Chore: Reconfigure insight

ansible/group_vars/all

@@ -109,6 +109,7 @@ faucet_minimum_payout: 10
 faucet_maximum_payout: 10
 faucet_payout_threshold: 100
 faucet_payout_interval: "5m"
+faucet_port: 3003
 
 # Example faucet address/privkey (provide your own in network config)
 #faucet_address: yhvXpqQjfN9S4j5mBKbxeGxiETJrrLETg5

ansible/roles/insight/templates/docker-compose.yml.j2

@@ -18,7 +18,7 @@ services:
     depends_on:
       - insight
     ports:
-      - {{ insight_port }}:{{ insight_port }}
+      - 80:80
     volumes:
       - {{ insight_path }}/insight-proxy-nginx.conf:/etc/nginx/conf.d/default.conf
 

ansible/roles/insight/templates/insight-proxy-nginx.conf.j2

@@ -1,17 +1,25 @@
 server {
-    listen 3001;
+    listen 80;
 
-    location / {
-        proxy_pass http://{{ private_ip }}:3002;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Real-IP $remote_addr;
+    location = / {
+        return 301 /insight/;
     }
 
-    location /insight-api-dash {
+    # 1) Pass /insight-api requests directly
+    location ^~ /insight-api {
         proxy_pass http://{{ private_ip }}:3002/insight-api/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host              $host;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP         $remote_addr;
+    }
+
+    # 2) Rewrite everything else under /insight
+    location / {
+
+        # Then proxy it to the same app
+        proxy_pass http://{{ private_ip }}:3002;
+        proxy_set_header Host              $host;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP         $remote_addr;
     }
 }

ansible/roles/multifaucet/templates/docker-compose.yml.j2

@@ -40,7 +40,7 @@ services:
     volumes:
       - ./config:/var/www/html/config/
     ports:
-      - 80:80
+      - {{ faucet_port }}:80
 
 volumes:
   mysql:

terraform/aws/instances.tf

@@ -314,6 +314,7 @@ resource "aws_instance" "hp_masternode_arm" {
 
   subnet_id = element(aws_subnet.public.*.id, count.index)
 
+
   root_block_device {
     volume_size = var.hpmn_node_disk_size
     volume_type = var.volume_type
@@ -332,7 +333,8 @@ resource "aws_instance" "hp_masternode_arm" {
   }
 
   lifecycle {
-    ignore_changes = [ami]
+    ignore_changes = [ami, root_block_device[0].volume_size]
+
   }
 
 }

terraform/aws/main.tf

@@ -107,43 +107,72 @@ resource "aws_elb" "web" {
   listener {
     instance_port     = var.faucet_port
     instance_protocol = "http"
-    lb_port           = var.faucet_port
+    lb_port           = 80
     lb_protocol       = "http"
   }
 
   listener {
     instance_port      = var.faucet_port
     instance_protocol  = "http"
-    lb_port            = var.faucet_https_port
+    lb_port            = 443
     lb_protocol        = "https"
     ssl_certificate_id = aws_acm_certificate_validation.faucet.certificate_arn
   }
 
+  health_check {
+    healthy_threshold   = 2
+    interval            = 20
+    target              = "HTTP:${var.faucet_port}/"
+    timeout             = 3
+    unhealthy_threshold = 2
+  }
+
+  tags = {
+    Name        = "dn-${terraform.workspace}-web"
+    DashNetwork = terraform.workspace
+  }
+}
+
+resource "aws_elb" "insight" {
+  name = "${var.public_network_name}-insight"
+
+  subnets = aws_subnet.public.*.id
+
+  count = var.web_count >= 1 ? 1 : 0
+
+  security_groups = [
+    aws_security_group.elb.id,
+  ]
+
+  instances = [
+    aws_instance.web[0].id,
+  ]
+
   listener {
     instance_port     = var.insight_port
     instance_protocol = "http"
-    lb_port           = var.insight_port
+    lb_port           = 80
     lb_protocol       = "http"
   }
 
