From d9ff3e50ecf60dbc1255f5d4b11b9111c43cc8ef Mon Sep 17 00:00:00 2001
From: pmikus <peter.mikus@protonmail.ch>
Date: Wed, 16 Nov 2022 14:36:35 +0000
Subject: [PATCH] feat(cdash): Local data

Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: I25aa1d124c0a4fd039211054e599e542294a4b5d
---
 csit.infra.dash/do_certs.sh                        | 28 ++++++++
 csit.infra.dash/docker-compose-local.yaml          | 74 ++++++++++++++++++++++
 csit.infra.dash/docker-compose.yaml                | 40 +-----------
 csit.infra.dash/nginx/conf.d/default.conf          | 33 ++++++++++
 csit.infra.dash/nginx/ssl/CA.crt                   | 17 +++++
 csit.infra.dash/nginx/ssl/CA.key                   | 30 +++++++++
 csit.infra.dash/nginx/ssl/CA.pem                   | 17 +++++
 csit.infra.dash/nginx/ssl/CA.srl                   |  1 +
 .../nginx/ssl/subdomains.amazonaws.com.crt         | 20 ++++++
 .../nginx/ssl/subdomains.amazonaws.com.csr         | 16 +++++
 .../nginx/ssl/subdomains.amazonaws.com.ext         |  8 +++
 .../nginx/ssl/subdomains.amazonaws.com.key         | 27 ++++++++
 12 files changed, 273 insertions(+), 38 deletions(-)
 create mode 100755 csit.infra.dash/do_certs.sh
 create mode 100644 csit.infra.dash/docker-compose-local.yaml
 create mode 100644 csit.infra.dash/nginx/conf.d/default.conf
 create mode 100644 csit.infra.dash/nginx/ssl/CA.crt
 create mode 100644 csit.infra.dash/nginx/ssl/CA.key
 create mode 100644 csit.infra.dash/nginx/ssl/CA.pem
 create mode 100644 csit.infra.dash/nginx/ssl/CA.srl
 create mode 100644 csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt
 create mode 100644 csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr
 create mode 100644 csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext
 create mode 100644 csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key

diff --git a/csit.infra.dash/do_certs.sh b/csit.infra.dash/do_certs.sh
new file mode 100755
index 0000000000..f20ddbc5ef
--- /dev/null
+++ b/csit.infra.dash/do_certs.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+mkdir -p ./nginx/ssl
+cd ./nginx/ssl
+
+FILE_NAME="subdomains.amazonaws.com"
+
+openssl genrsa -des3 -out CA.key 2048
+
+openssl req -x509 -new -nodes -key CA.key -sha256 -days 8000 -out CA.pem
+
+openssl x509 -in CA.pem -inform PEM -out CA.crt
+
+openssl genrsa -out $FILE_NAME.key 2048
+openssl req -new -key $FILE_NAME.key -out $FILE_NAME.csr
+
+cat > $FILE_NAME.ext << EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = *.amazonaws.com
+DNS.2 = *.us-east-1.amazonaws.com
+DNS.3 = *.s3.amazonaws.com
+EOF
+
+openssl x509 -req -in $FILE_NAME.csr -CA CA.pem -CAkey CA.key -CAcreateserial -out $FILE_NAME.crt -days 8000 -sha256 -extfile $FILE_NAME.ext
\ No newline at end of file
diff --git a/csit.infra.dash/docker-compose-local.yaml b/csit.infra.dash/docker-compose-local.yaml
new file mode 100644
index 0000000000..96b4ccec82
--- /dev/null
+++ b/csit.infra.dash/docker-compose-local.yaml
@@ -0,0 +1,74 @@
+version: "3.7"
+services:
+  cdash:
+    build: "."
