diff --git a/explorer/terraform/aws/taurus/main.tf b/explorer/terraform/aws/taurus/main.tf index 81527d19..4f346867 100644 --- a/explorer/terraform/aws/taurus/main.tf +++ b/explorer/terraform/aws/taurus/main.tf @@ -40,7 +40,7 @@ module "subql" { instance-type = var.instance_type deployment-version = 0 regions = var.aws_region - instance-count-blue = var.instance_count_blue + instance-count-blue = 0 #var.instance_count_blue disk-volume-size = var.disk_volume_size disk-volume-type = var.disk_volume_type environment = "production" @@ -54,7 +54,7 @@ module "subql" { instance-type = var.instance_type deployment-version = 0 regions = var.aws_region - instance-count-green = var.instance_count_green + instance-count-green = 0 #var.instance_count_green disk-volume-size = var.disk_volume_size disk-volume-type = var.disk_volume_type environment = "staging" diff --git a/templates/terraform/subql/base/bootstrap_nova_subql_provisioner.tf b/templates/terraform/subql/base/bootstrap_nova_subql_provisioner.tf index 6547c48b..f4e9502d 100644 --- a/templates/terraform/subql/base/bootstrap_nova_subql_provisioner.tf +++ b/templates/terraform/subql/base/bootstrap_nova_subql_provisioner.tf @@ -62,22 +62,6 @@ resource "null_resource" "setup-nova-blue-subql-nodes" { destination = "/home/${var.ssh_user}/subql/install_docker.sh" } - # copy nginx config files - provisioner "file" { - source = "${var.path_to_configs}/nginx-subql.conf" - destination = "/home/${var.ssh_user}/subql/backend.conf" - } - - provisioner "file" { - source = "${var.path_to_configs}/cors-settings.conf" - destination = "/home/${var.ssh_user}/subql/cors-settings.conf" - } - # copy nginx install file - provisioner "file" { - source = "${var.path_to_scripts}/install_nginx.sh" - destination = "/home/${var.ssh_user}/subql/install_nginx.sh" - } - } resource "null_resource" "setup-nova-green-subql-nodes" { @@ -132,22 +116,6 @@ resource "null_resource" "setup-nova-green-subql-nodes" { destination = "/home/${var.ssh_user}/subql/install_docker.sh" } - # copy nginx config files - provisioner "file" { - source = "${var.path_to_configs}/nginx-subql.conf" - destination = "/home/${var.ssh_user}/subql/backend.conf" - } - - provisioner "file" { - source = "${var.path_to_configs}/cors-settings.conf" - destination = "/home/${var.ssh_user}/subql/cors-settings.conf" - } - # copy nginx install file - provisioner "file" { - source = "${var.path_to_scripts}/install_nginx.sh" - destination = "/home/${var.ssh_user}/subql/install_nginx.sh" - } - } resource "null_resource" "start-nova-blue-subql-nodes" { @@ -174,25 +142,13 @@ resource "null_resource" "start-nova-blue-subql-nodes" { # install deployments provisioner "remote-exec" { inline = [ - # install nginx, certbot, docker and docker compose + # install docker and docker compose "chmod +x /home/${var.ssh_user}/subql/install_docker.sh", "sudo bash /home/${var.ssh_user}/subql/install_docker.sh", # start docker daemon "sudo systemctl enable --now docker.service", "sudo systemctl restart docker.service", - # copy files - "sudo cp -f /home/${var.ssh_user}/subql/cors-settings.conf /etc/nginx/cors-settings.conf", - "sudo cp -f /home/${var.ssh_user}/subql/backend.conf /etc/nginx/backend.conf", - "chmod +x /home/${var.ssh_user}/subql/install_nginx.sh", - "sudo bash /home/${var.ssh_user}/subql/install_nginx.sh", - # start systemd services - "sudo systemctl daemon-reload", - # start nginx - "sudo systemctl enable nginx", - "sudo systemctl start nginx", - # install certbot & generate domain - "sudo certbot --nginx --non-interactive -v --agree-tos -m alerts@subspace.network -d ${var.blue-subql-node-config.domain-prefix}.