diff --git a/bor/.dockerignore b/bor/.dockerignore new file mode 100644 index 0000000..8fc0fdd --- /dev/null +++ b/bor/.dockerignore @@ -0,0 +1,2 @@ +./bor-data/ +./heimdall-data/ \ No newline at end of file diff --git a/bor/Dockerfile.borbinary b/bor/Dockerfile.borbinary new file mode 100644 index 0000000..f06d5cc --- /dev/null +++ b/bor/Dockerfile.borbinary @@ -0,0 +1,26 @@ +ARG DOCKER_TAG + +FROM 0xpolygon/bor:${DOCKER_TAG} + +# Unused, this is here to avoid build time complaints +ARG BUILD_TARGET + +ARG USER=bor +ARG UID=10001 + +RUN apk add --no-cache ca-certificates bash tzdata su-exec aria2 + +# See https://stackoverflow.com/a/55757473/12429735RUN +RUN adduser \ + --disabled-password \ + --gecos "" \ + --shell "/sbin/nologin" \ + --uid "${UID}" \ + "${USER}" + +RUN mkdir -p /var/lib/bor && chown ${USER}:${USER} /var/lib/bor +COPY ./docker-entrypoint.sh /usr/local/bin/ + +USER ${USER} + +ENTRYPOINT ["bor"] diff --git a/bor/Dockerfile.borsource b/bor/Dockerfile.borsource new file mode 100644 index 0000000..402271d --- /dev/null +++ b/bor/Dockerfile.borsource @@ -0,0 +1,39 @@ +# Build Bor in a stock Go build container +FROM golang:1.17-alpine as builder + +# Unused, this is here to avoid build time complaints +ARG DOCKER_TAG + +ARG BUILD_TARGET + +RUN apk update && apk add --no-cache make gcc musl-dev linux-headers git bash + +WORKDIR /src +RUN bash -c "git clone https://github.com/maticnetwork/bor.git && cd bor && git config advice.detachedHead false && git fetch --all --tags && git checkout ${BUILD_TARGET} && make bor-all" + +# Pull all binaries into a second stage deploy container +FROM alpine:latest + +ARG USER=bor +ARG UID=10001 + +RUN apk add --no-cache ca-certificates bash tzdata su-exec + +# See https://stackoverflow.com/a/55757473/12429735RUN +RUN adduser \ + --disabled-password \ + --gecos "" \ + --shell "/sbin/nologin" \ + --uid "${UID}" \ + "${USER}" + +RUN mkdir -p /var/lib/bor && chown ${USER}:${USER} /var/lib/bor + +# Copy executable +COPY --from=builder /src/bor/build/bin/bor /usr/local/bin/ +COPY --from=builder /src/bor/build/bin/bootnode /usr/local/bin/ +COPY ./docker-entrypoint.sh /usr/local/bin/ + +USER ${USER} + +ENTRYPOINT ["bor"] diff --git a/bor/Dockerfile.heimdall b/bor/Dockerfile.heimdall new file mode 100644 index 0000000..2c6d040 --- /dev/null +++ b/bor/Dockerfile.heimdall @@ -0,0 +1,26 @@ +ARG DOCKER_TAG + +FROM 0xpolygon/heimdall:${DOCKER_TAG} + +RUN apk update && apk add ca-certificates bash tzdata wget su-exec aria2 curl + +ARG USER=heimdall +ARG UID=10000 + +# See https://stackoverflow.com/a/55757473/12429735RUN +RUN adduser \ + --disabled-password \ + --gecos "" \ + --shell "/sbin/nologin" \ + --uid "${UID}" \ + "${USER}" + +RUN mkdir -p /var/lib/heimdall && chown ${USER}:${USER} /var/lib/heimdall + +WORKDIR /var/lib/heimdall + +COPY ./docker-entrypoint-heimdalld.sh /usr/local/bin/docker-entrypoint.sh + +USER ${USER} + +CMD [ "/bin/sh", "-c", "# (nop)" \ No newline at end of file diff --git a/bor/bor.md b/bor/bor.md new file mode 100644 index 0000000..2d0c3eb --- /dev/null +++ b/bor/bor.md @@ -0,0 +1,38 @@ +# Bor node + +## Requirements for Polygon network +* memory: 64Gb (minimum) +* disk: 2Tb SSD (if you periodically prune state) + +## Installation +Set in the `.env` file: +* `DOMAIN=` - the domain name to be used in traefik; +* `HEIMDALL_ETH_RPC_URL=` - your Ethereum RPC. + +You can also set a list of allowed IP addresses there and addresses to treat as local. Rename `example.env` to `.env`: +``` +mv example.env .env +``` + +Start node: +```bash +docker-compose build +docker-compose up -d rabbitmq heimdalld heimdallr bor +``` + +## Upgrade +Periodically check for new versions. if there is a release, then you need to update the tag in the environment file. +```bash +docker-compose build +docker-compose pull +docker-compose up -d rabbitmq heimdalld heimdallr bor +``` + +## Pruning +Use it if the size is approaching 1.7Tb. At least 150 GB must be free for successful pruning. +```bash +docker-compose stop bor +docker-compose up prune-bor +docker-compose rm prune-bor +docker-compose up -d bor +``` \ No newline at end of file diff --git a/bor/docker-compose.yml b/bor/docker-compose.yml new file mode 100644 index 0000000..485792c --- /dev/null +++ b/bor/docker-compose.yml @@ -0,0 +1,186 @@ +version: "3.7" + +services: + rabbitmq: + image: rabbitmq:3-alpine + restart: unless-stopped + volumes: + - /etc/localtime:/etc/localtime:ro + expose: + - "5672/tcp" + networks: + - rpc + + heimdalld: + build: + context: . + dockerfile: Dockerfile.heimdall + args: + - DOCKER_TAG=${HEIMDALL_TAG} + image: heimdall:local + user: root + environment: + - HEIMDALL_CHAIN_ID=${HEIMDALL_CHAIN_ID} + - HEIMDALL_SNAPSHOT_FILE=${HEIMDALL_SNAPSHOT_FILE} + - HEIMDALL_GENESIS_URL=${HEIMDALL_GENESIS_URL} + - HEIMDALL_SEEDS=${HEIMDALL_SEEDS} + - HEIMDALL_BOR_RPC_URL=${HEIMDALL_BOR_RPC_URL} + - HEIMDALL_ETH_RPC_URL=${HEIMDALL_ETH_RPC_URL} + restart: unless-stopped + stop_grace_period: 2m + depends_on: + - rabbitmq + entrypoint: + - docker-entrypoint.sh + - heimdalld + - --home + - /var/lib/heimdall + - start + volumes: + - ./heimdall-data:/var/lib/heimdall + - /etc/localtime:/etc/localtime:ro + expose: + - "26657/tcp" + ports: + - "26656:26656" + networks: + - rpc + + heimdallr: + image: heimdall:local + restart: unless-stopped + stop_grace_period: 2m + depends_on: + - heimdalld + volumes: + - ./heimdall-data:/var/lib/heimdall + - /etc/localtime:/etc/localtime:ro + expose: + - "1317/tcp" + user: root + entrypoint: + - heimdalld + - --home + - /var/lib/heimdall + - rest-server + - --chain-id=137 + - --laddr=tcp://0.0.0.0:1317 + - --node=tcp://heimdalld:26657 + networks: + - rpc + + prune-bor: + image: bor:local + restart: "no" + stop_grace_period: 3m + user: root + volumes: + - ./bor-data:/var/lib/bor + - /etc/localtime:/etc/localtime:ro + entrypoint: + - bor + - --datadir + - /var/lib/bor/data + - snapshot + - prune-state + + bor: + image: bor:local + build: + context: . + dockerfile: ${BOR_DOCKER_FILE} + args: + - BUILD_TARGET=${BOR_SRC_TAG} + - DOCKER_TAG=${BOR_TAG} + restart: unless-stopped + stop_grace_period: 7m + user: root + environment: + - BOR_DIR=/var/lib/bor + - BOR_SETUP=${BOR_SETUP} + - BOR_GENESIS=${BOR_GENESIS} + - BOR_ARCHIVE_NODE_SNAPSHOT_FILE=${BOR_ARCHIVE_NODE_SNAPSHOT_FILE} + - BOR_FULL_NODE_SNAPSHOT_FILE=${BOR_FULL_NODE_SNAPSHOT_FILE} + - BOR_MODE=${BOR_MODE} + entrypoint: + - docker-entrypoint.sh + - bor + - --datadir + - /var/lib/bor/data + - --cache + - ${BOR_CACHE} + - --snapshot=false + - --gcmode + - ${BOR_MODE} + - --ws + - --ws.port + - ${BOR_WS_PORT} + - --ws.addr + - 0.0.0.0 + - --ws.origins=* + - --port + - ${BOR_P2P_PORT} + - --txpool.locals + - ${TX_LOCAL_ADDR} + - --txpool.globalslots + - "100000" + - --rpc.txfeecap + - "0" + - --txpool.accountslots + - "256" + - --bor.heimdall + - http://heimdallr:1317 + - --bootnodes + - "${BOR_BOOTNODES}" + - --syncmode + - "full" + - --txpool.accountqueue + - "64" + - --txpool.globalqueue + - "131072" + - --maxpeers + - "150" + - --http + - --http.addr + - 0.0.0.0 + - --http.vhosts=* + - --http.api + - eth,net,web3,txpool,bor + - --http.port + - ${BOR_RPC_PORT} + - --networkid + - ${BOR_CHAIN_ID} + - --ethstats + - ${BOR_NODE_ID}:mainnet@bor-mainnet.vitwit.com:3000 + volumes: + - ./bor-data:/var/lib/bor + - /etc/localtime:/etc/localtime:ro + ports: + # - ${BOR_RPC_PORT}:${BOR_RPC_PORT}/tcp + # - ${BOR_WS_PORT}:${BOR_WS_PORT}/tcp + - ${BOR_P2P_PORT}:${BOR_P2P_PORT}/tcp + - ${BOR_P2P_PORT}:${BOR_P2P_PORT}/udp + labels: + - "traefik.enable=true" + - "traefik.http.routers.bor-http.middlewares=bor-http-acl" + - "traefik.http.middlewares.bor-http.headers.customrequestheaders.Access-Control-Allow-Origin=*" + - "traefik.http.middlewares.bor-http-acl.ipwhitelist.sourcerange=127.0.0.1/32, ${ALLOW_FROM}" + - "traefik.http.routers.bor-http.service=bor-http" + - "traefik.http.routers.bor-http.rule=Host(`${DOMAIN}`) && Path(`/bor-http/`)" + - "traefik.http.routers.bor-http.entrypoints=websecure" + - "traefik.http.routers.bor-http.tls.certresolver=myresolver" + - "traefik.http.services.bor-http.loadbalancer.server.port=${BOR_RPC_PORT}" + - "traefik.http.routers.bor-ws.middlewares=bor-ws-acl" + - "traefik.http.middlewares.bor-ws.headers.customrequestheaders.Access-Control-Allow-Origin=*" + - "traefik.http.middlewares.bor-ws-acl.ipwhitelist.sourcerange=127.0.0.1/32, ${ALLOW_FROM}" + - "traefik.http.routers.bor-ws.service=bor-ws" + - "traefik.http.routers.bor-ws.rule=Host(`${DOMAIN}`) && Path(`/bor-ws/`)" + - "traefik.http.routers.bor-ws.entrypoints=websecure" + - "traefik.http.routers.bor-ws.tls.certresolver=myresolver" + - "traefik.http.services.bor-ws.loadbalancer.server.port=${BOR_WS_PORT}" + networks: + - rpc + +networks: + rpc: + name: rpc-shared-network \ No newline at end of file diff --git a/bor/docker-entrypoint-heimdalld.sh b/bor/docker-entrypoint-heimdalld.sh new file mode 100755 index 0000000..20121e7 --- /dev/null +++ b/bor/docker-entrypoint-heimdalld.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -Eeuo pipefail + +# allow the container to be started with `--user` +# If started as root, chown the `--datadir` and run heimdalld as heimdall +if [ "$(id -u)" = '0' ]; then + chown -R heimdall:heimdall /var/lib/heimdall + exec su-exec heimdall "$BASH_SOURCE" $@ +fi + +set -x + +if [ ! -f /var/lib/heimdall/config/config.toml ]; then + heimdalld init --home /var/lib/heimdall --chain-id ${HEIMDALL_CHAIN_ID} + wget -q -O - "${HEIMDALL_SNAPSHOT_FILE}" | tar xzvf - -C /var/lib/heimdall/data/ +fi +wget -O /var/lib/heimdall/config/genesis.json ${HEIMDALL_GENESIS_URL} -P /var/lib/heimdall/config +sed -i "/seeds =/c\seeds = \"${HEIMDALL_SEEDS}\"" /var/lib/heimdall/config/config.toml +sed -i '/26657/c\laddr = "tcp://0.0.0.0:26657"' /var/lib/heimdall/config/config.toml +sed -i "/bor_rpc_url/c\bor_rpc_url = \"${HEIMDALL_BOR_RPC_URL}\"" /var/lib/heimdall/config/heimdall-config.toml +sed -i "/eth_rpc_url/c\eth_rpc_url = \"${HEIMDALL_ETH_RPC_URL}\"" /var/lib/heimdall/config/heimdall-config.toml +sed -i '/amqp_url/c\amqp_url = "amqp://guest:guest@rabbitmq:5672"' /var/lib/heimdall/config/heimdall-config.toml + +exec $@ \ No newline at end of file diff --git a/bor/docker-entrypoint.sh b/bor/docker-entrypoint.sh new file mode 100755 index 0000000..40e8825 --- /dev/null +++ b/bor/docker-entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/bash +set -Eeuo pipefail + +# allow the container to be started with `--user` +# If started as root, chown the `--datadir` and run bor as bor +if [ "$(id -u)" = '0' ]; then + chown -R bor:bor /var/lib/bor + exec su-exec bor "$BASH_SOURCE" "$@" +fi + +set -x +cd /var/lib/bor +wget -O setup.sh ${BOR_SETUP} +sed -i '/^cp .