added proxy traefik

added geth and nethermind nodes
2024-02-02 14:53:56 +01:00 · 2022-03-02 22:44:13 +10:00 · 2022-03-02 22:44:13 +10:00 · bac930fe51
commit bac930fe51
parent 57070c7ec3
11 changed files with 278 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,23 @@
-# rpc-nodes
+# rpc-nodes
+
+## 1. Start proxy (traefik)
+Create a shared network for running containers:
+```bash
+docker network create rpc-shared-network
+```
+
+Specify the domain name to be used and the email address for issuing the Let's Encrypt certificate in the `example.env` file. Rename `example.env` to `.env`:
+```
+mv example.env .env
+```
+
+Start proxy:
+```bash
+docker-compose up -d
+```
+
+## 2. Start blockchain node
+* Ethereum - [geth.md](/geth/geth.md)
+* Polygon - [bor.md](/bor/bor.md)
+* BSC - [bsc.md](/bsc/bsc.md)
+* Xdai - [nethermind.md](/nethermind/nethermind.md)
--- a/geth/.dockerignore
+++ b/geth/.dockerignore
@ -0,0 +1 @@
+./geth-data/
--- a/geth/docker-compose.yml
+++ b/geth/docker-compose.yml
@ -0,0 +1,83 @@
+version: "3.7"
+
+services:
+  geth-pruning:
+    image: ethereum/client-go:stable
+    container_name: geth-pruning
+    restart: always
+    env_file: .env
+    command: "snapshot prune-state"
+    volumes:
+      - ./geth-data:/root/.ethereum
+  geth:
+    image: ethereum/client-go:stable
+    container_name: geth
+    restart: always
+    env_file: .env
+    command:
+      - --maxpeers
+      - "50"
+      - --cache
+      - "10629"
+      - --port
+      - "${P2P_PORT}"
+      - --nat
+      - "any"
+      - --http
+      - --http.addr
+      - "0.0.0.0"
+      - --http.port
+      - "${HTTP_PORT}"
+      - --http.corsdomain=*
+      - --http.vhosts=*
+      - --http.api
+      - "eth,net,web3"
+      - --ws
+      - --ws.addr
+      - "0.0.0.0"
+      - --ws.port
+      - "${WS_PORT}"
+      - --ws.origins=*
+      - --ws.api
+      - "eth,net,web3"
+      - --rpc.gascap
+      - "0"
+      - --rpc.txfeecap
+      - "0"
+    ports:
+      # - ${HTTP_PORT}:${HTTP_PORT}
+      # - ${WS_PORT}:${WS_PORT}
+      - ${P2P_PORT}:${P2P_PORT}
+    volumes:
+      - ./geth-data:/root/.ethereum
+    stop_grace_period: 3m30s
+    stop_signal: SIGINT
+    healthcheck:
+      test: wget -nv -t1 --spider 'http://127.0.0.1:${HTTP_PORT}/' || exit 1
+      interval: 5s
+      timeout: 10s
+      retries: 3
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.geth-http.middlewares=geth-http-acl"
+      - "traefik.http.middlewares.geth-http.headers.customrequestheaders.Access-Control-Allow-Origin=*"
+      - "traefik.http.middlewares.geth-http-acl.ipwhitelist.sourcerange=127.0.0.1/32, ${ALLOW_FROM}"
+      - "traefik.http.routers.geth-http.service=geth-http"
+      - "traefik.http.routers.geth-http.rule=Host(`${DOMAIN}`) && Path(`/geth-http/`)"
+      - "traefik.http.routers.geth-http.entrypoints=websecure"
+      - "traefik.http.routers.geth-http.tls.certresolver=myresolver"
+      - "traefik.http.services.geth-http.loadbalancer.server.port=${HTTP_PORT}"
+      - "traefik.http.routers.geth-ws.middlewares=geth-ws-acl"
+      - "traefik.http.middlewares.geth-ws.headers.customrequestheaders.Access-Control-Allow-Origin=*"
+      - "traefik.http.middlewares.geth-ws-acl.ipwhitelist.sourcerange=127.0.0.1/32, ${ALLOW_FROM}"
+      - "traefik.http.routers.geth-ws.service=geth-ws"
+      - "traefik.http.routers.geth-ws.rule=Host(`${DOMAIN}`) && Path(`/geth-ws/`)"
+      - "traefik.http.routers.geth-ws.entrypoints=websecure"
+      - "traefik.http.routers.geth-ws.tls.certresolver=myresolver"
+      - "traefik.http.services.geth-ws.loadbalancer.server.port=${WS_PORT}"
+    networks:
+      - rpc
+
+networks:
+  rpc:
+    name: rpc-shared-network
--- a/geth/example.env
+++ b/geth/example.env
@ -0,0 +1,5 @@
+DOMAIN=domain.org
+P2P_PORT=30304
+HTTP_PORT=8545
+WS_PORT=8546
+ALLOW_FROM=0.0.0.0/0
--- a/geth/geth.md
+++ b/geth/geth.md
@ -0,0 +1,30 @@
+# Geth node
+
+## Requirements for Ethereum network
+* memory: 32Gb
+* disk: 1Tb SSD (if you periodically prune state)
+
+## Installation
+Set the domain name to be used in the `.env` file. You can also set a list of allowed IP addresses there. Rename `example.env` to `.env`:
+```
+mv example.env .env
+```
+
+Start node:
+```bash
+docker-compose up -d geth
+```
+
