status-im/infra-faucet
2
0
Fork 0
mirror of https://github.com/status-im/infra-faucet.git synced 2025-02-22 15:48:53 +00:00
Code Issues Projects Releases Wiki Activity

faucet-api: switch to our own ssl-proxy

Browse Source 
Dropping Nginx proxy setup and using `ssl-proxy` service.

Also removing variables from playbook as it's just one node now.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2022-10-20 23:08:34 +02:00
parent 5da8134f27
commit 678fe96239
No known key found for this signature in database
GPG Key ID: 09AA5403E54D9931
10 changed files with 30 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ansible/group_vars/faucet-master.yml
View File

@ -1,15 +1,19 @@
--- ---
# WARNING: this needs to be set
faucet_network: '{{ faucet_network | mandatory }}'
# Geth necessary for Faucet to work # Geth necessary for Faucet to work
geth_network_name: '{{ faucet_network }}' geth_network_name: '{{ faucet_network }}'
geth_service_name: 'faucet-{{ faucet_network }}' geth_service_name: 'faucet-{{ faucet_network }}'
geth_rpc_port: '{{ faucet_geth_cont_rpc_port }}'
geth_rpc_vhosts: ['*'] geth_rpc_vhosts: ['*']
geth_sync_mode: 'light' geth_sync_mode: 'light'
geth_websocket_enabled: false geth_websocket_enabled: false
geth_log_level_name: info geth_log_level_name: info
geth_sync_mode: 'snap'
# Ports
geth_port: 30305
geth_rpc_port: 8549
geth_metrics_port: 6062
geth_websocket_port: 8550
geth_expo_cont_port: 9202
geth_cont_mem_ratio: 0.4
# Credentials for the wallet # Credentials for the wallet
geth_account_pass: '{{lookup("bitwarden", "faucet/account", field="pass")}}' geth_account_pass: '{{lookup("bitwarden", "faucet/account", field="pass")}}'
@ -23,15 +27,15 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
# Faucet API settings # Faucet API settings
faucet_service_name: '{{ geth_service_name }}' faucet_service_name: '{{ geth_service_name }}'
faucet_network: 'goerli'
faucet_domain: 'faucet-{{ faucet_network }}.status.im' faucet_domain: 'faucet-{{ faucet_network }}.status.im'
faucet_cors_rule: '^https?://.*\.infura\.status.im' faucet_cors_rule: '^https?://.*\.infura\.status.im'
faucet_account_pass: '{{lookup("bitwarden", "faucet/account", field="pass")}}' faucet_account_pass: '{{lookup("bitwarden", "faucet/account", field="pass")}}'
faucet_geth_rpc_port: '{{ geth_rpc_port }}' faucet_geth_rpc_port: '{{ geth_rpc_port }}'
faucet_cont_port: 3002
# Open Nginx Ports # Open Nginx Ports
open_ports_default_comment: 'HTTP & HTTPS' open_ports_default_chain: 'VPN'
open_ports_default_chain: 'SERVICES'
open_ports_list: open_ports_list:
- { port: 80 } - { port: '{{ faucet_cont_port }}', ipset: 'proxy.misc', comment: 'faucet-api' }
- { port: 443 } - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'geth-exporter' }
- { port: '9200:9202', ipset: 'metrics.hq', chain: 'VPN', comment: 'geth-exporter' }

20
ansible/main.yml
View File

@ -12,23 +12,9 @@
- name: Install certs, open ports, add SWAP - name: Install certs, open ports, add SWAP
hosts: faucet-master hosts: faucet-master
roles: roles:
- { role: origin-certs, tags: origin-certs } - { role: origin-certs, tags: origin-certs }
- { role: open-ports, tags: open-ports } - { role: open-ports, tags: open-ports }
- { role: swap-file, tags: swap-file } - { role: swap-file, tags: swap-file }
- name: Configure Goerli faucet
hosts: faucet-master
roles:
- { role: infra-role-geth, tags: infra-role-geth } - { role: infra-role-geth, tags: infra-role-geth }
- { role: infra-role-geth-exporter, tags: infra-role-geth-exporter } - { role: infra-role-geth-exporter, tags: infra-role-geth-exporter }
- { role: faucet-api, tags: faucet-api } - { role: faucet-api, tags: faucet-api }
vars:
faucet_network: 'goerli'
faucet_cont_port: 3002
geth_sync_mode: 'snap'
geth_port: 30305
geth_rpc_port: 8549
geth_metrics_port: 6062
geth_websocket_port: 8550
geth_expo_cont_port: 9202
geth_cont_mem_ratio: 0.4

