Domain Map

README.md

@@ -48,6 +48,15 @@ The following are dependencies which need to be created:
 | `coe-ecr-etl-tasks`   | ECR Repository for storing Task Images - [repo](https://github.com/dfpc-coe/ecr)  |
 | `coe-elb-access`      | Centralized ELB Logs - [repo](https://github.com/dfpc-coe/elb-logs) |
 
+An AWS ACM certificate must also be generated that covers the subdomain that CloudTAK is deployed to as well
+as the second level wildcard. Where in the example below CloudTAK is deployed to ie: `map.example.com` The second
+level wildcard will be used for serving tiles, currently configured to be `tiles.map.example.com`
+
+IE:
+```
+*.example.com
+*.map.example.com
+```
 
 ### Optional Dependencies that can be deployed at any time
 

api/Dockerfile

@@ -29,5 +29,6 @@ RUN npm run lint \
 COPY ./nginx.conf /etc/nginx/nginx.conf
 
 CMD memcached -d -u root \
+    && sed -i "s/API_URL/${API_URL}/g" /etc/nginx/nginx.conf \
     && nginx \
     && npm run prod

api/lib/config.ts

@@ -115,21 +115,30 @@ export default class Config {
             process.env.AWS_DEFAULT_REGION = 'us-east-1';
         }
 
-        let SigningSecret, API_URL, DynamoDB, Bucket, HookURL;
+        let SigningSecret, API_URL, PMTILES_URL, DynamoDB, Bucket, HookURL;
         if (!process.env.StackName || process.env.StackName === 'test') {
             process.env.StackName = 'test';
 
             SigningSecret = 'coe-wildland-fire';
             API_URL = 'http://localhost:5001';
             Bucket = process.env.ASSET_BUCKET;
+            PMTILES_URL = 'http://localhost:5001';
         } else {
             if (!process.env.StackName) throw new Error('StackName env must be set');
             if (!process.env.API_URL) throw new Error('API_URL env must be set');
-            if (!process.env.PMTILES_URL) throw new Error('PMTILES_URL env must be set');
             if (!process.env.ASSET_BUCKET) throw new Error('ASSET_BUCKET env must be set');
 
             HookURL = process.env.HookURL;
-            API_URL = process.env.API_URL;
+
+            const apiUrl = new URL(`http://${process.env.API_URL}`);
+            if (apiUrl.hostname === 'localhost') {
+                API_URL = `http://${process.env.API_URL}`;
+                PMTILES_URL = 'http://localhost:5001'
+            } else {
+                PMTILES_URL = `https://tiles.${process.env.API_URL}`;
+                API_URL = String(`https://${process.env.API_URL}`);
+            }
+
             Bucket = process.env.ASSET_BUCKET;
             DynamoDB = process.env.StackName;
             SigningSecret = await Config.fetchSigningSecret(process.env.StackName);
@@ -163,10 +172,9 @@ export default class Config {
             nosinks: (args.nosinks || false),
             nocache: (args.nocache || false),
             TileBaseURL: process.env.TileBaseURL ? new URL(process.env.TileBaseURL) : new URL('./data-dev/zipcodes.tilebase', import.meta.url),
-            PMTILES_URL: process.env.PMTILES_URL || 'http://localhost:5001',
             StackName: process.env.StackName,
             wsClients: new Map(),
-            server, SigningSecret, API_URL, DynamoDB, Bucket, pg, models, HookURL
+            server, SigningSecret, API_URL, DynamoDB, Bucket, pg, models, HookURL, PMTILES_URL
         });
 
         if (!config.silent) {

api/nginx.conf

@@ -30,7 +30,7 @@ http {
         add_header 'Referrer-Policy' 'strict-origin-when-cross-origin' always;
         add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains; preload' always;
         add_header 'Permissions-Policy' 'fullscreen=(self), geolocation=(self), clipboard-read=(self), clipboard-write=(self)' always;
-        add_header 'Content-Security-Policy' "default-src 'self'; img-src 'self' data:; worker-src 'self' blob:; style-src-attr 'unsafe-inline'; upgrade-insecure-requests;" always;
+        add_header 'Content-Security-Policy' "default-src 'self' *.API_URL; img-src 'self' data: *.API_URL; worker-src 'self' blob:; style-src-attr 'unsafe-inline'; upgrade-insecure-requests;" always;
 
         location / {
             if ($request_uri ~ ^/(.*)\.html) {

api/web/src/components/CloudTAK/Menu.vue

@@ -29,7 +29,7 @@
                         <div class='modal-title'>
                             Sidebar
                         </div>
-                        <div />
+                        <div/>
                     </div>
                 </div>
                 <div
@@ -38,7 +38,7 @@
                 >
                     <div
                         role='menuitem'
-                        class='cursor-pointer col-12 d-flex align-items-center justify-content-center'
+                        class='cursor-pointer col-12 d-flex align-items-center'
                         :class='{
                             "py-2 px-3 hover-dark": !compact,
                             "py-1 px-2 hover-button": compact
@@ -52,6 +52,7 @@
                             }'
                             :tabindex='compact ? 0 : undefined'
                             title='Open Settings Panel'
+                            :class='{ "mx-2": compact }'
                             :size='32'
                             :stroke='1'
                         />

cloudformation/CloudTAK.template.js

@@ -32,11 +32,11 @@ export default cf.merge(
                 Default: 'prod'
             },
             HostedURL: {
-                Description: 'URL of domain/subdomain at which the API is hosted',
+                Description: 'URL of domain/subdomain at which the API is hosted ie: "map.example.com"',
                 Type: 'String'
             },
             SSLCertificateIdentifier: {
-                Description: 'ACM SSL Certificate for HTTP Protocol',
+                Description: 'ACM SSL Certificate for top level wildcard: *.example.com and second level *.map.example.com',
                 Type: 'String'
             }
         }

