From b005aa00eb420b2b334d054cd719e0e7b56e4c70 Mon Sep 17 00:00:00 2001 From: Mo Sohani Date: Tue, 19 Sep 2023 11:30:50 -0400 Subject: [PATCH] updated README file with deployment commands --- tdrs-backend/clamav-router/README.md | 35 +++++++++++++++++++--------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/tdrs-backend/clamav-router/README.md b/tdrs-backend/clamav-router/README.md index c05ff222d..23f1648cc 100644 --- a/tdrs-backend/clamav-router/README.md +++ b/tdrs-backend/clamav-router/README.md @@ -1,36 +1,49 @@ # CLAMAV In order to have one CLAMAV instance (existing in prod), the Nginx router -for CLAMAV forwards the traffic from 'dev' and 'staging' spaces into +for CLAMAV has to forward the traffic from 'dev' and 'staging' spaces into prod space, where the CLAMAV service exists. ## Deploy Nginx instance To route the clamav traffic to clamav in prod, each space needs to have one instance of _Nginx Router_ which routes traffic to clamav. -In order to deploy the nginx router instance, change your directory to `tdrs-backend/clamav-router/` and run thefollowing command: +In order to deploy the nginx router instance, change your directory to `tdrs-backend/clamav-router/` and run the following command while logged into the target space: ``` -cf push {nginx_instance_name} -f manifest.yml +cf push {nginx_instance_name} -f manifest.yml --no-route ``` -, where _nginx_instance_name_ can be : _tdp-clamav-nginx-test_. +, where _nginx_instance_name_ can be : _tdp-clamav-nginx_. -The instance name then will be set as an environment variable to redirect each instance traffic. +The instance name then will be set as an environment variable to redirect each instance traffic. This will deploy the nginx instance to the target environment. + +## Further communication configurations -## Setup Individual Instances +### Setup Individual Instances First, set the environment variable __AV_SCAN_URL__ as follows: ``` Environment variable name: AV_SCAN_URL -Environment variable value: http://{nginx_instance_name}.apps.internal:9000/scan +Environment variable value: http://{nginx_instance}.apps.internal:9000/scan ``` + +### Add network policy from _{tdp-clamav-nginx}_ to clamav in prod To enable traffic between the "__nginx instance__" and "__clamav instance in production__", we need to add the network policiy and route between the two: -#### Add network policy from _{backend_instance}_ to _tdp-clamav-nginx_ ``` -cf add-network-policy {backend_instance} tdp-clamav-nginx --protocol tcp --port 9000 +cf add-network-policy {nginx_instance} "clamav-rest" -s "tanf-prod" --protocol tcp --port 9000 +``` +e.g: `{nginx_instance_name} = tdp-clamav-nginx-dev` + +### Add network policy from _{backend_instance}_ to _tdp-clamav-nginx_ +``` +cf add-network-policy {backend_instance} {nginx_instance} --protocol tcp --port 9000 ``` where e.g: `backend_instance = tdp-backend-develop` -#### Add route from _{backend_instance}_ to _tdp-clamav-nginx_ +### Add route for _tdp-clamav-nginx_ + + Note: Make sure to delete (if existing) routes that are not being used. In some rare cases, a mal-assigned network policy can interfere with outgoing traffic. As an example, a policy like `cf delete-route app.cloud.gov --hostname tdp-frontend-staging` - Note: Make sure to delete routes that are not being used. In some rare cases, a mal-assigned network policy can interfere with outgoing traffic. As an example, a policy like `cf delete-route app.cloud.gov --hostname tdp-frontend-staging` \ No newline at end of file + ``` + cf map-route {nginx_instance} apps.internal --hostname {nginx_instance} + ``` \ No newline at end of file