${var.network_name}.subspace.network", - "sudo systemctl restart nginx", + # set hostname "sudo hostnamectl set-hostname subql-${var.blue-subql-node-config.network-name}", @@ -233,41 +189,26 @@ resource "null_resource" "nova-start-green-subql-nodes" { } - # install nginx, certbot, docker and docker compose + # install docker and docker compose provisioner "remote-exec" { inline = [ "chmod +x /home/${var.ssh_user}/subql/install_docker.sh", "sudo bash /home/${var.ssh_user}/subql/install_docker.sh", - # install nginx - "chmod +x /home/${var.ssh_user}/subql/install_nginx.sh", - "sudo bash /home/${var.ssh_user}/subql/install_nginx.sh", ] } # install deployments provisioner "remote-exec" { inline = [ - # install nginx, certbot, docker and docker compose + # install docker and docker compose "chmod +x /home/${var.ssh_user}/subql/install_docker.sh", "sudo bash /home/${var.ssh_user}/subql/install_docker.sh", # start docker daemon "sudo systemctl enable --now docker.service", "sudo systemctl restart docker.service", - # copy files - "sudo cp -f /home/${var.ssh_user}/subql/cors-settings.conf /etc/nginx/cors-settings.conf", - "sudo cp -f /home/${var.ssh_user}/subql/backend.conf /etc/nginx/backend.conf", - "chmod +x /home/${var.ssh_user}/subql/install_nginx.sh", - "sudo bash /home/${var.ssh_user}/subql/install_nginx.sh", - # start systemd services - "sudo systemctl daemon-reload", - # start nginx - "sudo systemctl enable nginx", - "sudo systemctl start nginx", - # install certbot & generate domain - "sudo certbot --nginx --non-interactive -v --agree-tos -m alerts@subspace.network -d subql.${var.network_name}.subspace.network -d ${var.blue-subql-node-config.domain-prefix}.subql.${var.network_name}.subspace.network", - "sudo systemctl restart nginx", + # set hostname - "sudo hostnamectl set-hostname subql-${var.blue-subql-node-config.network-name}", + "sudo hostnamectl set-hostname subql-${var.green-subql-node-config.deployment-color}-${var.green-subql-node-config.network-name}", # create .env file "echo NR_API_KEY=${var.nr_api_key} >> /home/${var.ssh_user}/subql/.env", diff --git a/templates/terraform/subql/base/bootstrap_subql_provisioner.tf b/templates/terraform/subql/base/bootstrap_subql_provisioner.tf index ae8c11e1..0ce92d0a 100644 --- a/templates/terraform/subql/base/bootstrap_subql_provisioner.tf +++ b/templates/terraform/subql/base/bootstrap_subql_provisioner.tf @@ -62,22 +62,6 @@ resource "null_resource" "setup-blue-subql-nodes" { destination = "/home/${var.ssh_user}/subql/install_docker.sh" } - # copy nginx config files - provisioner "file" { - source = "${var.path_to_configs}/nginx-subql.conf" - destination = "/home/${var.ssh_user}/subql/backend.conf" - } - - provisioner "file" { - source = "${var.path_to_configs}/cors-settings.conf" - destination = "/home/${var.ssh_user}/subql/cors-settings.conf" - } - # copy nginx install file - provisioner "file" { - source = "${var.path_to_scripts}/install_nginx.sh" - destination = "/home/${var.ssh_user}/subql/install_nginx.sh" - } - } resource "null_resource" "setup-green-subql-nodes" { @@ -132,22 +116,6 @@ resource "null_resource" "setup-green-subql-nodes" { destination = "/home/${var.ssh_user}/subql/install_docker.sh" } - # copy nginx config files - provisioner "file" { - source = "${var.path_to_configs}/nginx-subql.conf" - destination = "/home/${var.ssh_user}/subql/backend.conf" - } - - provisioner "file" { - source = "${var.path_to_configs}/cors-settings.conf" - destination = "/home/${var.ssh_user}/subql/cors-settings.conf" - } - # copy nginx install file - provisioner "file" { - source = "${var.path_to_scripts}/install_nginx.sh" - destination = "/home/${var.ssh_user}/subql/install_nginx.sh" - } - } resource "null_resource" "start-blue-subql-nodes" { @@ -174,27 +142,15 @@ resource "null_resource" "start-blue-subql-nodes" { # install deployments provisioner "remote-exec" { inline = [ - # install nginx, certbot, docker and docker compose + # install docker and docker compose "chmod +x /home/${var.ssh_user}/subql/install_docker.sh", "sudo bash /home/${var.ssh_user}/subql/install_docker.sh", # start docker daemon "sudo systemctl enable --now docker.service", "sudo systemctl restart docker.service", - # copy files - "sudo cp -f /home/${var.ssh_user}/subql/cors-settings.conf /etc/nginx/cors-settings.conf", - "sudo cp -f /home/${var.ssh_user}/subql/backend.conf /etc/nginx/backend.conf", - "chmod +x /home/${var.ssh_user}/subql/install_nginx.sh", - "sudo bash /home/${var.ssh_user}/subql/install_nginx.sh", - # start systemd services - "sudo systemctl daemon-reload", - # start nginx - "sudo systemctl enable nginx", - "sudo systemctl start nginx", - # install certbot & generate domain - "sudo certbot --nginx --non-interactive -v --agree-tos -m alerts@subspace.network -d ${var.blue-subql-node-config.domain-prefix}.${var.network_name}.subspace.network", - "sudo systemctl restart nginx", + # set hostname - "sudo hostnamectl set-hostname subql-${var.blue-subql-node-config.network-name}", + "sudo hostnamectl set-hostname subql-${var.blue-subql-node-config.deployment-color}-${var.blue-subql-node-config.network-name}", # create .env file "echo NR_API_KEY=${var.nr_api_key} >> /home/${var.ssh_user}/subql/.env", @@ -234,41 +190,26 @@ resource "null_resource" "start-green-subql-nodes" { } - # install nginx, certbot, docker and docker compose + # install docker and docker compose provisioner "remote-exec" { inline = [ "chmod +x /home/${var.ssh_user}/subql/install_docker.sh", "sudo bash /home/${var.ssh_user}/subql/install_docker.sh", - # install nginx - "chmod +x /home/${var.ssh_user}/subql/install_nginx.sh", - "sudo bash /home/${var.ssh_user}/subql/install_nginx.sh", ] } # install deployments provisioner "remote-exec" { inline = [ - # install nginx, certbot, docker and docker compose + # install docker and docker compose "chmod +x /home/${var.ssh_user}/subql/install_docker.sh", "sudo bash /home/${var.ssh_user}/subql/install_docker.sh", # start docker daemon "sudo systemctl enable --now docker.service", "sudo systemctl restart docker.service", - # copy files - "sudo cp -f /home/${var.ssh_user}/subql/cors-settings.conf /etc/nginx/cors-settings.conf", - "sudo cp -f /home/${var.ssh_user}/subql/backend.conf /etc/nginx/backend.conf", - "chmod +x /home/${var.ssh_user}/subql/install_nginx.sh", - "sudo bash /home/${var.ssh_user}/subql/install_nginx.sh", - # start systemd services - "sudo systemctl daemon-reload", - # start nginx - "sudo systemctl enable nginx", - "sudo systemctl start nginx", - # install certbot & generate domain - "sudo certbot --nginx --non-interactive -v --agree-tos -m alerts@subspace.network -d subql.${var.network_name}.subspace.network -d ${var.blue-subql-node-config.domain-prefix}.subql.${var.network_name}.subspace.network", - "sudo systemctl restart nginx", + # set hostname - "sudo hostnamectl set-hostname subql-${var.blue-subql-node-config.network-name}", + "sudo hostnamectl set-hostname subql-${var.green-subql-node-config.deployment-color}-${var.green-subql-node-config.network-name}", # create .env file "echo NR_API_KEY=${var.nr_api_key} >> /home/${var.ssh_user}/subql/.env", diff --git a/templates/terraform/subql/base/config/cors-settings.conf b/templates/terraform/subql/base/config/cors-settings.conf deleted file mode 100644 index a89cd350..00000000 --- a/templates/terraform/subql/base/config/cors-settings.conf +++ /dev/null @@ -1,41 +0,0 @@ -if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - - add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; - - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; -} -if ($request_method = 'POST') { - - add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; - - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; -} -if ($request_method = 'GET') { - - add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; - - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; -} -if ($request_method = 'HEAD') { - - add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; - - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'HEAD, GET, POST, OPTIONS'; -} diff --git a/templates/terraform/subql/base/config/nginx-subql.conf b/templates/terraform/subql/base/config/nginx-subql.conf deleted file mode 100644 index 21295282..00000000 --- a/templates/terraform/subql/base/config/nginx-subql.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - root /var/www/html; - index index.html index.htm index.nginx-debian.html; - - server_name _; - - location ~* \.(?:css|js|json)$ { - try_files $uri $uri/ @backend; - } - - location @backend { - proxy_pass http://127.0.0.1:4350; - } - - location /graphql { - proxy_buffering off; - proxy_pass http://127.0.0.1:4350/graphql; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - } - -} diff --git a/templates/terraform/subql/base/instances.tf b/templates/terraform/subql/base/instances.tf index e8b3d4d3..c93c7dda 100644 --- a/templates/terraform/subql/base/instances.tf +++ b/templates/terraform/subql/base/instances.tf @@ -5,7 +5,7 @@ resource "aws_instance" "subql_blue_node" { subnet_id = element(aws_subnet.public_subnets.*.id, 0) availability_zone = element(var.azs, 0) # Security Group - vpc_security_group_ids = ["${aws_security_group.gemini-subql-sg.id}"] + vpc_security_group_ids = ["${aws_security_group.subql-sg.id}"] # the Public SSH key key_name = var.aws_key_name associate_public_ip_address = true @@ -44,9 +44,9 @@ resource "aws_instance" "subql_blue_node" { provisioner "remote-exec" { inline = [ "cloud-init status --wait", - "export DEBIAN_FRONTEND=noninteractive", "sudo apt update -y", - "sudo apt install git curl btop wget gnupg openssl net-tools git -y", + "sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y", + "sudo DEBIAN_FRONTEND=noninteractive apt install git curl btop wget gnupg openssl net-tools git -y", ] @@ -73,7 +73,7 @@ resource "aws_instance" "subql_green_node" { subnet_id = element(aws_subnet.public_subnets.*.id, count.index) availability_zone = element(var.azs, count.index) # Security Group - vpc_security_group_ids = ["${aws_security_group.gemini-subql-sg.id}"] + vpc_security_group_ids = ["${aws_security_group.subql-sg.id}"] # the Public SSH key key_name = var.aws_key_name associate_public_ip_address = true @@ -111,10 +111,9 @@ resource "aws_instance" "subql_green_node" { provisioner "remote-exec" { inline = [ "cloud-init status --wait", - "export DEBIAN_FRONTEND=noninteractive", "sudo apt update -y", - "sudo apt upgrade -y", - "sudo apt install git curl btop wget gnupg openssl net-tools git -y", + "sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y", + "sudo DEBIAN_FRONTEND=noninteractive apt install git curl btop wget gnupg openssl net-tools git -y", ] @@ -140,7 +139,7 @@ resource "aws_instance" "nova_subql_blue_node" { subnet_id = element(aws_subnet.public_subnets.