From 70f2768d09b0872e744aff9d0dd8337590a0d1a5 Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 15:47:00 +0100 Subject: [PATCH 1/9] split the monolytic dockerfile --- docker-compose.base.yml | 139 ++++++++++++++++ docker-compose.nodes.yml | 104 ++++++++++++ docker-compose.pokt-mainnet.yml | 40 +++++ docker-compose.pokt-testnet.yml | 30 ++++ docker-compose.yml | 287 -------------------------------- 5 files changed, 313 insertions(+), 287 deletions(-) create mode 100644 docker-compose.base.yml create mode 100644 docker-compose.nodes.yml create mode 100644 docker-compose.pokt-mainnet.yml create mode 100644 docker-compose.pokt-testnet.yml delete mode 100644 docker-compose.yml diff --git a/docker-compose.base.yml b/docker-compose.base.yml new file mode 100644 index 00000000..c3349689 --- /dev/null +++ b/docker-compose.base.yml @@ -0,0 +1,139 @@ +version: '3.1' + +services: + +### TRAEFIK +# Basic Auth not working. Problems with parsing var from .env + traefik: + image: traefik:latest + container_name: traefik + restart: always + ports: + - "443:443" + - "127.0.0.1:8080:8080" + networks: + - $NET_POKT + command: + - "--api=true" + - "--api.insecure=true" + - "--api.dashboard=true" + - "--log.level=DEBUG" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + # TESTING + # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=$MAIL" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + volumes: + - "./traefik/letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" + + +### WIREGUARD + + wireguard: + image: lscr.io/linuxserver/wireguard + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=$PUID + - PGID=$PGID + volumes: + - ./wireguard/config/wg0.conf:/config/wg0.conf + - /lib/modules:/lib/modules + # Expose prometheus port + expose: + - 9090 + ports: + - $SERVERPORT:$SERVERPORT/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped + + +### MONITORING + + prometheus: + image: prom/prometheus:v2.30.3 + container_name: prometheus + volumes: + - ./prometheus:/etc/prometheus + - prometheus_data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--storage.tsdb.retention.time=200h' + - '--web.enable-lifecycle' + restart: unless-stopped + network_mode: "service:wireguard" + labels: + org.label-schema.group: "monitoring" + depends_on: + - wireguard + + nodeexporter: + image: prom/node-exporter:v1.2.2 + container_name: nodeexporter + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + command: + - '--path.procfs=/host/proc' + - '--path.rootfs=/rootfs' + - '--path.sysfs=/host/sys' + - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + restart: unless-stopped + expose: + - 9100 + labels: + org.label-schema.group: "monitoring" + + cadvisor: + image: gcr.io/cadvisor/cadvisor:v0.42.0 + container_name: cadvisor + privileged: true + devices: + - /dev/kmsg:/dev/kmsg + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker:/var/lib/docker:ro + #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux + restart: unless-stopped + expose: + - 8080 + labels: + org.label-schema.group: "monitoring" + + pushgateway: + image: prom/pushgateway:v1.4.2 + container_name: pushgateway + restart: unless-stopped + expose: + - 9091 + labels: + org.label-schema.group: "monitoring" + +### VOLUMES + +volumes: + prometheus_data: + +### NETWORKS + +networks: + pocket: + driver: bridge + monitor-net: + driver: bridge diff --git a/docker-compose.nodes.yml b/docker-compose.nodes.yml new file mode 100644 index 00000000..781625c1 --- /dev/null +++ b/docker-compose.nodes.yml @@ -0,0 +1,104 @@ +version: '3.1' + +services: + +### NODES + geth-goerli: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-goerli:/.goerli + command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3" + networks: + - $NET_POKT + + geth-rinkeby: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-rinkeby:/.rinkeby + command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + geth-ropsten: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-ropsten:/.ropsten + command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + geth-mainnet: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-mainnet:/.mainnet + command: "--http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + erigon-trace: + image: thorax/erigon + expose: + - "30303" + - "30304" + volumes: + - erigon-trace:/home/erigon/.local/share/erigon + command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 + networks: + - $NET_POKT + restart: unless-stopped + + rpcdaemon: + image: thorax/erigon:latest + command: rpcdaemon --datadir=/home/erigon/.local/share/erigon --private.api.addr=erigon:9090 --txpool.