+    command: "uwsgi --ini app.ini --workers 4"
+    depends_on:
+      - "reverse"
+    environment:
+      FLASK_DEBUG: 1
+      FLASK_ENV: "development"
+      AWS_CA_BUNDLE: "/CA.pem"
+      AWS_ACCESS_KEY_ID: "ULor0DynBBhGccZI"
+      AWS_SECRET_ACCESS_KEY: "6HFce4poYcQPTHExggxqTnQnd4ATlVvH"
+    networks:
+      - "lntk"
+    ports:
+      - "5000:5000"
+    user: "${UID}:${GID}"
+    volumes:
+      - "${PWD}/app/:/app"
+      - "${PWD}/../resources/libraries/python/jumpavg/:/app/cdash/jumpavg"
+      - "${PWD}/nginx/ssl/CA.pem:/CA.pem"
+  minio:
+    image: "quay.io/minio/minio:latest"
+    command: server --console-address ":9001" /data
+    environment:
+      MINIO_ROOT_USER: "minioadmin"
+      MINIO_ROOT_PASSWORD: "minioadmin"
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
+      interval: "30s"
+      timeout: "5s"
+      retries: 3
+    networks:
+      - "lntk"
+    ports:
+      - "9001:9001"
+    volumes:
+      - "data:/data"
+  mc:
+    image: "quay.io/minio/mc:latest"
+    depends_on:
+      - "minio"
+    entrypoint: >
+      /bin/sh -c "
+      /usr/bin/mc config host rm local;
+      /usr/bin/mc config host add --quiet --api s3v4 local http://minio:9000 minioadmin minioadmin;
+      /usr/bin/mc mb --quiet --ignore-existing local/fdio-docs-s3-cloudfront-index/;
+      #/usr/bin/mc cp --recursive /data/ local/fdio-docs-s3-cloudfront-index/;
+      "
+    networks:
+      - "lntk"
+    volumes:
+      - type: "bind"
+        source: "${HOME}/fdio-docs-s3-cloudfront-index/"
+        target: "/data/"
+  reverse:
+    image: "nginx:latest"
+    depends_on:
+      - "minio"
+      - "mc"
+    networks:
+      lntk:
+        aliases:
+          - "s3.amazonaws.com"
+          - "fdio-docs-s3-cloudfront-index.s3.amazonaws.com"
+    volumes:
+      - "./nginx/conf.d:/etc/nginx/conf.d"
+      - "./nginx/ssl:/etc/nginx/certs"
+volumes:
+  data:
+networks:
+  lntk:
+    driver: bridge
\ No newline at end of file
diff --git a/csit.infra.dash/docker-compose.yaml b/csit.infra.dash/docker-compose.yaml
index 4ec4f21eb6..d65de902b5 100644
--- a/csit.infra.dash/docker-compose.yaml
+++ b/csit.infra.dash/docker-compose.yaml
@@ -2,14 +2,11 @@ version: "3.7"
 services:
   cdash:
     build: "."
-    command: "uwsgi --ini app.ini --workers 1"
-    depends_on:
-      - "minio"