*.id, count.index) availability_zone = element(var.azs, count.index) # Security Group - vpc_security_group_ids = ["${aws_security_group.gemini-subql-sg.id}"] + vpc_security_group_ids = ["${aws_security_group.subql-sg.id}"] # the Public SSH key key_name = var.aws_key_name associate_public_ip_address = true @@ -156,7 +155,7 @@ resource "aws_instance" "nova_subql_blue_node" { tags = { name = "subql-${var.nova-blue-subql-node-config.network-name}" - Name = "${var.nova-blue-subql-node-config.domain-prefix}-subql-${var.nova-blue-subql-node-config.network-name}" + Name = "${var.nova-blue-subql-node-config.domain-prefix}-${var.nova-blue-subql-node-config.network-name}" role = "block explorer" os_name = "ubuntu" os_version = "22.04" @@ -178,11 +177,9 @@ resource "aws_instance" "nova_subql_blue_node" { provisioner "remote-exec" { inline = [ "cloud-init status --wait", - "export DEBIAN_FRONTEND=noninteractive", "sudo apt update -y", - "sudo apt upgrade -y", - "sudo apt install git curl btop wget gnupg openssl net-tools git -y", - + "sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y", + "sudo DEBIAN_FRONTEND=noninteractive apt install git curl btop wget gnupg openssl net-tools git -y", ] on_failure = continue @@ -207,7 +204,7 @@ resource "aws_instance" "nova_subql_green_node" { subnet_id = element(aws_subnet.public_subnets.*.id, count.index) availability_zone = element(var.azs, count.index) # Security Group - vpc_security_group_ids = ["${aws_security_group.gemini-subql-sg.id}"] + vpc_security_group_ids = ["${aws_security_group.subql-sg.id}"] # the Public SSH key key_name = var.aws_key_name associate_public_ip_address = true @@ -223,7 +220,7 @@ resource "aws_instance" "nova_subql_green_node" { tags = { name = "subql-${var.nova-green-subql-node-config.network-name}" - Name = "${var.nova-green-subql-node-config.domain-prefix}-subql-${var.nova-green-subql-node-config.network-name}" + Name = "${var.nova-green-subql-node-config.domain-prefix}-${var.nova-green-subql-node-config.network-name}" role = "block explorer" os_name = "ubuntu" os_version = "22.04" @@ -245,11 +242,9 @@ resource "aws_instance" "nova_subql_green_node" { provisioner "remote-exec" { inline = [ "cloud-init status --wait", - "export DEBIAN_FRONTEND=noninteractive", "sudo apt update -y", - "sudo apt upgrade -y", - "sudo apt install git curl btop wget gnupg openssl net-tools git -y", - + "sudo DEBIAN_FRONTEND=noninteractiveapt upgrade -y", + "sudo DEBIAN_FRONTEND=noninteractive apt install git curl btop wget gnupg openssl net-tools git -y", ] on_failure = continue diff --git a/templates/terraform/subql/base/network.tf b/templates/terraform/subql/base/network.tf index 2fecb3a1..db4ad4af 100644 --- a/templates/terraform/subql/base/network.tf +++ b/templates/terraform/subql/base/network.tf @@ -1,4 +1,4 @@ -resource "aws_vpc" "gemini-subql-vpc" { +resource "aws_vpc" "subql-vpc" { cidr_block = var.vpc_cidr_block enable_dns_support = true enable_dns_hostnames = true @@ -12,7 +12,7 @@ resource "aws_vpc" "gemini-subql-vpc" { resource "aws_subnet" "public_subnets" { count = length(var.public_subnet_cidrs) - vpc_id = aws_vpc.gemini-subql-vpc.id + vpc_id = aws_vpc.subql-vpc.id cidr_block = element(var.public_subnet_cidrs, count.index) availability_zone = element(var.azs, count.index) map_public_ip_on_launch = "true" @@ -25,7 +25,7 @@ resource "aws_subnet" "public_subnets" { resource "aws_internet_gateway" "subql-gw" { count = length(var.public_subnet_cidrs) - vpc_id = aws_vpc.gemini-subql-vpc.id + vpc_id = aws_vpc.subql-vpc.id tags = { Name = "${var.network_name}-subql-gw-public-subnet-${count.index}" @@ -39,7 +39,7 @@ resource "aws_internet_gateway" "subql-gw" { resource "aws_route_table" "public_route_table" { count = length(var.public_subnet_cidrs) - vpc_id = aws_vpc.gemini-subql-vpc.id + vpc_id = aws_vpc.subql-vpc.id route { cidr_block = "0.0.0.0/0" @@ -66,10 +66,10 @@ resource "aws_route_table_association" "public_route_table_subnets_association" route_table_id = element(aws_route_table.public_route_table.