+## Upgrade
+```bash
+docker-compose pull
+docker-compose up -d geth
+```
+
+## Pruning
+```bash
+docker-compose down
+docker-compose up geth-pruning
+docker-compose down
+docker-compose up -d geth
+```
--- a/nethermind/.dockerignore
+++ b/nethermind/.dockerignore
@ -0,0 +1 @@
+./nethermind-data/
--- a/nethermind/docker-compose.yml
+++ b/nethermind/docker-compose.yml
@ -0,0 +1,72 @@
+version: "3.7"
+services:
+  nethermind:
+    image: nethermind/nethermind:latest
+    container_name: nethermind
+    restart: always
+    env_file: .env
+    stop_grace_period: 2m
+    ports:
+      # - ${HTTP_PORT}:${HTTP_PORT}
+      # - ${WS_PORT}:${WS_PORT}
+      - ${P2P_PORT}:${P2P_PORT}/tcp
+      - ${P2P_PORT}:${P2P_PORT}/udp
+    command:
+      - --datadir
+      - /var/lib/nethermind
+      - --Init.WebSocketsEnabled
+      - "true"
+      - --Network.DiscoveryPort
+      - "${P2P_PORT}"
+      - --Network.P2PPort
+      - "${P2P_PORT}"
+      - --JsonRpc.Enabled
+      - "true"
+      - --JsonRpc.EnabledModules
+      - "Web3,Eth,Subscribe,Net,Parity"
+      - --JsonRpc.Host
+      - "0.0.0.0"
+      - --JsonRpc.Port
+      - "${HTTP_PORT}"
+      - --JsonRpc.WebSocketsPort
+      - "${WS_PORT}"
+      - --Sync.FastSync
+      - "true"
+      - --config
+      - xdai
+      - --Pruning.Enabled
+      - "true"
+      - --Pruning.CacheMb
+      - "4096"
+      - --TxPool.Size
+      - "4096"
+      - --Sync.AncientBodiesBarrier
+      - "1"
+      - --Sync.AncientReceiptsBarrier
+      - "1"
+    volumes:
+      - ./nethermind-data:/var/lib/nethermind
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nm-http.middlewares=nm-http-acl"
+      - "traefik.http.middlewares.nm-http.headers.customrequestheaders.Access-Control-Allow-Origin=*"
+      - "traefik.http.middlewares.nm-http-acl.ipwhitelist.sourcerange=127.0.0.1/32, ${ALLOW_FROM}"
+      - "traefik.http.routers.nm-http.service=nm-http"
+      - "traefik.http.routers.nm-http.rule=Host(`${DOMAIN}`) && Path(`/nm-http/`)"
+      - "traefik.http.routers.nm-http.entrypoints=websecure"
+      - "traefik.http.routers.nm-http.tls.certresolver=myresolver"
+      - "traefik.http.services.nm-http.loadbalancer.server.port=${HTTP_PORT}"
+      - "traefik.http.routers.nm-ws.middlewares=nm-ws-acl"
+      - "traefik.http.middlewares.nm-ws.headers.customrequestheaders.Access-Control-Allow-Origin=*"
+      - "traefik.http.middlewares.nm-ws-acl.ipwhitelist.sourcerange=127.0.0.1/32, ${ALLOW_FROM}"
+      - "traefik.http.routers.nm-ws.service=nm-ws"
+      - "traefik.http.routers.nm-ws.rule=Host(`${DOMAIN}`) && Path(`/nm-ws/`)"
+      - "traefik.http.routers.nm-ws.entrypoints=websecure"
+      - "traefik.http.routers.nm-ws.tls.certresolver=myresolver"
+      - "traefik.http.services.nm-ws.loadbalancer.server.port=${WS_PORT}"
+    networks:
+      - rpc
+
+networks:
+  rpc:
+    name: rpc-shared-network
--- a/nethermind/example.env
+++ b/nethermind/example.env
@ -0,0 +1,5 @@
+DOMAIN=domain.org
+P2P_PORT=30303
+HTTP_PORT=8535
+WS_PORT=8536
+ALLOW_FROM=0.0.0.0/32
--- a/nethermind/nethermind.md
+++ b/nethermind/nethermind.md
@ -0,0 +1,22 @@
+# Nethermind node
+
+## Requirements for Xdai network
+* memory: 16Gb
+* disk: 200Gb SSD
+
+## Installation
+Set the domain name to be used in the `.env` file. You can also set a list of allowed IP addresses there. Rename `example.env` to `.env`:
+```
+mv example.env .env
+```
+
+Start node:
+```bash
+docker-compose up -d
+```
+
+## Upgrade
+```bash
+docker-compose pull
+docker-compose up -d
+```
--- a/proxy/docker-compose.yml
+++ b/proxy/docker-compose.yml
@ -0,0 +1,34 @@
+version: "3.7"
+
+services:
+  traefic:
+    image: traefik
+    restart: always
+    container_name: "traefik"
+    env_file: .env
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=${EMAIL}"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.websecure.http.tls=true"
+      - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
+      - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}"
+      - "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./letsencrypt:/letsencrypt
+    networks:
+      - rpc
+
+networks:
+  rpc:
+    name: rpc-shared-network
--- a/proxy/example.env
+++ b/proxy/example.env
@ -0,0 +1,2 @@
+EMAIL=email@mail.org
+DOMAIN=domain.org