enable https access via 8900 port

2018-08-28 15:26:09 -04:00 · 2018-08-28 15:26:09 -04:00 · aa9aa6f954
parent 6d5cda5fb4
commit aa9aa6f954
4 changed files with 41 additions and 23 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -0,0 +1,21 @@
+---
+nginx_configs:
+  upstream:
+    - upstream swarm_http {
+      {% for h in groups['swarm'] %}
+      server {{ hostvars[h].ansible_host }}:{{ swarm_port }};
+      {% endfor %}
+      }
+
+nginx_sites:
+  swarm_lb:
+    - listen 8900 ssl
+
+    - server_name {{ env }}-{{ stage }}.status.im
+
+    - ssl_certificate     /certs/origin.crt
+    - ssl_certificate_key /certs/origin.key
+
+    - location / {
+        proxy_pass http://swarm_http;
+      }
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -2,4 +2,6 @@
 - name: Configure swarm
  hosts: swarm
  roles:
-    - role: swarm
+    - origin-cert
+    - nginx
+    - swarm
--- a/ansible/roles/swarm/tasks/swarm.yml
+++ b/ansible/roles/swarm/tasks/swarm.yml
@ -29,24 +29,17 @@
      - '{{ cont_vol }}/data:/data:rw'
      - '{{ cont_vol }}/store:/store:rw'

- name: Enable swarm port
+- name: Enable swarm ports
  iptables:
-    comment: '{{ cont_name }}'
+    comment: '{{ item.name }}'
    chain: INPUT
    jump: ACCEPT
    source: '0.0.0.0/0'
-    protocol: udp
-    destination_port: '{{ cont_port }}'
-  notify:
-    - Save iptables rules
-
- name: Enable swarm HTTP port
-  iptables:
-    comment: '{{ cont_name }} HTTP'
-    chain: INPUT
-    jump: ACCEPT
-    source: '0.0.0.0/0'
-    protocol: tcp
-    destination_port: '{{ swarm_port }}'
+    protocol: '{{ item.proto }}'
+    destination_port: '{{ item.port }}'
+  with_items:
+    - { 'name': 'Swarm',       'port': '{{ cont_port }}',  'proto': 'udp' }
+    - { 'name': 'Swarm HTTP',  'port': '{{ swarm_port }}', 'proto': 'udp' }
+    - { 'name': 'Swarm HTTPS', 'port': 8900,               'proto': 'udp' }
  notify:
    - Save iptables rules
--- a/main.tf
+++ b/main.tf
@ -54,17 +54,19 @@ module "swarm" {
  eth_network = "${var.eth_network}"
  /* firewall */
  open_ports  = [
-    "8800-8800", /* http */
+    "8800-8800",   /* http */
+    "8900-8900",   /* https */
    "30303-30303", /* geth */
    "30399-30399", /* swarm */
  ]
 }

 resource "cloudflare_record" "swarm" {
-  domain = "${var.domain}"
-  name   = "${var.env}-${terraform.workspace}"
-  value  = "${element(module.swarm.public_ips, count.index)}"
-  count  = "${local.ws["hosts_count"]}"
-  type   = "A"
-  ttl    = 3600
+  domain  = "${var.domain}"
+  name    = "${var.env}-${terraform.workspace}"
+  value   = "${element(module.swarm.public_ips, count.index)}"
+  count   = 3
+  type    = "A"
+  ttl     = 3600
+  proxied = true
 }