Skip to content
/ terraform-fastly-service Public

Terraform module for more easily defining a Fastly service, following Mastodon common use cases.

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mastodon/terraform-fastly-service

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
logging
logging
 
 
responses
responses
 
 
vcl
vcl
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Mastodon Terraform - Fastly Service for Mastodon Applications

Terraform module for creating all necessary services in Fastly for hosting an official Mastodon application (such as mastodon.social).

Contains much of the logic and default configuration that exists across all official Mastodon instances, while allowing customization where possible.

Requirements

Name Version
terraform >= 1.0.0
fastly >= 5.7.1

Providers

Name Version
fastly 5.10.0

Modules

No modules.

Resources

Name Type
fastly_service_acl_entries.ip_blocklist_entries resource
fastly_service_dictionary_items.as_blocklist_entries resource
fastly_service_dictionary_items.as_request_blocklist_entries resource
fastly_service_dictionary_items.edge_security resource
fastly_service_dictionary_items.ja_blocklist_entries resource
fastly_service_vcl.app_service resource

Inputs

Name Description Type Default Required
android_deep_link Enable assets for Android deep link bool true no
apex_redirect Enable Fastly Apex redirection bool true no
apple_associated_domain Enable associated domain for Apple apps bool true no
as_blocklist Whether to enable the AS blocklist ACLs. Must be managed externally, unless as_blocklist_items is given. bool true no
as_blocklist_items List of Autonomous Systems (AS) to block. This will make the Dictionary object 'managed' by terraform. list(number) [] no
as_blocklist_name Name of the AS blocklist string "AS Blocklist" no
as_request_blocklist_items List of Autonomous Systems (AS) to block from making /api or /explore requests. This will make the Dictionary object 'managed' by terraform. list(number) [] no
as_request_blocklist_name Name of the AS request blocklist string "AS Requests Blocklist" no
backend_address Address to use for connecting to the backend. Can be a hostname or an IP address. string n/a yes
backend_between_bytes_timeout How long to wait between bytes in milliseconds. number 10000 no
backend_ca_cert CA cert to use when connecting to the backend. string n/a yes
backend_first_byte_timeout How long to wait for the first bytes in milliseconds. number 15000 no
backend_name Optional name for the backend. string "" no
backend_port The port number on which the Backend responds. number 443 no
backend_ssl_check Be strict about checking SSL certs when connecting to the backend. bool true no
datadog Whether to send logging info to Datadog bool false no
datadog_region The region that log data will be sent to. string "EU" no
datadog_service Datadog service name to use for logs string "fastly" no
datadog_token API key from Datadog. string "" no
default_ttl The default Time-to-live (TTL) for requests number 0 no
domains Additional domains to assign to this service list(string) [] no
dynamic_compression Whether to dynamically compress responses before sending them bool true no
edge_security Whether to enable the Edge Security blocklist. bool true no
fastly_globeviz_url URL to send traffic data for fastly for their Global Visualization page string "" no
force_tls_hsts Force TLS and HTTP Strict Transport Security (HSTS) to ensure that every request is secure. bool true no
globeviz_service Enables sending traffic information to Fastly's Globeviz page using the given service. string "" no
gzip_default_policy Whether to enable Fastly's default gzip policy bool false no
healthcheck_expected_response Response to expect from a healthy endpoint. number 200 no
healthcheck_host Host to ping for healthcheck. Defaults to hostname. string "" no
healthcheck_method HTTP method to use when doing a healthcheck. string "HEAD" no
healthcheck_name Optional name for the healthcheck. string "" no
healthcheck_path URL to use when doing a healthcheck. string "/health" no
hostname Hostname the service points to. string n/a yes
hsts_duration Number of seconds for the client to remember only to use HTTPS. number 31557600 no
ip_blocklist Whether to enable the IP Blocklist ACL. Must be managed externally, unless ip_blocklist_items is given. bool true no
ip_blocklist_items List of IP CIDRs to block. This will make the ACL object 'managed' by terraform. list(string) [] no
ip_blocklist_name Name for the ACL responsible for holding all the blocked IP ranges. string "IP Block list" no
ja3_blocklist Whether to enable the JA3 Blocklist Dictionary. Must be managed externally, unless ja3_blocklist_items is given. bool true no
ja3_blocklist_items List of JA3 hashes to block. This will make the Dictionary object 'managed' by terraform. list(string) [] no
ja3_blocklist_name Name for the Dictionray responsible for holding all the blocked JA3 hashes. string "JA3 Blocklist" no
mastodon_error_page Whether to enable the official mastodon error page. bool true no
max_conn Maximum number of connections for the Backend. number 500 no
media_backend Additional backend to use for service media files 
object({
    address        = string
    name           = optional(string, "")
    condition      = optional(string, "")
    condition_name = optional(string, "Media backend condition")
    ssl_check      = optional(bool, true)
    ssl_hostname   = optional(string, "")
    bucket_prefix  = optional(string, "")
  })
 
{
  "address": ""
}
 no
min_tls_version Minimum allowed TLS version on SSL connections to the backend. string "1.2" no
name Name of the fastly service (defaults to hostname). string "" no
product_enablement Which additional Fastly products to enable for this service. 
object({
    brotli_compression = optional(bool, false)
    domain_inspector   = optional(bool, false)
    image_optimizer    = optional(bool, false)
    origin_inspector   = optional(bool, false)
    websockets         = optional(bool, false)
  })
 
{
  "brotli_compression": false,
  "domain_inspector": false,
  "image_optimizer": false,
  "origin_inspector": false,
  "websockets": false
}
 no
shield_region Which Fastly shield region to use. Should correspond with the shield code. string n/a yes
signal_science_host Hostname to use to integrate with Signal Sciences string "" no
signal_science_shared_key Shared key to use when integrating with Signal Sciences string "" no
ssl_hostname Hostname to use for SSL verification (if different from 'hostname'). string "" no
static_cache_control Add cache-control headers for static files bool true no
tarpit Whether to enable tarpit (anti-abuse rate limiting). bool true no
use_ssl Whether or not to use SSL to reach the Backend. bool true no
vcl_snippets Additional custom VCL snippets to add to the service. 
list(object({
    content  = string
    name     = string
    type     = string
    priority = optional(number, 100)
  }))
 [] no

Outputs

Name Description
active_version The currently active version of the Fastly Service
as_blocklist_dictionary_id ID of the AS blocklist dictionary
as_request_blocklist_dictionary_id ID of the AS request blocklist dictionary
cloned_version The latest cloned version by the provider
id The ID of this resource
ip_blocklist_acl_id ID of the IP blocklist ACL
ja3_blocklist_dictionary_id ID of the JA3 blocklist dictionary

About

Terraform module for more easily defining a Fastly service, following Mastodon common use cases.

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 23

v1.9.3 Latest
Oct 14, 2024
+ 22 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Languages