-      - "mc"
+    command: "uwsgi --ini app.ini --workers 2"
     environment:
       FLASK_DEBUG: 1
       FLASK_ENV: "development"
-    mem_limit: "4g"
+    mem_limit: "2g"
     ports:
       - "5000:5000"
     user: "${UID}:${GID}"
@@ -17,36 +14,3 @@ services:
       - "${PWD}/app/:/app"
       - "${PWD}/../resources/libraries/python/jumpavg/:/app/cdash/jumpavg"
       - "${HOME}/.aws:/.aws"
-  minio:
-    image: "quay.io/minio/minio:latest"
-    command: server --console-address ":9001" /data
-    environment:
-      MINIO_ROOT_USER: "minioadmin"
-      MINIO_ROOT_PASSWORD: "minioadmin"
-    expose:
-      - "9000"
-    healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
-      interval: "30s"
-      timeout: "20s"
-      retries: 3
-    ports:
-      - "9001:9001"
-    volumes:
-      - "data:/data"
-  mc:
-    image: "quay.io/minio/mc:latest"
-    depends_on:
-      - "minio"
-    entrypoint: >
-      /bin/sh -c "
-      /usr/bin/mc config host rm local;
-      /usr/bin/mc config host add --quiet --api s3v4 local http://minio:9000 minioadmin minioadmin;
-      /usr/bin/mc mb --quiet --ignore-existing local/fdio-docs-s3-cloudfront-index/;
-      /usr/bin/mc anonymous set public local/fdio-docs-s3-cloudfront-index;
-      "
-    # mc alias set aws https://s3.amazon.com/endpoint ACCESS_KEY SECRET KEY
-    # mc admin info aws
-volumes:
-  data:
-#    external: true
diff --git a/csit.infra.dash/nginx/conf.d/default.conf b/csit.infra.dash/nginx/conf.d/default.conf
new file mode 100644
index 0000000000..3670c1f548
--- /dev/null
+++ b/csit.infra.dash/nginx/conf.d/default.conf
@@ -0,0 +1,33 @@
+upstream minio {
+  server        minio:9000;
+}
+
+server_names_hash_bucket_size 512;
+
+server {
+  listen        80;
+  listen        443 ssl;
+
+  ssl_certificate       /etc/nginx/certs/subdomains.amazonaws.com.crt;
+  ssl_certificate_key   /etc/nginx/certs/subdomains.amazonaws.com.key;
+
+  server_name ~^(?<bucketname>.+)\.s3\.amazonaws\.com$;
+
+  location / {
+    proxy_pass  http://minio/$bucketname/$request_uri;
+  }
+}
+
+server {
+  listen        80;
+  listen        443 ssl default_server;
+
+  ssl_certificate       /etc/nginx/certs/subdomains.amazonaws.com.crt;
+  ssl_certificate_key   /etc/nginx/certs/subdomains.amazonaws.com.key;
+
+  server_name _;
+
+  location / {
