aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xcsit.infra.dash/do_certs.sh28
-rw-r--r--csit.infra.dash/docker-compose-local.yaml74
-rw-r--r--csit.infra.dash/docker-compose.yaml40
-rw-r--r--csit.infra.dash/nginx/conf.d/default.conf33
-rw-r--r--csit.infra.dash/nginx/ssl/CA.crt17
-rw-r--r--csit.infra.dash/nginx/ssl/CA.key30
-rw-r--r--csit.infra.dash/nginx/ssl/CA.pem17
-rw-r--r--csit.infra.dash/nginx/ssl/CA.srl1
-rw-r--r--csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt20
-rw-r--r--csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr16
-rw-r--r--csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext8
-rw-r--r--csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key27
12 files changed, 273 insertions, 38 deletions
diff --git a/csit.infra.dash/do_certs.sh b/csit.infra.dash/do_certs.sh
new file mode 100755
index 0000000000..f20ddbc5ef
--- /dev/null
+++ b/csit.infra.dash/do_certs.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+mkdir -p ./nginx/ssl
+cd ./nginx/ssl
+
+FILE_NAME="subdomains.amazonaws.com"
+
+openssl genrsa -des3 -out CA.key 2048
+
+openssl req -x509 -new -nodes -key CA.key -sha256 -days 8000 -out CA.pem
+
+openssl x509 -in CA.pem -inform PEM -out CA.crt
+
+openssl genrsa -out $FILE_NAME.key 2048
+openssl req -new -key $FILE_NAME.key -out $FILE_NAME.csr
+
+cat > $FILE_NAME.ext << EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = *.amazonaws.com
+DNS.2 = *.us-east-1.amazonaws.com
+DNS.3 = *.s3.amazonaws.com
+EOF
+
+openssl x509 -req -in $FILE_NAME.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out $FILE_NAME.crt -days 8000 -sha256 -extfile $FILE_NAME.ext \ No newline at end of file
diff --git a/csit.infra.dash/docker-compose-local.yaml b/csit.infra.dash/docker-compose-local.yaml
new file mode 100644
index 0000000000..96b4ccec82
--- /dev/null
+++ b/csit.infra.dash/docker-compose-local.yaml
@@ -0,0 +1,74 @@
+version: "3.7"
+services:
+ cdash:
+ build: "."
+ command: "uwsgi --ini app.ini --workers 4"
+ depends_on:
+ - "reverse"
+ environment:
+ FLASK_DEBUG: 1
+ FLASK_ENV: "development"
+ AWS_CA_BUNDLE: "/CA.pem"
+ AWS_ACCESS_KEY_ID: "ULor0DynBBhGccZI"
+ AWS_SECRET_ACCESS_KEY: "6HFce4poYcQPTHExggxqTnQnd4ATlVvH"
+ networks:
+ - "lntk"
+ ports:
+ - "5000:5000"
+ user: "${UID}:${GID}"
+ volumes:
+ - "${PWD}/app/:/app"
+ - "${PWD}/../resources/libraries/python/jumpavg/:/app/cdash/jumpavg"
+ - "${PWD}/nginx/ssl/CA.pem:/CA.pem"
+ minio:
+ image: "quay.io/minio/minio:latest"
+ command: server --console-address ":9001" /data
+ environment:
+ MINIO_ROOT_USER: "minioadmin"
+ MINIO_ROOT_PASSWORD: "minioadmin"
+ healthcheck:
+ test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
+ interval: "30s"
+ timeout: "5s"
+ retries: 3
+ networks:
+ - "lntk"
+ ports:
+ - "9001:9001"
+ volumes:
+ - "data:/data"
+ mc:
+ image: "quay.io/minio/mc:latest"
+ depends_on:
+ - "minio"
+ entrypoint: >
+ /bin/sh -c "
+ /usr/bin/mc config host rm local;
+ /usr/bin/mc config host add --quiet --api s3v4 local http://minio:9000 minioadmin minioadmin;
+ /usr/bin/mc mb --quiet --ignore-existing local/fdio-docs-s3-cloudfront-index/;
+ #/usr/bin/mc cp --recursive /data/ local/fdio-docs-s3-cloudfront-index/;
+ "
+ networks:
+ - "lntk"
+ volumes:
+ - type: "bind"
+ source: "${HOME}/fdio-docs-s3-cloudfront-index/"
+ target: "/data/"
+ reverse:
+ image: "nginx:latest"
+ depends_on:
+ - "minio"
+ - "mc"
+ networks:
+ lntk:
+ aliases:
+ - "s3.amazonaws.com"
+ - "fdio-docs-s3-cloudfront-index.s3.amazonaws.com"
+ volumes:
+ - "./nginx/conf.d:/etc/nginx/conf.d"
+ - "./nginx/ssl:/etc/nginx/certs"
+volumes:
+ data:
+networks:
+ lntk:
+ driver: bridge \ No newline at end of file
diff --git a/csit.infra.dash/docker-compose.yaml b/csit.infra.dash/docker-compose.yaml
index 4ec4f21eb6..d65de902b5 100644
--- a/csit.infra.dash/docker-compose.yaml
+++ b/csit.infra.dash/docker-compose.yaml
@@ -2,14 +2,11 @@ version: "3.7"
services:
cdash:
build: "."