8
ansible/requirements.yml
View File

@ -16,22 +16,22 @@
- name: infra-role-bootstrap-linux - name: infra-role-bootstrap-linux
src: git@github.com:status-im/infra-role-bootstrap-linux.git src: git@github.com:status-im/infra-role-bootstrap-linux.git
version: 4fda60dc6873801eadda3a5baab3f721a4110beb version: 484143ba5105f531009e4cb4f902c6fe44716362
scm: git scm: git
- name: infra-role-wireguard - name: infra-role-wireguard
src: git@github.com:status-im/infra-role-wireguard.git src: git@github.com:status-im/infra-role-wireguard.git
version: 544b1f0435d5ca47168236c42b6a077c44d5eb4a version: 6c83e0bdcecba772e5c652c89e1995865d14c662
scm: git scm: git
- name: consul-service - name: consul-service
src: git@github.com:status-im/infra-role-consul-service.git src: git@github.com:status-im/infra-role-consul-service.git
version: 7653d06cfc4d2613ee14bf637d38d98b0201864f version: 4849a3c9d7f2045669880e4e17eeb71980b2e4d0
scm: git scm: git
- name: infra-role-geth - name: infra-role-geth
src: git@github.com:status-im/infra-role-geth.git src: git@github.com:status-im/infra-role-geth.git
version: 773c384dccbe0e8ada5ed4fc2af8f474f69cf944 version: 4583821179ffb32bbd235279e2efb53ce2f66703
scm: git scm: git
- name: infra-role-geth-exporter - name: infra-role-geth-exporter

5
ansible/roles/faucet-api/tasks/consul.yml
View File

@ -5,8 +5,11 @@
consul_config_name: '{{ faucet_cont_name | replace("-", "_") }}' consul_config_name: '{{ faucet_cont_name | replace("-", "_") }}'
consul_services: consul_services:
- name: '{{ faucet_cont_name }}' - name: '{{ faucet_cont_name }}'
tags: ['{{ env }}.{{ stage }}', 'faucet', 'api'] tags: ['{{ env }}.{{ stage }}', 'faucet', 'api', 'ssl-proxy-backend']
port: '{{ faucet_cont_port }}' port: '{{ faucet_cont_port }}'
address: '{{ ansible_local.wireguard.address }}'
meta:
proxy_fqdn: '{{ faucet_domain }}'
checks: checks:
- id: '{{ faucet_cont_name }}-health' - id: '{{ faucet_cont_name }}-health'
name: Faucet HTTP API name: Faucet HTTP API

0
ansible/roles/faucet-api/tasks/container.yml → ansible/roles/faucet-api/tasks/docker.yml
View File

3
ansible/roles/faucet-api/tasks/main.yml
View File

@ -1,4 +1,3 @@
--- ---
- import_tasks: container.yml - import_tasks: docker.yml
- import_tasks: proxy.yml
- import_tasks: consul.yml - import_tasks: consul.yml

10
ansible/roles/faucet-api/templates/cors-setup.conf.j2
View File

@ -1,10 +0,0 @@
# This enables CORS for all status.im subdomains
if ($http_origin ~* '{{ faucet_cors_rule | mandatory }}') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
add_header 'Access-Control-Allow-Credentials' 'true';
}
if ($request_method = OPTIONS) {
return 204;
}

2
ansible/roles/faucet-api/templates/docker-compose.yml.j2
View File

@ -10,7 +10,7 @@ services:
labels: labels:
com.centurylinklabs.watchtower.enable: 'true' com.centurylinklabs.watchtower.enable: 'true'
ports: ports:
- '127.0.0.1:{{ faucet_cont_port }}:{{ faucet_cont_port }}' - '0.0.0.0:{{ faucet_cont_port }}:{{ faucet_cont_port }}'
command: | command: |
-endpoint=':{{ faucet_cont_port }}' -endpoint=':{{ faucet_cont_port }}'
-network={{ faucet_network | mandatory }} -network={{ faucet_network | mandatory }}

20
ansible/roles/faucet-api/templates/faucet-proxy.conf.j2
View File

@ -1,20 +0,0 @@
server {
listen 80;
server_name {{ faucet_domain | mandatory }};
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name {{ faucet_domain | mandatory }};
ssl_certificate /certs/origin.crt;
ssl_certificate_key /certs/origin.key;
location / {
proxy_pass http://127.0.0.1:{{ faucet_cont_port }}/;
{% include "cors-setup.conf.j2" %}
}
}

9
dns.tf
View File

@ -1,9 +1,8 @@
/* DNS Entries for faucet APIs */ /* DNS Entries for faucet APIs */
resource "cloudflare_record" "main-goerli" { resource "cloudflare_record" "faucet-goerli" {
zone_id = data.cloudflare_zones.active.zones[0].id zone_id = data.cloudflare_zones.active.zones[0].id
name = "faucet-goerli" name = "faucet-goerli"
type = "A" type = "CNAME"
proxied = true proxied = false
value = module.main.public_ips[count.index] value = "proxy.infra.status.im"
count = length(module.main.public_ips)
} }