From 4b24f7969feb4ac58513e1a61e27b5f50aa3a9a3 Mon Sep 17 00:00:00 2001 From: Claude Agent Date: Sun, 8 Feb 2026 17:03:13 +0000 Subject: [PATCH] Add generated immutable-zkevm compose files Co-Authored-By: Claude Opus 4.6 --- ...-zkevm-mainnet-geth-pruned-pebble-path.yml | 135 ++++++++++++++++++ ...-zkevm-testnet-geth-pruned-pebble-path.yml | 135 ++++++++++++++++++ 2 files changed, 270 insertions(+) create mode 100644 immutable-zkevm/geth/immutable-zkevm-mainnet-geth-pruned-pebble-path.yml create mode 100644 immutable-zkevm/geth/immutable-zkevm-testnet-geth-pruned-pebble-path.yml diff --git a/immutable-zkevm/geth/immutable-zkevm-mainnet-geth-pruned-pebble-path.yml b/immutable-zkevm/geth/immutable-zkevm-mainnet-geth-pruned-pebble-path.yml new file mode 100644 index 00000000..6d72b847 --- /dev/null +++ b/immutable-zkevm/geth/immutable-zkevm-mainnet-geth-pruned-pebble-path.yml @@ -0,0 +1,135 @@ +--- +x-logging-defaults: &logging-defaults + driver: json-file + options: + max-size: "10m" + max-file: "3" +# Immutable zkEVM public node mode. +# Public mode is permissionless and does not require VPN/WireGuard/static-IP allowlist. + +# Usage: +# +# mkdir rpc && cd rpc +# +# git init +# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git +# git fetch origin vibe +# git checkout origin/vibe +# +# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret +# +# env +# ... +# IP=$(curl ipinfo.io/ip) +# DOMAIN=${IP}.traefik.me +# COMPOSE_FILE=base.yml:rpc.yml:immutable-zkevm/geth/immutable-zkevm-mainnet-geth-pruned-pebble-path.yml +# +# docker compose up -d +# +# curl -X POST https://${IP}.traefik.me/immutable-zkevm-mainnet \ +# -H "Content-Type: application/json" \ +# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' + +services: + immutable-zkevm-mainnet: + image: ${IMMUTABLE_ZKEVM_GETH_IMAGE:-ghcr.io/immutable/go-ethereum/go-ethereum}:${IMMUTABLE_ZKEVM_MAINNET_GETH_VERSION:-latest} + sysctls: + # TCP Performance + net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle + net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache + net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers + net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers + net.core.somaxconn: 32768 # Higher connection queue + # Memory/Connection Management + # net.core.netdev_max_backlog: 50000 # Increase network buffer + net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests + net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets + ulimits: + nofile: 1048576 # Max open files (for RPC/WS connections) + user: root + expose: + - 8545 + - 6060 + environment: + - IMMUTABLE_ACCESS_MODE=public + - IMMUTABLE_BOOTSTRAP=true + - IMMUTABLE_CHAIN_ID=13371 + - IMMUTABLE_PUBLIC_RPC=https://rpc.immutable.com + entrypoint: /bin/sh -c '[ "${IMMUTABLE_BOOTSTRAP:-true}" != "false" ] && [ ! -d /mnt/geth/geth ] && geth immutable bootstrap rpc --zkevm mainnet --datadir /mnt/geth; exec geth "$@"' -- + command: + - --config=/etc/geth/mainnet-public.toml + - --datadir=/mnt/geth + - --disabletxpoolgossip + - --gossipdefault + - --http + - --http.addr=0.0.0.0 + - --http.port=8545 + - --metrics + - --metrics.addr=0.0.0.0 + - --metrics.port=6060 + - --rpcproxy + - --zkevm=mainnet + restart: unless-stopped + stop_grace_period: 5m + networks: + - chains + volumes: + - ${IMMUTABLE_ZKEVM_MAINNET_GETH_PRUNED_PEBBLE_PATH_DATA:-immutable-zkevm-mainnet-geth-pruned-pebble-path}:/mnt/geth + - /slowdisk:/slowdisk + logging: *logging-defaults + labels: + - prometheus-scrape.enabled=true + - prometheus-scrape.port=6060 + - prometheus-scrape.path=/debug/metrics/prometheus + - traefik.enable=true + - traefik.http.middlewares.immutable-zkevm-mainnet-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/immutable-zkevm-mainnet + - traefik.http.services.immutable-zkevm-mainnet-geth-pruned-pebble-path.loadbalancer.server.port=8545 + - ${NO_SSL:-traefik.http.routers.immutable-zkevm-mainnet-geth-pruned-pebble-path.entrypoints=websecure} + - ${NO_SSL:-traefik.http.routers.immutable-zkevm-mainnet-geth-pruned-pebble-path.tls.certresolver=myresolver} + - ${NO_SSL:-traefik.http.routers.immutable-zkevm-mainnet-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/immutable-zkevm-mainnet`) || Path(`/immutable-zkevm-mainnet/`))} + - ${NO_SSL:+traefik.http.routers.immutable-zkevm-mainnet-geth-pruned-pebble-path.rule=Path(`/immutable-zkevm-mainnet`) || Path(`/immutable-zkevm-mainnet/`)} + - traefik.http.routers.immutable-zkevm-mainnet-geth-pruned-pebble-path.middlewares=immutable-zkevm-mainnet-geth-pruned-pebble-path-stripprefix, ipallowlist + +volumes: + immutable-zkevm-mainnet-geth-pruned-pebble-path: + +x-upstreams: + - id: $${ID} + labels: + provider: $${PROVIDER} + connection: + generic: + rpc: + url: $${RPC_URL} + ws: + frameSize: 20Mb + msgSize: 50Mb + url: $${WS_URL} + chain: immutable-zkevm + method-groups: + enabled: + - debug + - filter + methods: + disabled: + # not compatible with path state scheme + - name: debug_traceBlockByHash + enabled: + - name: txpool_content # TODO: should be disabled for rollup nodes + # standard geth only + - name: debug_getRawBlock + - name: debug_getRawTransaction + - name: debug_getRawReceipts + - name: debug_getRawHeader + - name: debug_getBadBlocks + # non standard geth only slightly dangerous + - name: debug_intermediateRoots + - name: debug_dumpBlock + # standard geth and erigon + - name: debug_accountRange + - name: debug_getModifiedAccountsByNumber + - name: debug_getModifiedAccountsByHash + # non standard geth and erigon + - name: eth_getRawTransactionByHash + - name: eth_getRawTransactionByBlockHashAndIndex +... \ No newline at end of file diff --git a/immutable-zkevm/geth/immutable-zkevm-testnet-geth-pruned-pebble-path.yml b/immutable-zkevm/geth/immutable-zkevm-testnet-geth-pruned-pebble-path.yml new file mode 100644 index 00000000..8587951d --- /dev/null +++ b/immutable-zkevm/geth/immutable-zkevm-testnet-geth-pruned-pebble-path.yml @@ -0,0 +1,135 @@ +--- +x-logging-defaults: &logging-defaults + driver: json-file + options: + max-size: "10m" + max-file: "3" +# Immutable zkEVM public node mode. +# Public mode is permissionless and does not require VPN/WireGuard/static-IP allowlist. + +# Usage: +# +# mkdir rpc && cd rpc +# +# git init +# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git +# git fetch origin vibe +# git checkout origin/vibe +# +# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret +# +# env +# ... +# IP=$(curl ipinfo.io/ip) +# DOMAIN=${IP}.traefik.me +# COMPOSE_FILE=base.yml:rpc.yml:immutable-zkevm/geth/immutable-zkevm-testnet-geth-pruned-pebble-path.yml +# +# docker compose up -d +# +# curl -X POST https://${IP}.traefik.me/immutable-zkevm-testnet \ +# -H "Content-Type: application/json" \ +# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' + +services: + immutable-zkevm-testnet: + image: ${IMMUTABLE_ZKEVM_GETH_IMAGE:-ghcr.io/immutable/go-ethereum/go-ethereum}:${IMMUTABLE_ZKEVM_TESTNET_GETH_VERSION:-latest} + sysctls: + # TCP Performance + net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle + net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache + net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers + net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers + net.core.somaxconn: 32768 # Higher connection queue + # Memory/Connection Management + # net.core.netdev_max_backlog: 50000 # Increase network buffer + net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests + net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets + ulimits: + nofile: 1048576 # Max open files (for RPC/WS connections) + user: root + expose: + - 8545 + - 6060 + environment: + - IMMUTABLE_ACCESS_MODE=public + - IMMUTABLE_BOOTSTRAP=true + - IMMUTABLE_CHAIN_ID=13473 + - IMMUTABLE_PUBLIC_RPC=https://rpc.testnet.immutable.com + entrypoint: /bin/sh -c '[ "${IMMUTABLE_BOOTSTRAP:-true}" != "false" ] && [ ! -d /mnt/geth/geth ] && geth immutable bootstrap rpc --zkevm testnet --datadir /mnt/geth; exec geth "$@"' -- + command: + - --config=/etc/geth/testnet-public.toml + - --datadir=/mnt/geth + - --disabletxpoolgossip + - --gossipdefault + - --http + - --http.addr=0.0.0.0 + - --http.port=8545 + - --metrics + - --metrics.addr=0.0.0.0 + - --metrics.port=6060 + - --rpcproxy + - --zkevm=testnet + restart: unless-stopped + stop_grace_period: 5m + networks: + - chains + volumes: + - ${IMMUTABLE_ZKEVM_TESTNET_GETH_PRUNED_PEBBLE_PATH_DATA:-immutable-zkevm-testnet-geth-pruned-pebble-path}:/mnt/geth + - /slowdisk:/slowdisk + logging: *logging-defaults + labels: + - prometheus-scrape.enabled=true + - prometheus-scrape.port=6060 + - prometheus-scrape.path=/debug/metrics/prometheus + - traefik.enable=true + - traefik.http.middlewares.immutable-zkevm-testnet-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/immutable-zkevm-testnet + - traefik.http.services.immutable-zkevm-testnet-geth-pruned-pebble-path.loadbalancer.server.port=8545 + - ${NO_SSL:-traefik.http.routers.immutable-zkevm-testnet-geth-pruned-pebble-path.entrypoints=websecure} + - ${NO_SSL:-traefik.http.routers.immutable-zkevm-testnet-geth-pruned-pebble-path.tls.certresolver=myresolver} + - ${NO_SSL:-traefik.http.routers.immutable-zkevm-testnet-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/immutable-zkevm-testnet`) || Path(`/immutable-zkevm-testnet/`))} + - ${NO_SSL:+traefik.http.routers.immutable-zkevm-testnet-geth-pruned-pebble-path.rule=Path(`/immutable-zkevm-testnet`) || Path(`/immutable-zkevm-testnet/`)} + - traefik.http.routers.immutable-zkevm-testnet-geth-pruned-pebble-path.middlewares=immutable-zkevm-testnet-geth-pruned-pebble-path-stripprefix, ipallowlist + +volumes: + immutable-zkevm-testnet-geth-pruned-pebble-path: + +x-upstreams: + - id: $${ID} + labels: + provider: $${PROVIDER} + connection: + generic: + rpc: + url: $${RPC_URL} + ws: + frameSize: 20Mb + msgSize: 50Mb + url: $${WS_URL} + chain: immutable-zkevm-testnet + method-groups: + enabled: + - debug + - filter + methods: + disabled: + # not compatible with path state scheme + - name: debug_traceBlockByHash + enabled: + - name: txpool_content # TODO: should be disabled for rollup nodes + # standard geth only + - name: debug_getRawBlock + - name: debug_getRawTransaction + - name: debug_getRawReceipts + - name: debug_getRawHeader + - name: debug_getBadBlocks + # non standard geth only slightly dangerous + - name: debug_intermediateRoots + - name: debug_dumpBlock + # standard geth and erigon + - name: debug_accountRange + - name: debug_getModifiedAccountsByNumber + - name: debug_getModifiedAccountsByHash + # non standard geth and erigon + - name: eth_getRawTransactionByHash + - name: eth_getRawTransactionByBlockHashAndIndex +... \ No newline at end of file