- command: "uwsgi --ini app.ini --workers 1"
- depends_on:
- - "minio"
- - "mc"
+ command: "uwsgi --ini app.ini --workers 2"
environment:
FLASK_DEBUG: 1
FLASK_ENV: "development"
- mem_limit: "4g"
+ mem_limit: "2g"
ports:
- "5000:5000"
user: "${UID}:${GID}"
@@ -17,36 +14,3 @@ services:
- "${PWD}/app/:/app"
- "${PWD}/../resources/libraries/python/jumpavg/:/app/cdash/jumpavg"
- "${HOME}/.aws:/.aws"
- minio:
- image: "quay.io/minio/minio:latest"
- command: server --console-address ":9001" /data
- environment:
- MINIO_ROOT_USER: "minioadmin"
- MINIO_ROOT_PASSWORD: "minioadmin"
- expose:
- - "9000"
- healthcheck:
- test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
- interval: "30s"
- timeout: "20s"
- retries: 3
- ports:
- - "9001:9001"
- volumes:
- - "data:/data"
- mc:
- image: "quay.io/minio/mc:latest"
- depends_on:
- - "minio"
- entrypoint: >
- /bin/sh -c "
- /usr/bin/mc config host rm local;
- /usr/bin/mc config host add --quiet --api s3v4 local http://minio:9000 minioadmin minioadmin;
- /usr/bin/mc mb --quiet --ignore-existing local/fdio-docs-s3-cloudfront-index/;
- /usr/bin/mc anonymous set public local/fdio-docs-s3-cloudfront-index;
- "
- # mc alias set aws https://s3.amazon.com/endpoint ACCESS_KEY SECRET KEY
- # mc admin info aws
-volumes:
- data:
-# external: true
diff --git a/csit.infra.dash/nginx/conf.d/default.conf b/csit.infra.dash/nginx/conf.d/default.conf
new file mode 100644
index 0000000000..3670c1f548
--- /dev/null
+++ b/csit.infra.dash/nginx/conf.d/default.conf
@@ -0,0 +1,33 @@
+upstream minio {
+ server minio:9000;
+}
+
+server_names_hash_bucket_size 512;
+
+server {
+ listen 80;
+ listen 443 ssl;
+
+ ssl_certificate /etc/nginx/certs/subdomains.amazonaws.com.crt;
+ ssl_certificate_key /etc/nginx/certs/subdomains.amazonaws.com.key;
+
+ server_name ~^(?<bucketname>.+)\.s3\.amazonaws\.com$;
+
+ location / {
+ proxy_pass http://minio/$bucketname/$request_uri;
+ }
+}
+
+server {
+ listen 80;
+ listen 443 ssl default_server;
+
+ ssl_certificate /etc/nginx/certs/subdomains.amazonaws.com.crt;
+ ssl_certificate_key /etc/nginx/certs/subdomains.amazonaws.com.key;
+
+ server_name _;
+
+ location / {
+ proxy_pass http://minio;
+ }
+} \ No newline at end of file
diff --git a/csit.infra.dash/nginx/ssl/CA.crt b/csit.infra.dash/nginx/ssl/CA.crt