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net,trace --ws + pid: service:erigon-trace # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) + volumes: + - erigon-trace:/home/erigon/.local/share/erigon + expose: + - "8545" + restart: unless-stopped + depends_on: + - "erigon-trace" + networks: + - $NET_POKT + + avalanche: + image: avaplatform/avalanchego + expose: + - "8545" + - "8546" + - "30303" + volumes: + - avalanche:/root/.avalanche + command: "/avalanchego/build/avalanchego --http-host=" + networks: + - $NET_POKT + restart: unless-stopped + +### VOLUMES + +volumes: + geth-goerli: + geth-rinkeby: + geth-ropsten: + geth-mainnet: + erigon-trace: + avalanche: diff --git a/docker-compose.pokt-mainnet.yml b/docker-compose.pokt-mainnet.yml new file mode 100644 index 00000000..f5292d77 --- /dev/null +++ b/docker-compose.pokt-mainnet.yml @@ -0,0 +1,40 @@ +version: '3.1' + +services: + + pocket-mainnet: + image: poktnetwork/pocket-core:stagenet-latest + ports: + - "127.0.0.1:8081:8081" + - "127.0.0.1:26656:26656" + expose: + - 26656 + - 8081 + #command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet + command: pocket start --simulateRelay + environment: + - POCKET_CORE_KEY=$POCKET_CORE_KEY + - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE + - POCKET_SNAPSHOT=$POCKET_SNAPSHOT + volumes: + - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json + - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh + - pocket-mainnet:/home/app/.pocket + networks: + - $NET_POKT + labels: + - "traefik.enable=true" + - "traefik.http.services.myservice.loadbalancer.server.port=8081" + - "traefik.http.routers.pocket-mainnet.rule=Host(`$DOMAIN`)" + - "traefik.http.routers.pocket-mainnet.entrypoints=websecure" + - "traefik.http.routers.pocket-mainnet.tls.certresolver=myresolver" + - "traefik.http.routers.pocket-mainnet.middlewares=auth" + restart: unless-stopped + + +### VOLUMES + +volumes: + pocket-mainnet: + + diff --git a/docker-compose.pokt-testnet.yml b/docker-compose.pokt-testnet.yml new file mode 100644 index 00000000..f484f5dc --- /dev/null +++ b/docker-compose.pokt-testnet.yml @@ -0,0 +1,30 @@ +version: '3.1' + +services: + + pocket-testnet: + image: poktnetwork/pocket-core:stagenet-latest + ports: + - "127.0.0.1:8082:8081" + - "127.0.0.1:26657:26656" + expose: + - 26656 + - 8081 + command: pocket start --seeds=$POCKET_TEST_SEEDS --testnet + #command: pocket start --simulateRelay + environment: + - POCKET_CORE_KEY=$POCKET_CORE_KEY_TEST + - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE_TEST + volumes: + - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json + - pocket-testnet:/home/app/.pocket + networks: + - $NET_POKT + restart: unless-stopped + +### VOLUMES + +volumes: + pocket-testnet: + + diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index fc7d1859..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,287 +0,0 @@ -version: '3.1' - -services: - -### TRAEFIK -# Basic Auth not working. Problems with parsing var from .env - traefik: - image: traefik:latest - container_name: traefik - restart: always - ports: - - "443:443" - - "127.0.0.1:8080:8080" - networks: - - $NET_POKT - command: - - "--api=true" - - "--api.insecure=true" - - "--api.dashboard=true" - - "--log.level=DEBUG" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - # TESTING - # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.email=$MAIL" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - volumes: - - "./traefik/letsencrypt:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" - -### NODES - geth-goerli: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-goerli:/.goerli - command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3" - networks: - - $NET_POKT - - geth-rinkeby: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-rinkeby:/.rinkeby - command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3" - networks: - - $NET_POKT - restart: unless-stopped - - geth-ropsten: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-ropsten:/.ropsten - command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3" - networks: - - $NET_POKT - restart: unless-stopped - - geth-mainnet: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-mainnet:/.mainnet - command: "--http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3" - networks: - - $NET_POKT - restart: unless-stopped - - erigon-trace: - image: thorax/erigon - expose: - - "30303" - - "30304" - volumes: - - erigon-trace:/home/erigon/.local/share/erigon - command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 - networks: - - $NET_POKT - restart: unless-stopped - - rpcdaemon: - image: thorax/erigon:latest - command: rpcdaemon --datadir=/home/erigon/.local/share/erigon --private.api.addr=erigon:9090 --txpool.