feat: add playbook for generating public node nginx config

QuokkaStake · Dec 12, 2023 · 362ef59 · 362ef59
1 parent df00b8c
commit 362ef59
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 0 deletions.
diff --git a/playbooks/fullnode/10-public-node-domains.yml b/playbooks/fullnode/10-public-node-domains.yml
@@ -0,0 +1,37 @@
+---
+- name: Set public nodes templates
+  hosts: "{{ hosts | default('monitoring') }}"
+
+  tasks:
+    - name: Generate RPC Nginx config
+      become: true
+      ansible.builtin.template:
+        src: ../../templates/fullnode/nginx-rpc.j2
+        dest: "/etc/nginx/sites-enabled/rpc"
+        mode: '0755'
+
+    - name: Generate API Nginx config
+      become: true
+      ansible.builtin.template:
+        src: ../../templates/fullnode/nginx-api.j2
+        dest: "/etc/nginx/sites-enabled/api"
+        mode: '0755'
+
+    - name: Generate Certbot template
+      become: true
+      ansible.builtin.shell: "sudo /snap/bin/certbot --nginx --agree-tos -m {{ certbot_email }} -n -d {{ api_domain }},{{ rpc_domain }}"
+      args:
+        executable: /bin/bash
+      register: result
+      changed_when: false
+
+    - name: Verify Nginx config
+      become: yes
+      command: nginx -t
+      changed_when: false
+
+    - name: (Re)start Nginx
+      become: true
+      ansible.builtin.systemd:
+        state: restarted
+        name: nginx
diff --git a/templates/fullnode/nginx-api.j2 b/templates/fullnode/nginx-api.j2
@@ -0,0 +1,14 @@
+server {
+    server_name {{ api_domain }};
+
+    location / {
+        proxy_pass http://127.0.0.1:1317;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    listen [::]:80;
+    listen 80;
+    return 404; # managed by Certbot
+}
diff --git a/templates/fullnode/nginx-rpc.j2 b/templates/fullnode/nginx-rpc.j2
@@ -0,0 +1,17 @@
+server {
+    server_name {{ rpc_domain }};
+
+    location / {
+        proxy_pass http://127.0.0.1:26657;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $http_connection;
+    }
+
+    listen [::]:80;
+    listen 80;
+    return 404; # managed by Certbot
+}