From 06549bdca8a6e40c02aeae15351a3f708c4a01f7 Mon Sep 17 00:00:00 2001 From: Ronen Hilewicz Date: Wed, 18 Sep 2024 18:39:25 -0400 Subject: [PATCH] `allowed_origins` in ECS instructions (#141) --- docs/deployment/amazon-ecs.mdx | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/docs/deployment/amazon-ecs.mdx b/docs/deployment/amazon-ecs.mdx index b25da06..279131e 100644 --- a/docs/deployment/amazon-ecs.mdx +++ b/docs/deployment/amazon-ecs.mdx @@ -13,12 +13,26 @@ an S3 bucket before the `topaz` container starts up. The [topaz config new](/docs/command-line-interface/topaz-cli/configuration) CLI command can be used to generate your configuration file, then it should be uploaded to a bucket location that is accessible by the `init-config` container. -:::caution Note -If you intend to access the topaz console from a browser, you need to edit the generated configuration file and set the -`fqdn` (fully-qualified domain name) field in all services to the DNS name of the topaz instance. +:::note Note +If you intend to access the topaz console from a browser, you need to edit the generated configuration file and: +1. Set the `fqdn` (fully-qualified domain name) field in all services to the DNS name of the topaz instance. +2. Add your domain to the list of `allowed_origins` for all services. + +The `fqdn` fields should looks similar to their corresponding `listen_address` but with your domain name instead of +`0.0.0.0`. + For example, if you are running the topaz container with the `topaz.example.com` DNS name, you would set the `fqdn` -field to `topaz.example.com:`. Replace `` with the port number that the service is running on. By default those are 8383 for -the authorizer and 9393 for the directory services (reader, writer, model, importer, exporter). +field of the `model.gateway` service to `topaz.example.com:8383`. The default ports are 8080 for the console, +8383 for the authorizer, and 9393 for the directory services (reader, writer, model, importer, exporter). + +In addition, you would add your domain the `allowed_origins` list: +```yaml +allowed_origins: +- https://localhost +- https://localhost:* +- https://topaz.example.com +- https://topaz.example.com:* +``` ::: This example attaches an EBS volume to persist the configuration, certs, and directory database. If it does not already exist