status: enable native websocket port

https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-08-22 16:11:52 +02:00 · 2022-08-22 16:11:52 +02:00 · 46238b40c3
parent 7687d2aa2e
commit 46238b40c3
4 changed files with 32 additions and 3 deletions
--- a/ansible/group_vars/status.yml
+++ b/ansible/group_vars/status.yml
@ -12,6 +12,7 @@ nim_waku_node_key: '{{lookup("bitwarden", "fleets/status/"+stage+"/nodekeys", fi
 # Ports
 nim_waku_p2p_tcp_port: 30303
 nim_waku_p2p_udp_port: 30303
 nim_waku_websock_port: 443
 nim_waku_metrics_port: 8008
 nim_waku_rpc_tcp_port: 8545
 nim_waku_rpc_tcp_addr: 0.0.0.0
@ -24,6 +25,13 @@ nim_waku_sqlite_retention_time: 1209600 # 14 days
 nim_waku_disc_v5_enabled: true
 nim_waku_disc_v5_enr_auto_update: true
 nim_waku_disc_v5_port: 9000
 # Websockets
 nim_waku_websocket_enabled: true
 nim_waku_websocket_secure_enabled: true
 nim_waku_websocket_domain: '{{ dns_entry }}'
 nim_waku_websocket_ssl_dir: '/etc/letsencrypt'
 nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'
 nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'
 # Consul Service
 nim_waku_consul_success_before_passing: '{{ (stage == "prod") | ternary(2, 4) }}'
 nim_waku_consul_failures_before_warning: '{{ (stage == "prod") | ternary(1, 2) }}'
@ -37,13 +45,22 @@ waku_peers_consul_services:
  - { name: '{{ nim_waku_cont_name }}', env: '{{ env }}',  stage: '{{ stage }}' }
  - { name: 'nim-waku-bridge',          env: '{{ env }}',  stage: '{{ stage }}' }
 # LetsEncrypt via Certbot
 certbot_docker_enabled: true
 certbot_admin_email: 'devops@status.im'
 certbot_containers_to_stop: ['websockify']
 certbot_certs:
  - domains: [ '{{ nim_waku_websocket_domain }}' ]
 # Open LibP2P Ports
 open_ports_default_comment: '{{ nim_waku_cont_name }}'
 open_ports_default_protocol: 'tcp'
 open_ports_default_chain: 'SERVICES'
 open_ports_list:
  - { port: '80', comment: 'Certbot verification' }
  - { port: '{{ nim_waku_p2p_tcp_port }}' }
  - { port: '{{ nim_waku_p2p_udp_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_websock_port }}' }
  - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
  - { port: '{{ nim_waku_rpc_tcp_port }}', chain: 'VPN', ipset: '{{ env }}.{{ stage }}' }
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -22,5 +22,6 @@
  roles:
    - { role: open-ports,       tags: open-ports }
    - { role: swap-file,        tags: swap-file  }
    - { role: certbot,          tags: certbot    }
    - { role: nim-waku,         tags: nim-waku   }
    - { role: waku-peers,       tags: waku-peers }
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -21,7 +21,7 @@
 - name: consul-service
  src: git@github.com:status-im/infra-role-consul-service.git
-  version: 0cddfb4dd696e759a0a95c4753e7b95aeedc4242
+  version: 7653d06cfc4d2613ee14bf637d38d98b0201864f
  scm: git
 - name: nim-waku
@ -38,3 +38,8 @@
  src: git@github.com:status-im/infra-role-systemd-timer.git
  version: 0cc94695f3dada39213a87fbe923cd90e2a7d2c2
  scm: git
 - name: certbot
  src: git@github.com:status-im/infra-role-certbot.git
  version: a0f3dc76f2f07ed6857312da1f559db52f9781a1
  scm: git
--- a/nodes.tf
+++ b/nodes.tf
@ -16,6 +16,12 @@ module "hosts" {
  gc_type = local.ws["gc_type"] /* Google Cloud */
  /* firewall */
-  open_tcp_ports = [ "30303" ] /* p2p main */
+  open_tcp_ports = [
-  open_udp_ports = [ "9000" ]  /* discovery v5 */
+    "30303", /* p2p main */
    "443",   /* websocket */
    "80",    /* certbot */
  ]
  open_udp_ports = [
    "9000",  /* discovery v5 */
  ]
 }