search

w3f / polkadot-validator-setup

Polkadot Validator Secure Setup
Apache License 2.0
217 stars 130 forks source link

Add condition for enabling reverse proxy #133

Closed lamafab closed 3 years ago

lamafab commented 3 years ago

Allows you to enable/disable the reverse proxy via the inventory (disabled by default):

# ## Validator 0
[validator_0]
147.75.76.65

[validator_0:vars]
ansible_user=alice
# Preferably use a private telemetry server
telemetryUrl=wss://telemetry.polkadot.io/submit/
loggingFilter='sync=warn,afg=warn,babe=warn'
enableReverseProxy = false

NOTE: I don't want to just make assumptions about user's systems. So when you execute this script and do not enable the reverse proxy, it will:

Is this behavior acceptable?

ilhanu commented 3 years ago

In the polkadot service file: ansible/roles/polkadot-validator/templates/polkadot.service.j2 your missing an else statement for the p2p port.

{% if hostvars[inventory_hostname].enableReverseProxy is defined and hostvars[inventory_hostname].enableReverseProxy is true %}  
--public-addr=/ip4/{{ hostvars[inventory_hostname].public_ip.json.ip }}/tcp/{{ proxy_port }} \  
  {% else %}
--public-addr=/ip4/{{ hostvars[inventory_hostname].public_ip.json.ip }}/tcp/{{ p2p_port }} \  
{% endif %}

For the rest it seems all acceptable.

ilhanu commented 3 years ago

Also if you set enableReverseProxy = false then it gives a fatal error in a new install, as ngninx doesn't get installed. "htpasswd: cannot create file /etc/nginx/.htpasswd\nchmod: cannot access '/etc/nginx/.htpasswd': No such file or directory\nchown