status-im/infra-swarm
2
0
Fork 0
mirror of https://github.com/status-im/infra-swarm.git synced 2025-02-23 04:48:13 +00:00
Code Issues Projects Releases Wiki Activity

enable https access via 8900 port

Browse Source
This commit is contained in:
Jakub Sokołowski 2018-08-28 15:26:09 -04:00
parent 6d5cda5fb4
commit aa9aa6f954
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
4 changed files with 41 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ansible/group_vars/all.yml Normal file
View File

@ -0,0 +1,21 @@
---
nginx_configs:
upstream:
- upstream swarm_http {
{% for h in groups['swarm'] %}
server {{ hostvars[h].ansible_host }}:{{ swarm_port }};
{% endfor %}
}
nginx_sites:
swarm_lb:
- listen 8900 ssl
- server_name {{ env }}-{{ stage }}.status.im
- ssl_certificate /certs/origin.crt
- ssl_certificate_key /certs/origin.key
- location / {
proxy_pass http://swarm_http;
}

4
ansible/main.yml
View File

@ -2,4 +2,6 @@
- name: Configure swarm - name: Configure swarm
hosts: swarm hosts: swarm
roles: roles:
- role: swarm - origin-cert
- nginx
- swarm

23
ansible/roles/swarm/tasks/swarm.yml
View File

@ -29,24 +29,17 @@
- '{{ cont_vol }}/data:/data:rw' - '{{ cont_vol }}/data:/data:rw'
- '{{ cont_vol }}/store:/store:rw' - '{{ cont_vol }}/store:/store:rw'
- name: Enable swarm port - name: Enable swarm ports
iptables: iptables:
comment: '{{ cont_name }}' comment: '{{ item.name }}'
chain: INPUT chain: INPUT
jump: ACCEPT jump: ACCEPT
source: '0.0.0.0/0' source: '0.0.0.0/0'
protocol: udp protocol: '{{ item.proto }}'
destination_port: '{{ cont_port }}' destination_port: '{{ item.port }}'
notify: with_items:
- Save iptables rules - { 'name': 'Swarm', 'port': '{{ cont_port }}', 'proto': 'udp' }
- { 'name': 'Swarm HTTP', 'port': '{{ swarm_port }}', 'proto': 'udp' }
- name: Enable swarm HTTP port - { 'name': 'Swarm HTTPS', 'port': 8900, 'proto': 'udp' }
iptables:
comment: '{{ cont_name }} HTTP'
chain: INPUT
jump: ACCEPT
source: '0.0.0.0/0'
protocol: tcp
destination_port: '{{ swarm_port }}'
notify: notify:
- Save iptables rules - Save iptables rules

4
main.tf
View File

@ -55,6 +55,7 @@ module "swarm" {
/* firewall */ /* firewall */
open_ports = [ open_ports = [
"8800-8800", /* http */ "8800-8800", /* http */
"8900-8900", /* https */
"30303-30303", /* geth */ "30303-30303", /* geth */
"30399-30399", /* swarm */ "30399-30399", /* swarm */
] ]
@ -64,7 +65,8 @@ resource "cloudflare_record" "swarm" {
domain = "${var.domain}" domain = "${var.domain}"
name = "${var.env}-${terraform.workspace}" name = "${var.env}-${terraform.workspace}"
value = "${element(module.swarm.public_ips, count.index)}" value = "${element(module.swarm.public_ips, count.index)}"
count = "${local.ws["hosts_count"]}" count = 3
type = "A" type = "A"
ttl = 3600 ttl = 3600
proxied = true
} }