+    proxy_pass  http://minio;
+  }
+}
\ No newline at end of file
diff --git a/csit.infra.dash/nginx/ssl/CA.crt b/csit.infra.dash/nginx/ssl/CA.crt
new file mode 100644
index 0000000000..c743622f8b
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZgCCQC3O6fjI4VvqzANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA8q
+LmFtYXpvbmF3cy5jb20wHhcNMjIxMTIyMDk0NzAzWhcNNDQxMDE3MDk0NzAzWjAa
+MRgwFgYDVQQDDA8qLmFtYXpvbmF3cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCwb17BF0gcSsnu9e7Cc5q1PDqGp4MCrPxhX5yFtdt1KW3X4K24
+yGy9AuJkkrgm9IJVBYzONTr4zVPiHo8X5lfjRzqHbNFWDJQ4aNefgN9vONysyWGX
+2zyDYWKzACnP9mtzesNl4SktYmdN4ZLpEMfoU1kBUZb/Xkeoq8EavbTG9EkwSuqC
+M5CTV24V2pIqX9CDHf88K6U4wrnsPJ8jczpdna94FO/sJk5SZhqZ1MUWwez+i91B
+5jAq9KRf896hTplDac+gW0/0RRIfPo/cg8W7RPcjLGFVppCf6rJcoDO1J5orhEU7
+diVDiwrDxywA2IR5ekYQ9iizgMGv9zqZ709lAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBABXPLrRX7WZokT+8XKO6ZSir5dmNoylyPZiB0ov0dxFn058ZlIS/WCRj3a7X
+/rEWVS4K/Z4HK6ZbqStbGOPMhCinKrDpYl7q9X4FoHV5+R68sICtxf/p3DNtVM8a
+v5r2YA/kRFRbS0VqbuBp7SfdaJBhEHaTuq+Zf72anDJamXFqudssELFdNCxNFq3o
+gPgkG6Bk4LR5tlIy66qDAgVfAhgX4kzYq5qf++ZXWjHenrD783VWY3YZbQ0oTdmI
+YRgTv80HxxXfL8gmJpSFiLIBBDQrCk+UsnSoAB6DIm9voFTCB/1JX6GHJCE0dgoZ
+5xpRukdvF0zLyz2L8EiXBxu8bgU=
+-----END CERTIFICATE-----
diff --git a/csit.infra.dash/nginx/ssl/CA.key b/csit.infra.dash/nginx/ssl/CA.key
new file mode 100644
index 0000000000..858f4d5dc3
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8E772B352ABFD2D5
+
+Fx0JCQmXrZKUX76UtWpF+LwCSlA9w90Wx9ny4sJVJY9QdL3F/7gdPJgRqQd6MSIR
+8DDQif0jr/do3NcluNWuz3YKNDFonw/401Xn8RRfmjLjQU/0GozIPb2jnGOtAbaL
+t2OkqRTWwEHn1IiiPOzcx0/jJb+/Wttrvvo0BAwJ0YsDjLbC3Q+j6Aa5QlJL5g5+
+LOK4Ti6qXXeYD5NX4ohnzRVWvM0LH7qZ+FDG5MjwY2MH/GWjrdsq9FrETYPSqX7a
+GXK9fM7AP2D8ftPr6s0AXVvk2bYmj4csGSbyLgix43XGxaTe3Xv6Kv3oQR188qQT
+sDKcCnj0d25Fb5YnO2wJ4mXG88Ci8ArxpnfWR53jz+kxkGG7s5VfU8NJH2P+eiJF
+XrtlGk2NP2rUPWSlUzxgis1I5usV5glBJv5cf4XREPiF3VFbX9V7ww5QpTicyqTj
+6BRrYMaYlm4lavJStldNOGRwMrQGTfg5Dwsn+6tjQQmYKWQ9Ip6BhPAiVK0q7N/t
+ppA6qkhyrumLCnS11Ozfc3tokc5iaQP2AsVSlneUvnILtxkPg/OhGQ8y9la2NwO+
+MdahHXoY3EHUcCMutZYlsz8NRKol2YAbQmIW3DOETbIs36oFSXESrYmPg2LKud17
+n8ET8b9NSGTCk7BUoP2tlqm4ydzLpoW94CChGWwW4fzD64mpunuiDzqBTYUhy3GX
+/raJW4aeP8v4jtxdaUu8FSABjQtusGRzL/mY9C+6X0QNqMf8HPS2BfTntDCj/NNw
+/FMNst8ZkZONBnc4SM9rmk8egTY/kEjv8Lp0sIYECsJOTKHn8gllwTxvaf9u1ssD