*.id, count.index) } -resource "aws_security_group" "gemini-subql-sg" { +resource "aws_security_group" "subql-sg" { name = "${var.network_name}-subql-sg" description = "Allow HTTP and HTTPS inbound traffic" - vpc_id = aws_vpc.gemini-subql-vpc.id + vpc_id = aws_vpc.subql-vpc.id ingress { description = "HTTPS for VPC" @@ -108,6 +108,6 @@ resource "aws_security_group" "gemini-subql-sg" { } depends_on = [ - aws_vpc.gemini-subql-vpc + aws_vpc.subql-vpc ] } diff --git a/templates/terraform/subql/base/outputs.tf b/templates/terraform/subql/base/outputs.tf index 993b43f4..3f7c0836 100644 --- a/templates/terraform/subql/base/outputs.tf +++ b/templates/terraform/subql/base/outputs.tf @@ -1,7 +1,7 @@ // Output Variables output "ingress_rules" { - value = aws_security_group.gemini-subql-sg.*.ingress + value = aws_security_group.subql-sg.*.ingress } output "subql_blue_node_server_id" { diff --git a/templates/terraform/subql/base/scripts/install_docker.sh b/templates/terraform/subql/base/scripts/install_docker.sh index 36355f3c..88e95108 100755 --- a/templates/terraform/subql/base/scripts/install_docker.sh +++ b/templates/terraform/subql/base/scripts/install_docker.sh @@ -1,7 +1,6 @@ #!/bin/sh # updates -export DEBIAN_FRONTEND=noninteractive sudo apt update -y # install docker & Docker Compose @@ -14,7 +13,7 @@ echo \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update -y -sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y +sudo DEBIAN_FRONTEND=noninteractive apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y # set max socket connections if ! (grep -iq "net.core.somaxconn" /etc/sysctl.conf && sed -i 's/.*net.core.somaxconn.*/net.core.somaxconn=65535/' /etc/sysctl.conf); then diff --git a/templates/terraform/subql/base/scripts/install_nginx.sh b/templates/terraform/subql/base/scripts/install_nginx.sh deleted file mode 100644 index 726f1b6c..00000000 --- a/templates/terraform/subql/base/scripts/install_nginx.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/bash -sudo DEBIAN_FRONTEND=noninteractive apt install nginx certbot python3-certbot-nginx --no-install-recommends -y -cat /dev/null > /etc/nginx/nginx.conf -cat << EOF >> /etc/nginx/nginx.conf -user www-data; -worker_processes auto; -worker_rlimit_nofile 32000; -pid /run/nginx.pid; -#include /etc/nginx/modules-enabled/*.conf; -#load_module modules/ngx_http_modsecurity_module.so; - -events { - worker_connections 16000; - multi_accept on; - use epoll; -} - -http { - - ## - # Basic Settings - ## - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 120; - send_timeout 120; - keepalive_requests 50000; - keepalive_disable none; - reset_timedout_connection on; - proxy_ignore_client_abort on; - client_body_timeout 120; - client_header_timeout 120; - types_hash_max_size 2048; - underscores_in_headers on; - # server_tokens off; - - server_names_hash_bucket_size 128; - # server_name_in_redirect off; - - include /etc/nginx/mime.types; - default_type application/json; - - # Buffers - client_body_buffer_size 128K; - client_header_buffer_size 1k; - client_max_body_size 1m; - large_client_header_buffers 4 64k; - - ## - # SSL Settings - ## - ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE and TLS 1.1, ref: BEAST/CRIME - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:20m; - ssl_session_timeout 10m; - ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; - ssl_dhparam /etc/nginx/ssl/dhparam.pem; - ssl_stapling on; - ssl_stapling_verify on; - - # Security - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options nosniff; - - - # Add CORS for Explorer - #add_header Access-Control-Allow-Origin *; - #add_header Access-Control-Max-Age 3600; - #add_header Access-Control-Expose-Headers