new file mode 100644
index 0000000000..c743622f8b
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZgCCQC3O6fjI4VvqzANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA8q
+LmFtYXpvbmF3cy5jb20wHhcNMjIxMTIyMDk0NzAzWhcNNDQxMDE3MDk0NzAzWjAa
+MRgwFgYDVQQDDA8qLmFtYXpvbmF3cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCwb17BF0gcSsnu9e7Cc5q1PDqGp4MCrPxhX5yFtdt1KW3X4K24
+yGy9AuJkkrgm9IJVBYzONTr4zVPiHo8X5lfjRzqHbNFWDJQ4aNefgN9vONysyWGX
+2zyDYWKzACnP9mtzesNl4SktYmdN4ZLpEMfoU1kBUZb/Xkeoq8EavbTG9EkwSuqC
+M5CTV24V2pIqX9CDHf88K6U4wrnsPJ8jczpdna94FO/sJk5SZhqZ1MUWwez+i91B
+5jAq9KRf896hTplDac+gW0/0RRIfPo/cg8W7RPcjLGFVppCf6rJcoDO1J5orhEU7
+diVDiwrDxywA2IR5ekYQ9iizgMGv9zqZ709lAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBABXPLrRX7WZokT+8XKO6ZSir5dmNoylyPZiB0ov0dxFn058ZlIS/WCRj3a7X
+/rEWVS4K/Z4HK6ZbqStbGOPMhCinKrDpYl7q9X4FoHV5+R68sICtxf/p3DNtVM8a
+v5r2YA/kRFRbS0VqbuBp7SfdaJBhEHaTuq+Zf72anDJamXFqudssELFdNCxNFq3o
+gPgkG6Bk4LR5tlIy66qDAgVfAhgX4kzYq5qf++ZXWjHenrD783VWY3YZbQ0oTdmI
+YRgTv80HxxXfL8gmJpSFiLIBBDQrCk+UsnSoAB6DIm9voFTCB/1JX6GHJCE0dgoZ
+5xpRukdvF0zLyz2L8EiXBxu8bgU=
+-----END CERTIFICATE-----
diff --git a/csit.infra.dash/nginx/ssl/CA.key b/csit.infra.dash/nginx/ssl/CA.key
new file mode 100644
index 0000000000..858f4d5dc3
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8E772B352ABFD2D5
+
+Fx0JCQmXrZKUX76UtWpF+LwCSlA9w90Wx9ny4sJVJY9QdL3F/7gdPJgRqQd6MSIR
+8DDQif0jr/do3NcluNWuz3YKNDFonw/401Xn8RRfmjLjQU/0GozIPb2jnGOtAbaL
+t2OkqRTWwEHn1IiiPOzcx0/jJb+/Wttrvvo0BAwJ0YsDjLbC3Q+j6Aa5QlJL5g5+
+LOK4Ti6qXXeYD5NX4ohnzRVWvM0LH7qZ+FDG5MjwY2MH/GWjrdsq9FrETYPSqX7a
+GXK9fM7AP2D8ftPr6s0AXVvk2bYmj4csGSbyLgix43XGxaTe3Xv6Kv3oQR188qQT
+sDKcCnj0d25Fb5YnO2wJ4mXG88Ci8ArxpnfWR53jz+kxkGG7s5VfU8NJH2P+eiJF
+XrtlGk2NP2rUPWSlUzxgis1I5usV5glBJv5cf4XREPiF3VFbX9V7ww5QpTicyqTj
+6BRrYMaYlm4lavJStldNOGRwMrQGTfg5Dwsn+6tjQQmYKWQ9Ip6BhPAiVK0q7N/t
+ppA6qkhyrumLCnS11Ozfc3tokc5iaQP2AsVSlneUvnILtxkPg/OhGQ8y9la2NwO+
+MdahHXoY3EHUcCMutZYlsz8NRKol2YAbQmIW3DOETbIs36oFSXESrYmPg2LKud17
+n8ET8b9NSGTCk7BUoP2tlqm4ydzLpoW94CChGWwW4fzD64mpunuiDzqBTYUhy3GX
+/raJW4aeP8v4jtxdaUu8FSABjQtusGRzL/mY9C+6X0QNqMf8HPS2BfTntDCj/NNw
+/FMNst8ZkZONBnc4SM9rmk8egTY/kEjv8Lp0sIYECsJOTKHn8gllwTxvaf9u1ssD
+I4L/7WGnEYAJ7XtUtdupxKJkW7g+yFmDPk8/yRmyZDZicFMhVkIvX0dSLMRvDVZq