+I4L/7WGnEYAJ7XtUtdupxKJkW7g+yFmDPk8/yRmyZDZicFMhVkIvX0dSLMRvDVZq
+pi7yRGbmTvnWA/HtyyAvYkSqZ+75zJd6/07mlXmXA+A79LOOGsF2FKY/79IY4bUN
+IZOsIhA6ovglfSbFNPRUZefGwsIvpJtBu49fYBKUhpVrwLTRlxu9E9hINKS4Ky4H
+N9ZNbxXzQKlfSVAyVmTyATAzrPuhNBH7KgfWt0mJJpZtHnZSW0Rp0e2tDy/HALWN
+xkof2vsZbH7OxMF8eVKDlBfYhpJgsvbBmChIhf/YnVTBaAXmOXmdMFOOqhlCebAu
+mv5CFqvH1Ihpxo8QvXUh5dD+P2mzOQqx0iFtFw6+f0zxzmfgIGH+BJkqE/DPYVnm
+6yPCVbqhDIh6qEkreTmjqfcOsC1gdNDg0EOqzbGJYlYznCVJ32/Ff919t/1zjZnm
+GOxVSHh8etkrNl4tOzJJTbJ9PDH7g+EV/cpSMqnMc/oJmNr+YJpHnBkB6SexK+fJ
+Twd8n3UY0Di1+4VJRxPo6fNyg8VzAfnDPDZnIgPMxrhMtmv7oETsc5ske/mBGFKG
+2znNp89lSz521P4Xs7KT/+DuxSX/yOsyIbb+jnFp0xWNPrHdMmDkHGxL9AAHsAKw
+C975SXijc/5/yiMurLlWPWqpBudRiyqwiS8RnjuQzM2q9Ta4dLA/jdvYStIrJdwZ
+qxWzNWDzOur+BFavg3ywSxYRlAKs08AlcEMpJA6VxCC7uRL5OuorcPEqxDhjBfnI
+-----END RSA PRIVATE KEY-----
diff --git a/csit.infra.dash/nginx/ssl/CA.pem b/csit.infra.dash/nginx/ssl/CA.pem
new file mode 100644
index 0000000000..c743622f8b
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZgCCQC3O6fjI4VvqzANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA8q
+LmFtYXpvbmF3cy5jb20wHhcNMjIxMTIyMDk0NzAzWhcNNDQxMDE3MDk0NzAzWjAa
+MRgwFgYDVQQDDA8qLmFtYXpvbmF3cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCwb17BF0gcSsnu9e7Cc5q1PDqGp4MCrPxhX5yFtdt1KW3X4K24
+yGy9AuJkkrgm9IJVBYzONTr4zVPiHo8X5lfjRzqHbNFWDJQ4aNefgN9vONysyWGX
+2zyDYWKzACnP9mtzesNl4SktYmdN4ZLpEMfoU1kBUZb/Xkeoq8EavbTG9EkwSuqC
+M5CTV24V2pIqX9CDHf88K6U4wrnsPJ8jczpdna94FO/sJk5SZhqZ1MUWwez+i91B
+5jAq9KRf896hTplDac+gW0/0RRIfPo/cg8W7RPcjLGFVppCf6rJcoDO1J5orhEU7
+diVDiwrDxywA2IR5ekYQ9iizgMGv9zqZ709lAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ggEBABXPLrRX7WZokT+8XKO6ZSir5dmNoylyPZiB0ov0dxFn058ZlIS/WCRj3a7X
+/rEWVS4K/Z4HK6ZbqStbGOPMhCinKrDpYl7q9X4FoHV5+R68sICtxf/p3DNtVM8a
+v5r2YA/kRFRbS0VqbuBp7SfdaJBhEHaTuq+Zf72anDJamXFqudssELFdNCxNFq3o
+gPgkG6Bk4LR5tlIy66qDAgVfAhgX4kzYq5qf++ZXWjHenrD783VWY3YZbQ0oTdmI
+YRgTv80HxxXfL8gmJpSFiLIBBDQrCk+UsnSoAB6DIm9voFTCB/1JX6GHJCE0dgoZ
+5xpRukdvF0zLyz2L8EiXBxu8bgU=
+-----END CERTIFICATE-----
diff --git a/csit.infra.dash/nginx/ssl/CA.srl b/csit.infra.dash/nginx/ssl/CA.srl
new file mode 100644
index 0000000000..1667b600e7
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/CA.srl
@@ -0,0 +1 @@
+E08BC1F5849F5322
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt
new file mode 100644
index 0000000000..e45120b810
