Add Caddy, make RPC node accessible over TLS, change RPC security

devops/infrastructure/deploy-infra.sh

@@ -45,6 +45,9 @@ aws cloudformation deploy \
 
 # If the deploy succeeded, get the IP, create inventory and configure the created instances
 if [ $? -eq 0 ]; then
+  # Install additional Ansible roles from requirements
+  ansible-galaxy install -r requirements.yml
+
   VALIDATORS=$(aws cloudformation list-exports \
     --profile $CLI_PROFILE \
     --query "Exports[?starts_with(Name,'${NEW_STACK_NAME}PublicIp')].Value" \

devops/infrastructure/main.yml

@@ -51,6 +51,14 @@ Resources:
           FromPort: 9944
           ToPort: 9944
           CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: 30333
+          ToPort: 30333
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: 443
+          ToPort: 443
+          CidrIp: 0.0.0.0/0
         - IpProtocol: tcp
           FromPort: 22
           ToPort: 22

devops/infrastructure/requirements.yml

@@ -0,0 +1,3 @@
+---
+roles:
+- caddy_ansible.caddy_ansible

devops/infrastructure/roles/rpc/tasks/main.yml

@@ -20,3 +20,17 @@
     name: joystream-node
     state: started
   become: yes
+
+- name: Install and configure Caddy
+  include_role:
+    name: caddy_ansible.caddy_ansible
+    apply:
+      become: yes
+  vars:
+    caddy_config: "{{ lookup('template', 'templates/Caddyfile.j2') }}"
+    caddy_systemd_capabilities_enabled: true
+    public_ip: "{{ inventory_hostname }}"
+
+- name: Print RPC node DNS
+  debug:
+    msg: "RPC Node DNS is: https://{{ inventory_hostname }}.nip.io"

devops/infrastructure/roles/rpc/templates/Caddyfile.j2

@@ -0,0 +1,3 @@
+{{ public_ip }}.nip.io
+
+reverse_proxy localhost:9944