+pi7yRGbmTvnWA/HtyyAvYkSqZ+75zJd6/07mlXmXA+A79LOOGsF2FKY/79IY4bUN
+IZOsIhA6ovglfSbFNPRUZefGwsIvpJtBu49fYBKUhpVrwLTRlxu9E9hINKS4Ky4H
+N9ZNbxXzQKlfSVAyVmTyATAzrPuhNBH7KgfWt0mJJpZtHnZSW0Rp0e2tDy/HALWN
+xkof2vsZbH7OxMF8eVKDlBfYhpJgsvbBmChIhf/YnVTBaAXmOXmdMFOOqhlCebAu
+mv5CFqvH1Ihpxo8QvXUh5dD+P2mzOQqx0iFtFw6+f0zxzmfgIGH+BJkqE/DPYVnm
+6yPCVbqhDIh6qEkreTmjqfcOsC1gdNDg0EOqzbGJYlYznCVJ32/Ff919t/1zjZnm
+GOxVSHh8etkrNl4tOzJJTbJ9PDH7g+EV/cpSMqnMc/oJmNr+YJpHnBkB6SexK+fJ
+Twd8n3UY0Di1+4VJRxPo6fNyg8VzAfnDPDZnIgPMxrhMtmv7oETsc5ske/mBGFKG
+2znNp89lSz521P4Xs7KT/+DuxSX/yOsyIbb+jnFp0xWNPrHdMmDkHGxL9AAHsAKw
+C975SXijc/5/yiMurLlWPWqpBudRiyqwiS8RnjuQzM2q9Ta4dLA/jdvYStIrJdwZ
+qxWzNWDzOur+BFavg3ywSxYRlAKs08AlcEMpJA6VxCC7uRL5OuorcPEqxDhjBfnI
+-----END RSA PRIVATE KEY-----
diff --git a/csit.infra.dash/nginx/ssl/CA.pem b/csit.infra.dash/nginx/ssl/CA.pem
new file mode 100644
index 0000000000..c743622f8b
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZgCCQC3O6fjI4VvqzANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA8q
+LmFtYXpvbmF3cy5jb20wHhcNMjIxMTIyMDk0NzAzWhcNNDQxMDE3MDk0NzAzWjAa
+MRgwFgYDVQQDDA8qLmFtYXpvbmF3cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCwb17BF0gcSsnu9e7Cc5q1PDqGp4MCrPxhX5yFtdt1KW3X4K24
+yGy9AuJkkrgm9IJVBYzONTr4zVPiHo8X5lfjRzqHbNFWDJQ4aNefgN9vONysyWGX
+2zyDYWKzACnP9mtzesNl4SktYmdN4ZLpEMfoU1kBUZb/Xkeoq8EavbTG9EkwSuqC
+M5CTV24V2pIqX9CDHf88K6U4wrnsPJ8jczpdna94FO/sJk5SZhqZ1MUWwez+i91B
+5jAq9KRf896hTplDac+gW0/0RRIfPo/cg8W7RPcjLGFVppCf6rJcoDO1J5orhEU7
+diVDiwrDxywA2IR5ekYQ9iizgMGv9zqZ709lAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBABXPLrRX7WZokT+8XKO6ZSir5dmNoylyPZiB0ov0dxFn058ZlIS/WCRj3a7X
+/rEWVS4K/Z4HK6ZbqStbGOPMhCinKrDpYl7q9X4FoHV5+R68sICtxf/p3DNtVM8a
+v5r2YA/kRFRbS0VqbuBp7SfdaJBhEHaTuq+Zf72anDJamXFqudssELFdNCxNFq3o
+gPgkG6Bk4LR5tlIy66qDAgVfAhgX4kzYq5qf++ZXWjHenrD783VWY3YZbQ0oTdmI
+YRgTv80HxxXfL8gmJpSFiLIBBDQrCk+UsnSoAB6DIm9voFTCB/1JX6GHJCE0dgoZ
+5xpRukdvF0zLyz2L8EiXBxu8bgU=
+-----END CERTIFICATE-----
diff --git a/csit.infra.dash/nginx/ssl/CA.srl b/csit.infra.dash/nginx/ssl/CA.srl
new file mode 100644
index 0000000000..1667b600e7
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.srl
@@ -0,0 +1 @@
+E08BC1F5849F5322
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt
new file mode 100644