cloudformation/lib/api.js

@@ -408,7 +408,6 @@ export default {
                         { Name: 'StackName', Value: cf.stackName },
                         { Name: 'ASSET_BUCKET', Value: cf.ref('AssetBucket') },
                         { Name: 'API_URL', Value: cf.ref('HostedURL') },
-                        { Name: 'PMTILES_URL', Value: cf.join(['https://', cf.ref('PMTilesLambdaAPI'), '.execute-api.', cf.region, '.amazonaws.com']) },
                         { Name: 'AWS_DEFAULT_REGION', Value: cf.region },
                         { Name: 'VpcId', Value: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-vpc'])) },
                         { Name: 'SubnetPublicA', Value: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-public-a'])) },
@@ -492,7 +491,6 @@ export default {
                     }]
                 },
                 Path: '/',
-                Policies: [],
                 ManagedPolicyArns: [
                     cf.join(['arn:', cf.partition, ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'])
                 ]
@@ -509,7 +507,7 @@ export default {
             Export: {
                 Name: cf.join([cf.stackName, '-hosted'])
             },
-            Value: cf.ref('HostedURL')
+            Value: cf.join(['https://', cf.ref('HostedURL')])
         },
         ETLRole: {
             Description: 'ETL Lambda Role',

cloudformation/lib/batch.js

@@ -15,7 +15,7 @@ export default {
                     },
                     Environment: [
                         { Name: 'StackName', Value: cf.stackName },
-                        { Name: 'TAK_ETL_URL', Value: cf.ref('HostedURL') },
+                        { Name: 'TAK_ETL_URL', Value: cf.join(['https://', cf.ref('HostedURL')]) },
                         { Name: 'TAK_ETL_BUCKET', Value: cf.ref('AssetBucket') }
                     ],
                     JobRoleArn: cf.getAtt('BatchJobRole', 'Arn'),

cloudformation/lib/events.js

@@ -14,7 +14,7 @@ export default {
                 PackageType: 'Image',
                 Environment: {
                     Variables: {
-                        TAK_ETL_API: cf.ref('HostedURL'),
+                        TAK_ETL_API: cf.join(['https://', cf.ref('HostedURL')]),
                         StackName: cf.stackName,
                         SigningSecret: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/api/secret:SecretString::AWSCURRENT}}')
                     }

cloudformation/lib/hooks.js

@@ -41,7 +41,7 @@ export default {
                 PackageType: 'Image',
                 Environment: {
                     Variables: {
-                        TAK_ETL_API: cf.ref('HostedURL'),
+                        TAK_ETL_API: cf.join(['https://', cf.ref('HostedURL')]),
                         StackName: cf.stackName,
                         SigningSecret: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/api/secret:SecretString::AWSCURRENT}}')
                     }

cloudformation/lib/pmtiles.js

@@ -14,7 +14,7 @@ export default {
                 Environment: {
                     Variables: {
                         BUCKET: cf.join('-', [cf.stackName, cf.accountId, cf.region]),
-                        APIROOT: cf.join(['https://', cf.ref('PMTilesLambdaAPI'), '.execute-api.', cf.region, '.amazonaws.com']),
+                        APIROOT: cf.join(['https://tiles.', cf.ref('HostedURL')]),
                         SigningSecret: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/api/secret:SecretString::AWSCURRENT}}')
                     }
                 },
@@ -93,10 +93,28 @@ export default {
                 }]
             }
         },
+        PMTilesApiDomain: {
+            Type: 'AWS::ApiGateway::DomainName',
+            Properties: {
+                DomainName: cf.join(['tiles.', cf.ref('HostedURL')]),
+                RegionalCertificateArn: cf.join(['arn:', cf.partition, ':acm:', cf.region, ':', cf.accountId, ':certificate/', cf.ref('SSLCertificateIdentifier')]),
+                EndpointConfiguration: {
+                    Types: ['REGIONAL']
+                }
+            }
+        },
+        PMTilesApiMap: {
+            Type: 'AWS::ApiGateway::BasePathMapping',
+            Properties: {
+                DomainName: cf.ref('PMTilesApiDomain'),
+                RestApiId: cf.ref('PMTilesLambdaAPI')
+            }
+        },
         PMTilesLambdaAPI: {
             Type: 'AWS::ApiGateway::RestApi',
             Properties: {
                 Name: 'PMtiles Rest API',
+                DisableExecuteApiEndpoint: true,
                 EndpointConfiguration: {
                     Types: ['REGIONAL']
                 }
@@ -114,6 +132,7 @@ export default {
             Type: 'AWS::ApiGateway::Deployment',
             DependsOn: ['PMTilesLambdaAPIResourceGET'],
             Properties: {
+                Description: cf.stackName,
                 RestApiId: cf.ref('PMTilesLambdaAPI')
             }
         },
@@ -175,7 +194,7 @@ export default {
     Outputs: {
         PMTilesAPI: {
             Description: 'PMTiles API',
-            Value: cf.join(['https://', cf.ref('PMTilesLambdaAPI'), '.execute-api.', cf.region, '.amazonaws.com']),
+            Value: cf.join(['https://tiles.', cf.ref('HostedURL')]),
             Export: {
                 Name: cf.join([cf.stackName, '-pmtiles-api'])
             }