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIJAOCLwfWEn1MiMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
+BAMMDyouYW1hem9uYXdzLmNvbTAeFw0yMjExMjIwOTQ3MjBaFw00NDEwMTcwOTQ3
+MjBaMBoxGDAWBgNVBAMMDyouYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMKcVwKqklrYc6DATGflv27Pge2dsQxJBxzQbxz0ZFyp
+M85XVRU5z2QWfDJFgsIfdEtQDpsaGilCINFBioqiIfM+oqwHhDWO5sZ0sNF2MkA7
+mHWKUwkJcS3tZOvIidoZHKA4VFg/7PVIxogLE3oWgh286LSWMTFO2idIBIzKwTUP
+xbWitwnY1HSG8f0SHKrCZM13AVZ5dOASObaU055kH7mKMeGmoykz6qJpaHg6jjA1
+0qHO2ACjrVHtexgtFsJf98L3vKEDZXuZ8/kRBTHwfl/O/bqbhzsL/UeESs7I3rq5
+1LttjPHSHcKiyHpKSQS7/quyIEszCcCfYwrJ8WbQcy0CAwEAAaOBnDCBmTA0BgNV
+HSMELTAroR6kHDAaMRgwFgYDVQQDDA8qLmFtYXpvbmF3cy5jb22CCQC3O6fjI4Vv
+qzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DBJBgNVHREEQjBAgg8qLmFtYXpvbmF3
+cy5jb22CGSoudXMtZWFzdC0xLmFtYXpvbmF3cy5jb22CEiouczMuYW1hem9uYXdz
+LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAQcfEL6odFSM2/Eq16EOJhQU+mptuFBM/
+OqKldxWwGOMYYvRY0zJFgbgoMg8WhHE/c7bC88AUZCCUOYuY2GIP7S/pZdaJXUuH
+H3Cs1MB/sl1msf9PLmSw8m8HfZaH9T+VQW3xSaIEoAWt85zzWph6Rsu7ZzAPNTxl
+mklvslKSUGyhlPlJsfiIo9TGw2uhVn4mLzEAvRtnEfdgr6QlbfCJFRPPs56EkuEL
+cy6a6sul7uTTYkSrJpwh+V6dCcql8q04Nlgrz6REVtzuXWTJWMLNNPWtngZEpGdi
+sOdVNTkC2RZurmU+1YWCy3fv97FPuh7iab4e+Ao2OcPLR9RPkB+8Xg==
+-----END CERTIFICATE-----
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr
new file mode 100644
index 0000000000..37fab51fa2
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.csr
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICdDCCAVwCAQAwGjEYMBYGA1UEAwwPKi5hbWF6b25hd3MuY29tMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpxXAqqSWthzoMBMZ+W/bs+B7Z2xDEkH
+HNBvHPRkXKkzzldVFTnPZBZ8MkWCwh90S1AOmxoaKUIg0UGKiqIh8z6irAeENY7m
+xnSw0XYyQDuYdYpTCQlxLe1k68iJ2hkcoDhUWD/s9UjGiAsTehaCHbzotJYxMU7a
+J0gEjMrBNQ/FtaK3CdjUdIbx/RIcqsJkzXcBVnl04BI5tpTTnmQfuYox4aajKTPq
+omloeDqOMDXSoc7YAKOtUe17GC0Wwl/3wve8oQNle5nz+REFMfB+X879upuHOwv9
+R4RKzsjeurnUu22M8dIdwqLIekpJBLv+q7IgSzMJwJ9jCsnxZtBzLQIDAQABoBUw
+EwYJKoZIhvcNAQkHMQYMBGZkaW8wDQYJKoZIhvcNAQELBQADggEBAHIBD4z/PsE1
+4AeJgdWIqmtMaHoczmVC4L60PhOKgEdxw47S1/SGcwQZ4fRJT8ycAKmOuZ8lfJ+r
+yfjBQrShWrJhvgu6L49foW3SEwox8s5QmMz7YkN11za8c5rc1IPevHN4jUeLC6s2
+JTmKfHDtOW6lfUDQ5shMms7ticgb+cLwLzWY01XITuc+pcgtSbL0TiICfcDKua1Q
+PkyfRoWZrQ5HT/am2jQtzXChkqahlBTHt9D8vGmyVF8Mm8r9y5T903OBsWM+IiqH