index 0000000000..e45120b810
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIJAOCLwfWEn1MiMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
+BAMMDyouYW1hem9uYXdzLmNvbTAeFw0yMjExMjIwOTQ3MjBaFw00NDEwMTcwOTQ3
+MjBaMBoxGDAWBgNVBAMMDyouYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMKcVwKqklrYc6DATGflv27Pge2dsQxJBxzQbxz0ZFyp
+M85XVRU5z2QWfDJFgsIfdEtQDpsaGilCINFBioqiIfM+oqwHhDWO5sZ0sNF2MkA7
+mHWKUwkJcS3tZOvIidoZHKA4VFg/7PVIxogLE3oWgh286LSWMTFO2idIBIzKwTUP
+xbWitwnY1HSG8f0SHKrCZM13AVZ5dOASObaU055kH7mKMeGmoykz6qJpaHg6jjA1
+0qHO2ACjrVHtexgtFsJf98L3vKEDZXuZ8/kRBTHwfl/O/bqbhzsL/UeESs7I3rq5
+1LttjPHSHcKiyHpKSQS7/quyIEszCcCfYwrJ8WbQcy0CAwEAAaOBnDCBmTA0BgNV
+HSMELTAroR6kHDAaMRgwFgYDVQQDDA8qLmFtYXpvbmF3cy5jb22CCQC3O6fjI4Vv
+qzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DBJBgNVHREEQjBAgg8qLmFtYXpvbmF3
+cy5jb22CGSoudXMtZWFzdC0xLmFtYXpvbmF3cy5jb22CEiouczMuYW1hem9uYXdz
+LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAQcfEL6odFSM2/Eq16EOJhQU+mptuFBM/
+OqKldxWwGOMYYvRY0zJFgbgoMg8WhHE/c7bC88AUZCCUOYuY2GIP7S/pZdaJXUuH
+H3Cs1MB/sl1msf9PLmSw8m8HfZaH9T+VQW3xSaIEoAWt85zzWph6Rsu7ZzAPNTxl
+mklvslKSUGyhlPlJsfiIo9TGw2uhVn4mLzEAvRtnEfdgr6QlbfCJFRPPs56EkuEL
+cy6a6sul7uTTYkSrJpwh+V6dCcql8q04Nlgrz6REVtzuXWTJWMLNNPWtngZEpGdi
+sOdVNTkC2RZurmU+1YWCy3fv97FPuh7iab4e+Ao2OcPLR9RPkB+8Xg==
+-----END CERTIFICATE-----
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr
new file mode 100644
index 0000000000..37fab51fa2
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICdDCCAVwCAQAwGjEYMBYGA1UEAwwPKi5hbWF6b25hd3MuY29tMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpxXAqqSWthzoMBMZ+W/bs+B7Z2xDEkH
+HNBvHPRkXKkzzldVFTnPZBZ8MkWCwh90S1AOmxoaKUIg0UGKiqIh8z6irAeENY7m
+xnSw0XYyQDuYdYpTCQlxLe1k68iJ2hkcoDhUWD/s9UjGiAsTehaCHbzotJYxMU7a
+J0gEjMrBNQ/FtaK3CdjUdIbx/RIcqsJkzXcBVnl04BI5tpTTnmQfuYox4aajKTPq
+omloeDqOMDXSoc7YAKOtUe17GC0Wwl/3wve8oQNle5nz+REFMfB+X879upuHOwv9
+R4RKzsjeurnUu22M8dIdwqLIekpJBLv+q7IgSzMJwJ9jCsnxZtBzLQIDAQABoBUw
+EwYJKoZIhvcNAQkHMQYMBGZkaW8wDQYJKoZIhvcNAQELBQADggEBAHIBD4z/PsE1
+4AeJgdWIqmtMaHoczmVC4L60PhOKgEdxw47S1/SGcwQZ4fRJT8ycAKmOuZ8lfJ+r
+yfjBQrShWrJhvgu6L49foW3SEwox8s5QmMz7YkN11za8c5rc1IPevHN4jUeLC6s2
+JTmKfHDtOW6lfUDQ5shMms7ticgb+cLwLzWY01XITuc+pcgtSbL0TiICfcDKua1Q
+PkyfRoWZrQ5HT/am2jQtzXChkqahlBTHt9D8vGmyVF8Mm8r9y5T903OBsWM+IiqH
