diff --git a/docker-compose.base.yml b/docker-compose.base.yml new file mode 100644 index 00000000..a7a7c200 --- /dev/null +++ b/docker-compose.base.yml @@ -0,0 +1,100 @@ +version: '3.1' + +services: + +### WIREGUARD + + wireguard: + image: lscr.io/linuxserver/wireguard + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=$PUID + - PGID=$PGID + volumes: + - ./wireguard/config/wg0.conf:/config/wg0.conf + - /lib/modules:/lib/modules + # Expose prometheus port + expose: + - 9090 + ports: + - $SERVERPORT:$SERVERPORT/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped + + +### MONITORING + + prometheus: + image: prom/prometheus:v2.30.3 + container_name: prometheus + volumes: + - ./prometheus:/etc/prometheus + - prometheus_data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--storage.tsdb.retention.time=200h' + - '--web.enable-lifecycle' + restart: unless-stopped + network_mode: "service:wireguard" + labels: + org.label-schema.group: "monitoring" + depends_on: + - wireguard + + nodeexporter: + image: prom/node-exporter:v1.2.2 + container_name: nodeexporter + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + command: + - '--path.procfs=/host/proc' + - '--path.rootfs=/rootfs' + - '--path.sysfs=/host/sys' + - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + restart: unless-stopped + expose: + - 9100 + labels: + org.label-schema.group: "monitoring" + + cadvisor: + image: gcr.io/cadvisor/cadvisor:v0.42.0 + container_name: cadvisor + privileged: true + devices: + - /dev/kmsg:/dev/kmsg + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker:/var/lib/docker:ro + #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux + restart: unless-stopped + expose: + - 8080 + labels: + org.label-schema.group: "monitoring" + + pushgateway: + image: prom/pushgateway:v1.4.2 + container_name: pushgateway + restart: unless-stopped + expose: + - 9091 + labels: + org.label-schema.group: "monitoring" + +### VOLUMES + +volumes: + prometheus_data: + diff --git a/docker-compose.nodes.yml b/docker-compose.nodes.yml new file mode 100644 index 00000000..c8e2f994 --- /dev/null +++ b/docker-compose.nodes.yml @@ -0,0 +1,105 @@ +version: '3.1' + +services: + +### NODES + geth-goerli: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-goerli:/.goerli + command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3" + networks: + - $NET_POKT + + geth-rinkeby: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-rinkeby:/.rinkeby + command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + geth-ropsten: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-ropsten:/.ropsten + command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + geth-mainnet: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-mainnet:/.mainnet + command: "--http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + erigon-trace: + image: thorax/erigon + expose: + - "30303" + - "30304" + volumes: + - erigon-trace:/home/erigon/.local/share/erigon + command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 + networks: + - $NET_POKT + restart: unless-stopped + + rpcdaemon: + image: thorax/erigon:latest + command: rpcdaemon --datadir=/home/erigon/.local/share/erigon --private.api.addr=erigon:9090 --txpool.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net,trace --ws + pid: service:erigon-trace # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) + volumes: + - erigon-trace:/home/erigon/.local/share/erigon + expose: + - "8545" + restart: unless-stopped + depends_on: + - "erigon-trace" + networks: + - $NET_POKT + + avalanche: + image: avaplatform/avalanchego + expose: + - "8545" + - "8546" + - "30303" + volumes: + - avalanche:/root/.avalanche + command: "/avalanchego/build/avalanchego --http-host=" + networks: + - $NET_POKT + restart: unless-stopped + + +### VOLUMES + +volumes: + geth-goerli: + geth-rinkeby: + geth-ropsten: + geth-mainnet: + erigon-trace: + avalanche: diff --git a/docker-compose.pokt-mainnet.yml b/docker-compose.pokt-mainnet.yml new file mode 100644 index 00000000..47a3110b --- /dev/null +++ b/docker-compose.pokt-mainnet.yml @@ -0,0 +1,38 @@ +version: '3.1' + +services: + + pocket-mainnet: + image: poktnetwork/pocket-core:stagenet-latest + ports: + - "127.0.0.1:8081:8081" + - "127.0.0.1:26656:26656" + expose: + - 26656 + - 8081 + command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet + #command: pocket start --simulateRelay + environment: + - POCKET_CORE_KEY=$POCKET_CORE_KEY + - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE + - POCKET_SNAPSHOT=$POCKET_SNAPSHOT + volumes: + - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json + - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh + - pocket-mainnet:/home/app/.pocket + labels: + - "traefik.enable=true" + - "traefik.http.services.myservice.loadbalancer.server.port=8081" + - "traefik.http.routers.pocket-mainnet.rule=Host(`$DOMAIN`)" + - "traefik.http.routers.pocket-mainnet.entrypoints=websecure" + - "traefik.http.routers.pocket-mainnet.tls.certresolver=myresolver" + - "traefik.http.routers.pocket-mainnet.middlewares=auth" + restart: unless-stopped + + +### VOLUMES + +volumes: + pocket-mainnet: + + diff --git a/docker-compose.pokt-testnet.yml b/docker-compose.pokt-testnet.yml new file mode 100644 index 00000000..e6175277 --- /dev/null +++ b/docker-compose.pokt-testnet.yml @@ -0,0 +1,28 @@ +version: '3.1' + +services: + + pocket-testnet: + image: poktnetwork/pocket-core:stagenet-latest + ports: + - "127.0.0.1:8082:8081" + - "127.0.0.1:26657:26656" + expose: + - 26656 + - 8081 + command: pocket start --seeds=$POCKET_TEST_SEEDS --testnet + #command: pocket start --simulateRelay + environment: + - POCKET_CORE_KEY=$POCKET_CORE_KEY_TEST + - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE_TEST + volumes: + - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json + - pocket-testnet:/home/app/.pocket + restart: unless-stopped + +### VOLUMES + +volumes: + pocket-testnet: + + diff --git a/docker-compose.proxy.yml b/docker-compose.proxy.yml new file mode 100644 index 00000000..7df9766f --- /dev/null +++ b/docker-compose.proxy.yml @@ -0,0 +1,18 @@ +version: '3.1' + +services: + + haproxy: + image: haproxytech/haproxy-alpine:latest + ports: + - "80:80" + expose: + - 80 + environment: + - AUTH_HTTP=$AUTH_HTTP + - MAINNODE=$MAIN_NODE + volumes: + - ./haproxy/:/usr/local/etc/haproxy:ro + restart: unless-stopped + + diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml new file mode 100644 index 00000000..88724f1a --- /dev/null +++ b/docker-compose.traefik.yml @@ -0,0 +1,33 @@ +version: '3.1' + +services: + +### TRAEFIK +# Basic Auth not working. Problems with parsing var from .env + traefik: + image: traefik:latest + container_name: traefik + restart: always + ports: + - "443:443" + - "127.0.0.1:8080:8080" + command: + - "--api=true" + - "--api.insecure=true" + - "--api.dashboard=true" + - "--log.level=DEBUG" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + # TESTING + # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=$MAIL" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + volumes: + - "./traefik/letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" + diff --git a/haproxy/avalanche-healthcheck.sh b/haproxy/avalanche-healthcheck.sh new file mode 100644 index 00000000..211d2266 --- /dev/null +++ b/haproxy/avalanche-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/avalanche 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/avalanche 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/erigon-healthcheck.sh b/haproxy/erigon-healthcheck.sh new file mode 100644 index 00000000..22922204 --- /dev/null +++ b/haproxy/erigon-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/erigon 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/erigon 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/geth-healthcheck.sh b/haproxy/geth-healthcheck.sh new file mode 100644 index 00000000..08dcb292 --- /dev/null +++ b/haproxy/geth-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/geth 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/geth 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/goerli-healthcheck.sh b/haproxy/goerli-healthcheck.sh new file mode 100644 index 00000000..f8424bd1 --- /dev/null +++ b/haproxy/goerli-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/goerli 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/goerli 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg new file mode 100644 index 00000000..ffad8396 --- /dev/null +++ b/haproxy/haproxy.cfg @@ -0,0 +1,131 @@ +global + + nbproc 1 + nbthread 2 + cpu-map auto:1/1-2 0-1 + + log /dev/log local0 + log /dev/log local1 notice + #chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + external-check + +defaults + mode http + log global + option httplog + option http-keep-alive + option dontlognull + option redispatch + option contstats + retries 3 + backlog 10000 + timeout client 50s + timeout connect 5s + timeout server 50s + timeout tunnel 3600s + timeout http-keep-alive 2s + timeout http-request 15s + timeout queue 30s + timeout tarpit 60s + default-server inter 3s rise 2 fall 3 + option forwardfor + + +listen stats + bind *:9600 + stats enable + stats uri /stats + stats realm Haproxy\ Statistics + stats auth pocket:P@ssw0rd00! + + +frontend rpc-frontend + bind *:80 + acl host_is_erigon path_beg /erigon + acl host_is_goerli path_beg /goerli + acl host_is_avalanche path_beg /avalanche + acl host_is_ropsten path_beg /ropsten + acl host_is_geth path_beg /geth + acl host_is_rinkeby path_beg /rinkeby + + use_backend erigon if host_is_erigon + use_backend goerli if host_is_goerli + use_backend avalanche if host_is_avalanche + use_backend ropsten if host_is_ropsten + use_backend geth if host_is_geth + use_backend rinkeby if host_is_rinkeby + + default_backend backend-no-match + +backend backend-no-match + http-request deny deny_status 400 + +backend erigon + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/erigon-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend goerli + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/goerli-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend rinkeby + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/rinkeby-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend ropsten + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/ropsten-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend avalanche + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/avalanche-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend geth + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/geth-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + diff --git a/haproxy/rinkeby-healthcheck.sh b/haproxy/rinkeby-healthcheck.sh new file mode 100644 index 00000000..36154d02 --- /dev/null +++ b/haproxy/rinkeby-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/rinkeby 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/rinkeby 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/ropsten-healthcheck.sh b/haproxy/ropsten-healthcheck.sh new file mode 100644 index 00000000..14f10878 --- /dev/null +++ b/haproxy/ropsten-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/ropsten 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/ropsten 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0