   listener {
     instance_port      = var.insight_port
     instance_protocol  = "http"
-    lb_port            = var.insight_https_port
+    lb_port            = 443
     lb_protocol        = "https"
     ssl_certificate_id = aws_acm_certificate_validation.insight.certificate_arn
   }
 
   health_check {
     healthy_threshold   = 2
     interval            = 20
-    target              = "HTTP:80/"
+    target              = "HTTP:80/insight-api/status"
     timeout             = 3
     unhealthy_threshold = 2
   }
 
   tags = {
-    Name        = "dn-${terraform.workspace}-web"
+    Name        = "dn-${terraform.workspace}-insight"
     DashNetwork = terraform.workspace
   }
 }
@@ -283,7 +312,7 @@ resource "aws_route53_record" "insight" {
   name    = "insight.${var.public_network_name}.${var.main_domain}"
   type    = "CNAME"
   ttl     = "300"
-  records = [aws_elb.web[count.index].dns_name]
+  records = [aws_elb.insight[count.index].dns_name]
 
   count = length(var.main_domain) > 1 ? 1 : 0
 }

terraform/aws/security_groups.tf

@@ -164,8 +164,8 @@ resource "aws_security_group" "http" {
   vpc_id      = aws_vpc.default.id
 
   ingress {
-    from_port   = 80
-    to_port     = 80
+    from_port   = var.faucet_port
+    to_port     = var.faucet_port
     protocol    = "tcp"
     description = "Faucet"
 
@@ -175,16 +175,28 @@ resource "aws_security_group" "http" {
     ])
   }
 
+  # Insight Explorer
   ingress {
     from_port   = var.insight_port
     to_port     = var.insight_port
     protocol    = "tcp"
     description = "Insight Explorer"
 
-    cidr_blocks = flatten([
-      aws_subnet.public.*.cidr_block,
-      "${aws_eip.vpn[0].public_ip}/32",
-    ])
+    cidr_blocks = [
+      "0.0.0.0/0",
+    ]
+  }
+
+  # Insight Explorer HTTPS
+  ingress {
+    from_port   = var.insight_https_port
+    to_port     = var.insight_https_port
+    protocol    = "tcp"
+    description = "Insight Explorer HTTPS"
+
+    cidr_blocks = [
+      "0.0.0.0/0",
+    ]
   }
 
   tags = {
@@ -302,7 +314,7 @@ resource "aws_security_group" "hp_masternode" {
     description = "GroveDB visualizer"
 
     cidr_blocks = [
-      "10.0.0.0/16",
+      "0.0.0.0/0",
     ]
   }
 
@@ -422,8 +434,8 @@ resource "aws_security_group" "elb" {
 
   # Insight Explorer
   ingress {
-    from_port   = var.insight_port
-    to_port     = var.insight_port
+    from_port   = 80
+    to_port     = 80
     protocol    = "tcp"
     description = "Insight Explorer"
 

terraform/aws/variables.tf

@@ -18,22 +18,22 @@ variable "dashd_zmq_port" {
 
 variable "faucet_port" {
   description = "Faucet port"
-  default     = 80
+  default     = 3003
 }
 
 variable "faucet_https_port" {
   description = "Faucet HTTPS port"
-  default     = 443
+  default     = 3004
 }
 
 variable "insight_port" {
   description = "Insight port"
-  default     = 3001
+  default     = 80
 }
 
 variable "insight_https_port" {
   description = "Insight HTTPS port"
-  default     = 3002
+  default     = 443
 }
 
 variable "ssh_port" {
@@ -243,7 +243,7 @@ variable "load_test_instance_size" {
 
 variable "metrics_root_disk_size" {
   description = "Default disk size for load testing nodes"
-  default     = 20
+  default     = 40
 }
 
 variable "metrics_instance_type" {