+EseTjia9Ft1yByejsJCf2LG8t11wG5qkCX0pmiZ5ZSnTIEGLTGqlmMSz9RRXWKEg
+iIIQf30VDXU=
+-----END CERTIFICATE REQUEST-----
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext
new file mode 100644
index 0000000000..f442c21c66
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext
@@ -0,0 +1,8 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = *.amazonaws.com
+DNS.2 = *.us-east-1.amazonaws.com
+DNS.3 = *.s3.amazonaws.com
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key
new file mode 100644
index 0000000000..ddeec63530
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwpxXAqqSWthzoMBMZ+W/bs+B7Z2xDEkHHNBvHPRkXKkzzldV
+FTnPZBZ8MkWCwh90S1AOmxoaKUIg0UGKiqIh8z6irAeENY7mxnSw0XYyQDuYdYpT
+CQlxLe1k68iJ2hkcoDhUWD/s9UjGiAsTehaCHbzotJYxMU7aJ0gEjMrBNQ/FtaK3
+CdjUdIbx/RIcqsJkzXcBVnl04BI5tpTTnmQfuYox4aajKTPqomloeDqOMDXSoc7Y
+AKOtUe17GC0Wwl/3wve8oQNle5nz+REFMfB+X879upuHOwv9R4RKzsjeurnUu22M
+8dIdwqLIekpJBLv+q7IgSzMJwJ9jCsnxZtBzLQIDAQABAoIBADl/fYmxIcqrdwZA
+qpJr4/J2ZrnwxFWP4gUWZC3W2ywxZbgKP34k9Wxp5EnqFacLKg3yWk5jGOWlvxJ0
+Xd1157f5gpB3LA2y6eYqpe9ND63ArdvUgZIC8yiRoiazul7w2m9QFUN5p6YU2Wtq
+cle4/LqSjOKGGYSq+nNuqMF8SjdFrGMzvhJ1cy5jkaFFQSacL+SPPXQIv7mdvGn+
+PvtuStvMGZ/9mZdWzF4aYPDWdPSdJDECgsrIqF72wNoAoVY8D4rpiUW/C0gho9p4
+JEOfP/uvPlxIEk0MCfbhNUxECj/WpqrgxOr+U1yG70HpdeOK9z1d+7QtlBdDwlTi
+gP9sn4ECgYEA8YpmwoCmg1BPNI/aOym7Hp1ObKVyMs9UGaRmlvI34b4PVI1dCNgr
+4RRzQ4K1nHXbGuINL+52/piAAgN/LfON1w16J6te7XUJy1OVTZmX5Wf3i9DWzloF
+urLzLYbvigtT5MJNzPRgKUX7kjynko3XTkf4HF1GyuuGn7GqPWmn8c0CgYEAzkK9
+VUxmKV/jSIqEi17SK+8zmAUE7zDWX1MFdqa8Pg9750iVeJBa817v+5ZgBT3IsYG2
+vQ/rxzOaIuHqzR/tTNCbIOoOfQi7f2o9V/Tz+h4ZtV+aMgkX1Kyqp7nFR+OEXZvR
+JzyV+lHCkbTQcnfjBqp/BZs4nsDlmlCIRS8SpuECgYEA4z6M801KW5zBB/iXHrZi
+P6lL0VfOmxMIUp+jjTwRayb/EVN2Rg3rKnWtA8UDzFHtc9tdAM1f0qPzOvHDQ54y
+wjMBzDSkuM82Cb93Zmysxb4M3dP7ZGS5oy8dLqYW009Y/I352GvJ1Mrspma+WVlt
+SU7YlQcExYDVRYVHX0P6J7kCgYBegV3W02aL1o+BEVahtRR/ZN4y7TnRjoLqslNy
+hfsCRH30/uDdmObTU9CJaeEdBa4LBu//uGfDofUhvnmi+tnztDEf554z0+h0/OyW
+fHm9REVrQR6ZhmkQ3PxkVU37HlfrvBUc8TmWtBd+Q2auzBeNWllQ7EoJE0Egb33A
+lUzqgQKBgBniV1kV0oKJUXQZtVHMo+/ApeaScy3fAop6w9yyLMiR6i/ubG8Ix9PJ
+K4JB5YGqF05yBkh6+HEmB+CwDqyoTLAtAEohAppA5YCeJ5YzU3tu/8OyD3DL4fzq
+M/CACaeORtWC5M1XGaluLogvIn/nYEySetAl5AQUjes0l3tQMrlk
+-----END RSA PRIVATE KEY-----