A simple restaurant recommendation system.
This project helped me transition my AWS knowledge to Azure, which I've written about in the JOURNEY.md file.
Click to expand/collapse
- Azure Account with Pay-As-You-Go subscription
- Cloudflare Account
- Terraform - 1.5.0 or higher
- Docker
- Python - 3.9 or higher
- Package managers apps:
- macOS - HomeBrew
brew install make azure-cli
- Windows - Chocolatey
# PowerShell as Administrator choco -y install make azure-cli
- macOS - HomeBrew
One-time setup steps to prepare the environment.
- Clone the repository
- Copy
envto.envand update the valuescp env .env
- Login to Azure
make azure-login
- Create a remote state storage in Azure
make azure-remote-state-init
This setup creates an Azure Service Principal so GitHub Actions can authenticate with Azure.
-
Login to Azure
make azure-login
-
List available subscriptions
make azure-service-principal-list
Sample output
Name CloudName SubscriptionId TenantId State IsDefault ------------- ----------- ------------------------------------ ------------------------------------ ------- ----------- Pay-As-You-Go AzureCloud 00000000-0000-0000-0000-000000000000 12345678-0000-0000-0000-000000000000 Enabled True -
Copy SubscriptionId and set it in
.envSUBSCRIPTION_ID=00000000-0000-0000-0000-000000000000
-
Create the Service Principal
make azure-service-principal-create
-
Copy the output JSON and save it in a safe place
-
The app is now ready to be deployed with GitHub Actions to Azure
-
Login to Azure
make azure-login
-
Initialize Terraform
make infra-init
-
Modify the infrastructure
-
Plan the infra
make infra-plan
-
Apply the infra
make infra-apply
NOTE: For the first time, it will probably fail due to missing
TXTrecord in Cloudflare. Add the TXT record to Cloudflare andmake infra-planfollowed bymake infra-applyagain.
Cloudflare is used to protect the website with a custom password. The site is accessible only by users with the custom password in the header. If you wish to strengthen the security, you can add more rules to the WAF, like "Rate Limiting".
Cloudflare requires a one-time setup, which should be done after deploying the infrastructure for the first time, as it relies on the output of the infrastructure deployment.
This step is required to route traffic from Cloudflare to the Azure app.
- Navigate to Cloudflare dashboard
- Websites > Select website > DNS > + Add record
- Add the following record:
- Type >
CNAME - Name >
restro - Target >
restro-{random_integer}.azurewebsites.net(output of infra) - TTL >
Auto - Proxy Status >
Proxied
- Type >
Check assets/cloudflare.dns.png to see what it should look like on Cloudflare.
This step is optional, as it protects the app with a custom password in the header. I do recommend adding it to avoid unwanted access to the app.
- Navigate to Cloudflare dashboard
- Websites > Select website > Security > WAF > Custom rules > + Create rule
- Edit expression > Set to the below expression, replace
restro.meirg.co.ilwith your domain,my-custom-header-name withyour custom header name, andmy_cuStOm_passw0rdwith your custom password.(http.host eq "restro.meirg.co.il" and all(http.request.headers["my-custom-header-name"][*] ne "my_cuStOm_passw0rd"))- Action > Block
- With response type > Default Cloudflare WAF block page
This section is about building and deploying the backend application to Azure.
- Login to Azure
make azure-login
- Build and Package the app
make backend-build
- Push Docker image
make backend-push
- Deploy the app to Azure
make backend-deploy
- Prepare the backend environment
make backend-prepare
- Install requirements
make backend-install
- Run services locally - mongo and mongo-express
make services-up
- Run the app locally - access http://127.0.0.1:5000
make backend-run
Created and maintained by Meir Gabay
This project is licensed under the MIT License - see the LICENSE file for details