\/static-nodes.json/d' setup.sh +sed -i '/^# set -x/c\set -x' setup.sh +wget -O genesis.json ${BOR_GENESIS} +chmod +x ./setup.sh +./setup.sh +if [ ! -f /var/lib/bor/setupdone ]; then + mkdir -p /var/lib/bor/snapshot + if [ ${BOR_MODE} == "archive" ]; then + aria2c -x5 ${BOR_ARCHIVE_NODE_SNAPSHOT_FILE} -d /var/lib/bor/snapshot/ -o borsnap.tgz --continue=true + else + aria2c -x5 ${BOR_FULL_NODE_SNAPSHOT_FILE} -d /var/lib/bor/snapshot/ -o borsnap.tgz --continue=true + fi + tar -xzf /var/lib/bor/snapshot/borsnap.tgz -C /var/lib/bor/data/bor/chaindata + touch /var/lib/bor/setupdone +fi + +exec "$@" diff --git a/bor/example.env b/bor/example.env new file mode 100644 index 0000000..d9f7146 --- /dev/null +++ b/bor/example.env @@ -0,0 +1,46 @@ +# Traefik +DOMAIN=domain.org +# Comma-separated list of IP/mask addresses to allow access. Replace 0.0.0.0/0 with your address +ALLOW_FROM=0.0.0.0/0 + +# Node +COMPOSE_FILE=docker-compose.yml +BOR_NODE_ID=COMPANY-mainnet-UNIQUEID +HEIMDALL_ETH_RPC_URL=http://MYETHNODECONTAINER:8545 +HEIMDALL_TAG=0.2.5 +BOR_TAG=0.2.14 +BOR_SRC_TAG=master +BOR_DOCKER_FILE=Dockerfile.borbinary +# Comma-separated list of addresses to treat as "local" +TX_LOCAL_ADDR=0x0000000000000000000000000000000000000000 +# This will auto-adjust down depending on system memory +BOR_CACHE=22000 +# Please see https://snapshots.matic.today/ +HEIMDALL_SNAPSHOT_FILE=https://matic-blockchain-snapshots.s3-accelerate.amazonaws.com/matic-mainnet/heimdall-snapshot-2022-02-27.tar.gz +BOR_FULL_NODE_SNAPSHOT_FILE=https://matic-blockchain-snapshots.s3-accelerate.amazonaws.com/matic-mainnet/bor-pruned-snapshot-2022-02-26.tar.gz +BOR_ARCHIVE_NODE_SNAPSHOT_FILE=https://matic-blockchain-snapshots.s3-accelerate.amazonaws.com/matic-mainnet/bor-archive-node-snapshot-2022-02-14.tar.gz + +# These likely do not need to be adjusted +HEIMDALL_CHAIN_ID=heimdall-137 +HEIMDALL_GENESIS_URL=https://raw.githubusercontent.com/maticnetwork/launch/master/mainnet-v1/sentry/sentry/heimdall/config/genesis.json +HEIMDALL_SEEDS=f4f605d60b8ffaaf15240564e58a81103510631c@159.203.9.164:26656,4fb1bc820088764a564d4f66bba1963d47d82329@44.232.55.71:26656,2eadba4be3ce47ac8db0a3538cb923b57b41c927@35.199.4.13:26656,ad7bc1c45641454893c74b50357a1bd87778bb50@52.60.36.93:26656,1dcd26af9c43a9dd2035a856d37f27fd035622c8@13.51.221.221:26656,41f9896eb6a62ec68becbf1d4925ececdb726eb7@13.53.160.124:26656,902484e868c6a4bace1bb3cf4b6ba1667561b158@18.228.218.160:26656,e55dc772c8ce63035fd1fb0261da4c369fa9cf6c@52.65.134.57:26656,ef4d1d8e88e767239491a407035411f30d36f026@3.105.225.123:26656,03632361e5e076fef14989fc119faae7cce4ae60@3.36.134.67:26656,afc41bd37d549186cec915c5a4feb3071871cdc1@18.228.98.237:26656 +HEIMDALL_BOR_RPC_URL=http://bor:8545 +HEIMDALL_START=https://raw.githubusercontent.com/maticnetwork/launch/master/docker/heimdall-startup.sh +BOR_SETUP=https://raw.githubusercontent.com/maticnetwork/launch/master/mainnet-v1/sentry/sentry/bor/setup.sh +BOR_GENESIS=https://raw.githubusercontent.com/maticnetwork/launch/master/mainnet-v1/sentry/validator/bor/genesis.json +BOR_BOOTNODES=enode://0cb82b395094ee4a2915e9714894627de9ed8498fb881cec6db7c65e8b9a5bd7f2f25cc84e71e89d0947e51c76e85d0847de848c7782b13c0255247a6758178c@44.232.55.71:30303,enode://88116f4295f5a31538ae409e4d44ad40d22e44ee9342869e7d68bdec55b0f83c1530355ce8b41fbec0928a7d75a5745d528450d30aec92066ab6ba1ee351d710@159.203.9.164:30303,enode://3178257cd1e1ab8f95eeb7cc45e28b6047a0432b2f9412cff1db9bb31426eac30edeb81fedc30b7cd3059f0902b5350f75d1b376d2c632e1b375af0553813e6f@35.221.13.28:30303,enode://16d9a28eadbd247a09ff53b7b1f22231f6deaf10b86d4b23924023aea49bfdd51465b36d79d29be46a5497a96151a1a1ea448f8a8666266284e004306b2afb6e@35.199.4.13:30303,enode://ef271e1c28382daa6ac2d1006dd1924356cfd843dbe88a7397d53396e0741ca1a8da0a113913dee52d9071f0ad8d39e3ce87aa81ebc190776432ee7ddc9d9470@35.230.116.151:30303 +BOR_MODE=full +BOR_CHAIN_ID=137 +BOR_P2P_PORT=30303 +BOR_RPC_PORT=8513 +BOR_WS_PORT=8613 + +# Unused but here for reference +BOR_START=https://raw.githubusercontent.com/maticnetwork/launch/master/mainnet-v1/sentry/sentry/bor/start.sh + +HEIMDALL_SEEDS=f4f605d60b8ffaaf15240564e58a81103510631c@159.203.9.164:26656,4fb1bc820088764a564d4f66bba1963d47d82329@44.232.55.71:26656,2eadba4be3ce47ac8db0a3538cb923b57b41c927@35.199.4.13:26656,ad7bc1c45641454893c74b50357a1bd87778bb50@52.60.36.93:26656,1dcd26af9c43a9dd2035a856d37f27fd035622c8@13.51.221.221:26656,41f9896eb6a62ec68becbf1d4925ececdb726eb7@13.53.160.124:26656,902484e868c6a4bace1bb3cf4b6ba1667561b158@18.228.218.160:26656,e55dc772c8ce63035fd1fb0261da4c369fa9cf6c@52.65.134.57:26656,ef4d1d8e88e767239491a407035411f30d36f026@3.105.225.123:26656,03632361e5e076fef14989fc119faae7cce4ae60@3.36.134.67:26656,afc41bd37d549186cec915c5a4feb3071871cdc1@18.228.98.237:26656 +HEIMDALL_BOR_RPC_URL=http://bor:8545 +HEIMDALL_START=https://raw.githubusercontent.com/maticnetwork/launch/master/docker/heimdall-startup.sh +BOR_SETUP=https://raw.githubusercontent.com/maticnetwork/launch/master/mainnet-v1/sentry/sentry/bor/setup.sh +BOR_GENESIS=https://raw.githubusercontent.com/maticnetwork/launch/master/mainnet-v1/sentry/validator/bor/genesis.json +BOR_BOOTNODES=enode://0cb82b395094ee4a2915e9714894627de9ed8498fb881cec6db7c65e8b9a5bd7f2f25cc84e71e89d0947e51c76e85d0847de848c7782b13c0255247a6758178c@44.232.55.71:30303,enode://88116f4295f5a31538ae409e4d44ad40d22e44ee9342869e7d68bdec55b0f83c1530355ce8b41fbec0928a7d75a5745d528450d30aec92066ab6ba1ee351d710@159.203.9.164:30303,enode://3178257cd1e1ab8f95eeb7cc45e28b6047a0432b2f9412cff1db9bb31426eac30edeb81fedc30b7cd3059f0902b5350f75d1b376d2c632e1b375af0553813e6f@35.221.13.28:30303,enode://16d9a28eadbd247a09ff53b7b1f22231f6deaf10b86d4b23924023aea49bfdd51465b36d79d29be46a5497a96151a1a1ea448f8a8666266284e004306b2afb6e@35.199.4.13:30303,enode://ef271e1c28382daa6ac2d1006dd1924356cfd843dbe88a7397d53396e0741ca1a8da0a113913dee52d9071f0ad8d39e3ce87aa81ebc190776432ee7ddc9d9470@35.230.116.151:30303 \ No newline at end of file