d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
843cdbf71cc0551231e511d98cdd67a2932ef9d0
smom-dbis-138/docs/archive/status-reports/phase1/NSG_FIX_COMPLETE.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

2.4 KiB
Raw Blame History

NSG Fix Complete

Changes Applied

1. Removed Subnet NSG from Nginx Subnet

  • Subnet NSG association removed
  • Nginx subnet no longer has subnet-level NSG
  • Only NIC-level NSG remains

2. Removed P2P/RPC/Metrics Rules

  • Besu-specific rules removed from Nginx subnet NSG
  • Nginx subnet NSG now only has SSH rule (if any)
  • NIC NSG has correct rules (HTTP/HTTPS/SSH)

Configuration Changes

Terraform Variables Added

  1. subnet_nsg_enabled (bool, default: true)

    • Controls whether NSG is attached to subnet
    • Set to false for Nginx proxy subnet

  2. enable_besu_rules (bool, default: true)

    • Controls whether Besu-specific rules are created
    • Set to false for Nginx proxy subnet

Files Modified

  1. terraform/modules/networking-vm/main.tf

    • Conditional subnet NSG association
    • Dynamic Besu rules (P2P/RPC/Metrics)

  2. terraform/modules/networking-vm/variables.tf

    • Added subnet_nsg_enabled variable
    • Added enable_besu_rules variable

  3. terraform/phases/phase1/phase1-main.tf

    • Updated networking_admin module:
      • subnet_nsg_enabled = false
      • enable_besu_rules = false

Verification Results

Subnet NSG

  • Status: Detached from Nginx subnet
  • Before: Had wrong rules (P2P/RPC/Metrics)
  • After: Not attached (uses NIC-level NSG only)

NIC NSG

  • Status: Attached with correct rules
  • Rules: HTTP (80), HTTPS (443), SSH (22)
  • Outbound: Allowed to backend VMs

Port Accessibility

  • Port 80: Accessible
  • Port 443: Accessible
  • Cloudflare Tunnel: Working

Impact

Nginx Proxy

  • Cleaner configuration (single NSG)
  • Correct rules (HTTP/HTTPS/SSH only)
  • No unnecessary Besu rules

Besu Nodes

  • Unchanged (still have subnet NSG + Besu rules)
  • No impact on backend VMs

Next Steps

  1. Terraform Plan: Completed
  2. Terraform Apply: Completed
  3. Verification: Completed

Summary

The NSG configuration has been successfully updated:

  • Subnet NSG removed from Nginx subnet
  • P2P/RPC/Metrics rules removed
  • NIC NSG has correct rules
  • Ports 80 and 443 are accessible

Status: All Changes Applied Successfully

The Nginx proxy now uses only the NIC-level NSG with correct rules (HTTP/HTTPS/SSH), and the subnet NSG with unnecessary Besu rules has been removed.

Reference in New Issue View Git Blame Copy Permalink