Content-Length; - - - # Proxy settings - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_intercept_errors on; - - ## - # Logging Settings - ## - - log_format compression '\$remote_addr - [\$time_local] \$request \$status \$body_bytes_sent \$http_referer \$http_user_agent \$gzip_ratio'; - - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - - gzip_vary on; - gzip_proxied expired no-cache no-store private auth; - gzip_comp_level 2; - gzip_buffers 16 8k; - gzip_http_version 1.1; - gzip_min_length 256; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/backend.conf; - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} -EOF diff --git a/templates/terraform/subql/base/scripts/install_nodejs.sh b/templates/terraform/subql/base/scripts/install_nodejs.sh deleted file mode 100644 index e69de29b..00000000 diff --git a/templates/terraform/subql/base/scripts/install_subql_stack.sh b/templates/terraform/subql/base/scripts/install_subql_stack.sh index cd7c0e11..15dbd057 100644 --- a/templates/terraform/subql/base/scripts/install_subql_stack.sh +++ b/templates/terraform/subql/base/scripts/install_subql_stack.sh @@ -12,32 +12,45 @@ if ! command -v git &> /dev/null; then exit 1 fi +# Install Node.js latest LTS version +## Fetch the latest LTS version of Node.js using NodeSource +curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - + +# Install Node.js +sudo DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs + +# Verify installation +node -v +npm -v + # clone the astral repository from Github git clone https://github.com/autonomys/astral.git cd astral -# Function to run a command in a new tmux session -run_in_tmux_session() { - local session_name="$1" - local cmd="$2" +# # Function to run a command in a new tmux session +# run_in_tmux_session() { +# local session_name="$1" +# local cmd="$2" + +# tmux new-session -d -s "$session_name" "$cmd" +# } - tmux new-session -d -s "$session_name" "$cmd" -} +# # Start indexers stack +# echo "Starting indexers stack..." +# cd indexers || exit 1 +# yarn || exit 1 +# run_in_tmux_session "indexers_dev" "yarn prod" || exit 1 -# Start indexers stack -echo "Starting indexers stack..." -cd indexers || exit -yarn -run_in_tmux_session "indexers_dev" "yarn prod" +# # Wait for indexers to sync (adjust sleep duration as needed) +# echo "Waiting for indexers to sync blocks... (sleeping for 30 seconds)" +# sleep 30 -# Wait for indexers to sync (adjust sleep duration as needed) -echo "Waiting for indexers to sync blocks... (sleeping for 30 seconds)" -sleep 30 +# # Run metadata in a new session +# echo "Running yarn metadata in a new session..." +# run_in_tmux_session "indexers_metadata" "cd indexers && yarn metadata && yarn migrate --database-name taurus" || exit 1 -# Run metadata in a new session -echo "Running yarn metadata in a new session..." -run_in_tmux_session "indexers_metadata" "cd indexers && yarn metadata && yarn migrate --database-name taurus" +# # Start Hasura console in a new session +# echo "Starting Hasura console in a new session..." +# run_in_tmux_session "hasura_console" "cd indexers && yarn console" || exit 1 -# Start Hasura console in a new session -echo "Starting Hasura console in a new session..." -run_in_tmux_session "hasura_console" "cd indexers && yarn console" +exit 0 diff --git a/templates/terraform/subql/base/variables.tf b/templates/terraform/subql/base/variables.tf index fcade6c9..904c73d8 100644 --- a/templates/terraform/subql/base/variables.tf +++ b/templates/terraform/subql/base/variables.tf @@ -82,7 +82,7 @@ variable "aws_key_name" { variable "network_name" { description = "Network name" type = string - default = "gemini-3h" + default = "taurus" } variable "path_to_scripts" {