+EseTjia9Ft1yByejsJCf2LG8t11wG5qkCX0pmiZ5ZSnTIEGLTGqlmMSz9RRXWKEg
+iIIQf30VDXU=
+-----END CERTIFICATE REQUEST-----
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext
new file mode 100644
index 0000000000..f442c21c66
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.ext
@@ -0,0 +1,8 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = *.amazonaws.com
+DNS.2 = *.us-east-1.amazonaws.com
+DNS.3 = *.s3.amazonaws.com
diff --git a/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key
new file mode 100644
index 0000000000..ddeec63530
--- /dev/null
+++ b/csit.infra.dash/nginx/ssl/subdomains.amazonaws.com.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwpxXAqqSWthzoMBMZ+W/bs+B7Z2xDEkHHNBvHPRkXKkzzldV
+FTnPZBZ8MkWCwh90S1AOmxoaKUIg0UGKiqIh8z6irAeENY7mxnSw0XYyQDuYdYpT
+CQlxLe1k68iJ2hkcoDhUWD/s9UjGiAsTehaCHbzotJYxMU7aJ0gEjMrBNQ/FtaK3
+CdjUdIbx/RIcqsJkzXcBVnl04BI5tpTTnmQfuYox4aajKTPqomloeDqOMDXSoc7Y
+AKOtUe17GC0Wwl/3wve8oQNle5nz+REFMfB+X879upuHOwv9R4RKzsjeurnUu22M
+8dIdwqLIekpJBLv+q7IgSzMJwJ9jCsnxZtBzLQIDAQABAoIBADl/fYmxIcqrdwZA
+qpJr4/J2ZrnwxFWP4gUWZC3W2ywxZbgKP34k9Wxp5EnqFacLKg3yWk5jGOWlvxJ0
+Xd1157f5gpB3LA2y6eYqpe9ND63ArdvUgZIC8yiRoiazul7w2m9QFUN5p6YU2Wtq
+cle4/LqSjOKGGYSq+nNuqMF8SjdFrGMzvhJ1cy5jkaFFQSacL+SPPXQIv7mdvGn+
+PvtuStvMGZ/9mZdWzF4aYPDWdPSdJDECgsrIqF72wNoAoVY8D4rpiUW/C0gho9p4
+JEOfP/uvPlxIEk0MCfbhNUxECj/WpqrgxOr+U1yG70HpdeOK9z1d+7QtlBdDwlTi
+gP9sn4ECgYEA8YpmwoCmg1BPNI/aOym7Hp1ObKVyMs9UGaRmlvI34b4PVI1dCNgr
+4RRzQ4K1nHXbGuINL+52/piAAgN/LfON1w16J6te7XUJy1OVTZmX5Wf3i9DWzloF
+urLzLYbvigtT5MJNzPRgKUX7kjynko3XTkf4HF1GyuuGn7GqPWmn8c0CgYEAzkK9
+VUxmKV/jSIqEi17SK+8zmAUE7zDWX1MFdqa8Pg9750iVeJBa817v+5ZgBT3IsYG2
+vQ/rxzOaIuHqzR/tTNCbIOoOfQi7f2o9V/Tz+h4ZtV+aMgkX1Kyqp7nFR+OEXZvR
+JzyV+lHCkbTQcnfjBqp/BZs4nsDlmlCIRS8SpuECgYEA4z6M801KW5zBB/iXHrZi
+P6lL0VfOmxMIUp+jjTwRayb/EVN2Rg3rKnWtA8UDzFHtc9tdAM1f0qPzOvHDQ54y
+wjMBzDSkuM82Cb93Zmysxb4M3dP7ZGS5oy8dLqYW009Y/I352GvJ1Mrspma+WVlt
+SU7YlQcExYDVRYVHX0P6J7kCgYBegV3W02aL1o+BEVahtRR/ZN4y7TnRjoLqslNy
+hfsCRH30/uDdmObTU9CJaeEdBa4LBu//uGfDofUhvnmi+tnztDEf554z0+h0/OyW
+fHm9REVrQR6ZhmkQ3PxkVU37HlfrvBUc8TmWtBd+Q2auzBeNWllQ7EoJE0Egb33A
+lUzqgQKBgBniV1kV0oKJUXQZtVHMo+/ApeaScy3fAop6w9yyLMiR6i/ubG8Ix9PJ
+K4JB5YGqF05yBkh6+HEmB+CwDqyoTLAtAEohAppA5YCeJ5YzU3tu/8OyD3DL4fzq
+M/CACaeORtWC5M1XGaluLogvIn/nYEySetAl5AQUjes0l3tQMrlk
+-----END RSA PRIVATE KEY-----
-- 
2.16.6