern: https://cdn.theorder.org/images/
Status: Ready for CDN configuration
Available CDN Options
Based on the infrastructure setup, the following CDN options are available:
1. Azure Blob Storage + CDN (Recommended for Azure Infrastructure)
Why: The infrastructure is primarily Azure-based (Azure Storage, AKS, Key Vault)
Configuration:
# Azure Blob Storage with CDN
CDN_BASE_URL=https://<storage-account>.blob.core.windows.net/images/
# Or with Azure CDN
CDN_BASE_URL=https://<cdn-endpoint>.azureedge.net/images/
Upload Script (Azure):
# Using Azure CLI
az storage blob upload \
--file "${png_file}" \
--container-name images \
--name "${png_file}" \
--account-name <storage-account> \
--auth-mode login
# Set public access
az storage blob set-permission \
--container-name images \
--name "${png_file}" \
--public-access blob \
--account-name <storage-account>
2. AWS S3 + CloudFront (If using AWS)
Why: The storage package supports S3 (@aws-sdk/client-s3)
Configuration:
CDN_BASE_URL=https://<bucket>.s3.<region>.amazonaws.com/images/
# Or with CloudFront
CDN_BASE_URL=https://<cloudfront-id>.cloudfront.net/images/
Upload Script (AWS):
# Using AWS CLI
aws s3 cp "${png_file}" \
"s3://<bucket>/images/${png_file}" \
--acl public-read \
--content-type image/png
3. Cloudflare R2 (Modern Alternative)
Why: Cost-effective, S3-compatible API
Configuration:
CDN_BASE_URL=https://<account-id>.r2.cloudflarestorage.com/images/
# Or with Cloudflare CDN
CDN_BASE_URL=https://<custom-domain>/images/
Upload Script (Cloudflare R2):
# Using rclone
rclone copy "${png_file}" \
r2:images/ \
--s3-provider Cloudflare \
--s3-access-key-id <key> \
--s3-secret-access-key <secret>
4. GitHub Pages / Static Hosting
Why: Simple, free for public repos
Configuration:
CDN_BASE_URL=https://theorder.github.io/assets/images/
5. Custom Domain CDN
Why: Full control, custom branding
Configuration:
CDN_BASE_URL=https://cdn.theorder.org/images/
Recommended Configuration
For Azure Infrastructure (Current Setup)
Recommended: Azure Blob Storage + Azure CDN
-
Create Storage Account:
az storage account create \ --name theordercdn \ --resource-group <rg> \ --location westeurope \ --sku Standard_LRS \ --kind StorageV2 -
Create Container:
az storage container create \ --name images \ --account-name theordercdn \ --public-access blob -
Create CDN Profile (Optional):
az cdn profile create \ --name theorder-cdn \ --resource-group <rg> \ --sku Standard_Microsoft -
Set CDN Base URL:
export CDN_BASE_URL=https://theordercdn.blob.core.windows.net/images/ # Or with CDN export CDN_BASE_URL=https://<cdn-endpoint>.azureedge.net/images/
Current Configuration
Default URLs (Placeholder)
All manifest templates currently use:
https://cdn.theorder.org/images/
Files Using CDN URLs
manifests/entra/default-manifest-template.jsonmanifests/entra/financial-manifest-template.jsonmanifests/entra/judicial-manifest-template.jsonmanifests/entra/diplomatic-manifest-template.json
Update Script
To update all manifest templates with your CDN URL:
CDN_BASE_URL=https://your-cdn.com/images \
./scripts/deploy/update-manifest-seal-urls.sh
Upload Script Template
The upload script template is located at:
assets/credential-images/png/upload-to-cdn.sh
Current Status: Template (needs customization)
To Customize:
- Edit
assets/credential-images/png/upload-to-cdn.sh - Add your CDN provider's upload commands
- Set credentials/environment variables
- Run the script
Next Steps
-
Choose CDN Provider
- Azure Blob Storage + CDN (recommended for Azure infrastructure)
- AWS S3 + CloudFront (if using AWS)
- Cloudflare R2 (cost-effective alternative)
- Custom domain CDN
-
Configure CDN
- Create storage account/container
- Set up CDN endpoint (optional)
- Configure public access
- Set CORS headers (if needed)
-
Upload Files
- Customize
upload-to-cdn.sh - Upload all PNG files
- Verify HTTPS and public access
- Customize
-
Update Configuration
- Set
CDN_BASE_URLenvironment variable - Run
update-manifest-seal-urls.sh - Update manifest templates
- Set
-
Test
- Verify URLs are accessible
- Test image loading
- Test credential issuance
Environment Variables
Set these for CDN configuration:
# CDN Base URL
export CDN_BASE_URL=https://your-cdn.com/images
# Azure (if using)
export AZURE_STORAGE_ACCOUNT=theordercdn
export AZURE_STORAGE_KEY=<key>
export AZURE_STORAGE_CONTAINER=images
# AWS (if using)
export AWS_S3_BUCKET=theorder-images
export AWS_REGION=eu-west-1
# Cloudflare R2 (if using)
export R2_ACCOUNT_ID=<id>
export R2_ACCESS_KEY_ID=<key>
export R2_SECRET_ACCESS_KEY=<secret>
Security Considerations
- HTTPS Required: All CDN URLs must use HTTPS
- Public Access: Images must be publicly accessible
- CORS: Configure CORS if needed for cross-origin requests
- Content-Type: Ensure correct
image/pngcontent type - Cache Headers: Set appropriate cache headers
References
Last Updated: [Current Date]
Status: Ready for CDN configuration