Add ufw task, update http access and node config
This commit is contained in:
parent
f85874f609
commit
70e3ed3627
|
@ -117,5 +117,5 @@ blockscout_security_group: "{{ MAIN_REPO_FETCH }}-{{ GENESIS_BRANCH }}-blockscou
|
|||
|
||||
allow_blockscout_ssh: true
|
||||
allow_blockscout_p2p: true
|
||||
allow_blockscout_http: true
|
||||
allow_blockscout_http: false
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@
|
|||
- "30303"
|
||||
when: allow_blockscout_p2p == true
|
||||
|
||||
- name: Add http-3000 access
|
||||
- name: Add http-4000 access
|
||||
delegate_to: localhost
|
||||
ec2_group:
|
||||
ec2_access_key: "{{ access_key }}"
|
||||
|
@ -99,5 +99,5 @@
|
|||
to_port: "{{ item }}"
|
||||
cidr_ip: 0.0.0.0/0
|
||||
with_items:
|
||||
- "3000"
|
||||
- "4000"
|
||||
when: allow_blockscout_http == true
|
||||
|
|
|
@ -179,8 +179,14 @@ api_version: "9773b5b"
|
|||
##Blockscout-related variables
|
||||
|
||||
#Explicitly specified api version to use
|
||||
blockscout_version: "master"
|
||||
blockscout_version: "df6ec81b68"
|
||||
#Name of database user to create
|
||||
db_user: "INSERT HERE"
|
||||
#Password for the database user
|
||||
db_user_password: "INSERT HERE"
|
||||
db_user_password: "INSERT HERE"
|
||||
#Specifies whether or not to keep port 22 opened to allow ssh access
|
||||
allow_blockscout_ssh: true
|
||||
#Specifies whether or not to keep port 30303 opened to allow peer discovery
|
||||
allow_blockscout_p2p: true
|
||||
#Specifies whether or not to keep port 4000 opened to allow http access
|
||||
allow_blockscout_http: false
|
|
@ -6,6 +6,10 @@ home: "/home/{{ username }}"
|
|||
install_debug_tools: "no"
|
||||
reboot_after_completion: false
|
||||
|
||||
blockscout_version: "master"
|
||||
blockscout_version: "df6ec81b68"
|
||||
db_user: "blockscout"
|
||||
db_user_password: "dvYYTbhdhuuOLMf74ghu"
|
||||
|
||||
allow_blockscout_ssh: true
|
||||
allow_blockscout_p2p: true
|
||||
allow_blockscout_http: false
|
||||
|
|
|
@ -4,7 +4,7 @@ user: ubuntu
|
|||
|
||||
allow_blockscout_ssh: true
|
||||
allow_blockscout_p2p: true
|
||||
allow_blockscout_http: true
|
||||
allow_blockscout_http: false
|
||||
|
||||
username: "blockscout"
|
||||
users:
|
||||
|
@ -18,7 +18,7 @@ reboot_after_completion: false
|
|||
install_debug_tools: "no"
|
||||
install_firewall: false
|
||||
|
||||
blockscout_version: "master"
|
||||
blockscout_version: "df6ec81b68"
|
||||
db_user: "blockscout"
|
||||
db_user_password: "dvYYTbhdhuuOLMf74ghu"
|
||||
PROXY_PORT: "4000"
|
|
@ -1,3 +1,6 @@
|
|||
---
|
||||
- name: restart poa-blockscout
|
||||
service: name=poa-blockscout state=restarted
|
||||
|
||||
- name: restart ufw
|
||||
service: name=ufw state=restarted
|
|
@ -67,3 +67,11 @@
|
|||
|
||||
- name: Ensure poa-blockscout is running and enabled to start at boot
|
||||
service: name=poa-blockscout state=started enabled=yes
|
||||
|
||||
- name: Setup ufw firewall
|
||||
import_tasks: ufw.yml
|
||||
when: install_firewall
|
||||
|
||||
- name: restart machine after setup
|
||||
shell: shutdown -r 1
|
||||
when: reboot_after_completion == true
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
# to verify ufw configuration run:
|
||||
# sudo ufw status verbose
|
||||
|
||||
- name: Install ufw
|
||||
package: name=ufw state=present
|
||||
|
||||
- name: Clean old rules
|
||||
ufw: state=reset
|
||||
|
||||
- name: Configure ufw defaults
|
||||
ufw: direction={{ item.direction }} policy={{ item.policy }}
|
||||
with_items:
|
||||
- { direction: 'incoming', policy: 'deny' }
|
||||
- { direction: 'outgoing', policy: 'allow' }
|
||||
notify:
|
||||
- restart ufw
|
||||
|
||||
- name: Add ufw ssh access
|
||||
ufw: rule='allow' port='22' proto='tcp'
|
||||
notify:
|
||||
- restart ufw
|
||||
when: allow_blockscout_ssh == true
|
||||
|
||||
- name: Add ufw https access
|
||||
ufw: rule='allow' port='443' proto='tcp'
|
||||
notify:
|
||||
- restart ufw
|
||||
|
||||
- name: Add ufw p2p access
|
||||
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
|
||||
with_items:
|
||||
- { rule: 'allow', port: '30303', proto: 'tcp' }
|
||||
- { rule: 'allow', port: '30303', proto: 'udp' }
|
||||
notify:
|
||||
- restart ufw
|
||||
when: allow_explorer_p2p == true
|
||||
|
||||
- name: Add ufw http-4000 access
|
||||
ufw: rule='allow' port='4000' proto='tcp'
|
||||
notify:
|
||||
- restart ufw
|
||||
when: allow_blockscout_http == true
|
||||
|
||||
- name: Enable ufw logging
|
||||
ufw: logging=off
|
||||
notify:
|
||||
- restart ufw
|
||||
|
||||
- name: Enable ufw
|
||||
ufw: state=enabled
|
|
@ -10,6 +10,7 @@ cors=["all"]
|
|||
reserved_peers="{{ home }}/bootnodes.txt"
|
||||
nat="extip:{{ ansible_host }}"
|
||||
port = 30303
|
||||
max_peers = 100
|
||||
|
||||
[websockets]
|
||||
disable = false
|
||||
|
@ -19,9 +20,6 @@ origins = ["all"]
|
|||
apis = ["all"]
|
||||
hosts = ["all"]
|
||||
|
||||
[ipc]
|
||||
disable = true
|
||||
|
||||
[ui]
|
||||
disable = true
|
||||
|
||||
|
|
Loading…
Reference in New Issue