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net,trace --ws - pid: service:erigon-trace # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) - volumes: - - erigon-trace:/home/erigon/.local/share/erigon - expose: - - "8545" - restart: unless-stopped - depends_on: - - "erigon-trace" - networks: - - $NET_POKT - - avalanche: - image: avaplatform/avalanchego - expose: - - "8545" - - "8546" - - "30303" - volumes: - - avalanche:/root/.avalanche - command: "/avalanchego/build/avalanchego --http-host=" - networks: - - $NET_POKT - restart: unless-stopped - - pocket-testnet: - image: poktnetwork/pocket-core:stagenet-latest - ports: - - "127.0.0.1:8082:8081" - - "127.0.0.1:26657:26656" - expose: - - 26656 - - 8081 - command: pocket start --seeds=$POCKET_TEST_SEEDS --testnet - #command: pocket start --simulateRelay - environment: - - POCKET_CORE_KEY=$POCKET_CORE_KEY_TEST - - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE_TEST - volumes: - - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json - - pocket-testnet:/home/app/.pocket - networks: - - $NET_POKT - restart: unless-stopped - - pocket-mainnet: - image: poktnetwork/pocket-core:stagenet-latest - ports: - - "127.0.0.1:8081:8081" - - "127.0.0.1:26656:26656" - expose: - - 26656 - - 8081 - #command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet - command: pocket start --simulateRelay - environment: - - POCKET_CORE_KEY=$POCKET_CORE_KEY - - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE - - POCKET_SNAPSHOT=$POCKET_SNAPSHOT - volumes: - - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json - - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh - - pocket-mainnet:/home/app/.pocket - networks: - - $NET_POKT - labels: - - "traefik.enable=true" - - "traefik.http.services.myservice.loadbalancer.server.port=8081" - - "traefik.http.routers.pocket-mainnet.rule=Host(`$DOMAIN`)" - - "traefik.http.routers.pocket-mainnet.entrypoints=websecure" - - "traefik.http.routers.pocket-mainnet.tls.certresolver=myresolver" - - "traefik.http.routers.pocket-mainnet.middlewares=auth" - restart: unless-stopped - - -### WIREGUARD - - wireguard: - image: lscr.io/linuxserver/wireguard - container_name: wireguard - cap_add: - - NET_ADMIN - - SYS_MODULE - environment: - - PUID=$PUID - - PGID=$PGID - volumes: - - ./wireguard/config/wg0.conf:/config/wg0.conf - - /lib/modules:/lib/modules - # Expose prometheus port - expose: - - 9090 - ports: - - $SERVERPORT:$SERVERPORT/udp - sysctls: - - net.ipv4.conf.all.src_valid_mark=1 - restart: unless-stopped - - -### MONITORING - - prometheus: - image: prom/prometheus:v2.30.3 - container_name: prometheus - volumes: - - ./prometheus:/etc/prometheus - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--web.console.libraries=/etc/prometheus/console_libraries' - - '--web.console.templates=/etc/prometheus/consoles' - - '--storage.tsdb.retention.time=200h' - - '--web.enable-lifecycle' - restart: unless-stopped - network_mode: "service:wireguard" - labels: - org.label-schema.group: "monitoring" - depends_on: - - wireguard - - nodeexporter: - image: prom/node-exporter:v1.2.2 - container_name: nodeexporter - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - restart: unless-stopped - expose: - - 9100 - labels: - org.label-schema.group: "monitoring" - - cadvisor: - image: gcr.io/cadvisor/cadvisor:v0.42.0 - container_name: cadvisor - privileged: true - devices: - - /dev/kmsg:/dev/kmsg - volumes: - - /:/rootfs:ro - - /var/run:/var/run:ro - - /sys:/sys:ro - - /var/lib/docker:/var/lib/docker:ro - #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux - restart: unless-stopped - expose: - - 8080 - labels: - org.label-schema.group: "monitoring" - - pushgateway: - image: prom/pushgateway:v1.4.2 - container_name: pushgateway - restart: unless-stopped - expose: - - 9091 - labels: - org.label-schema.group: "monitoring" - -### VOLUMES - -volumes: - geth-goerli: - geth-rinkeby: - geth-ropsten: - geth-mainnet: - erigon-trace: - avalanche: - pocket-testnet: - pocket-mainnet: - prometheus_data: - -### NETWORKS - -networks: - pocket: - driver: bridge - monitor-net: - driver: bridge From f62de076535454338502e686126b0a8e8ad54f5f Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 16:32:55 +0100 Subject: [PATCH 2/9] added haproxy --- docker-compose.proxy.yml | 19 +++++++++ haproxy/eth-healthcheck.sh | 25 ++++++++++++ haproxy/eth-healthcheck.sh~ | 25 ++++++++++++ haproxy/haproxy.cfg | 68 +++++++++++++++++++++++++++++++ haproxy/haproxy.cfg~ | 80 +++++++++++++++++++++++++++++++++++++ 5 files changed, 217 insertions(+) create mode 100644 docker-compose.proxy.yml create mode 100644 haproxy/eth-healthcheck.sh create mode 100644 haproxy/eth-healthcheck.sh~ create mode 100644 haproxy/haproxy.cfg create mode 100644 haproxy/haproxy.cfg~ diff --git a/docker-compose.proxy.yml b/docker-compose.proxy.yml new file mode 100644 index 00000000..67f70a04 --- /dev/null +++ b/docker-compose.proxy.yml @@ -0,0 +1,19 @@ +version: '3.1' + +services: + + haproxy: + image: haproxytech/haproxy-alpine:latest + ports: + - "80:80" + expose: + - 80 + environment: + - AUTH_HTTP=$AUTH_HTTP + volumes: + - ./haproxy/:/usr/local/etc/haproxy:ro + networks: + - $NET_POKT + restart: unless-stopped + + diff --git a/haproxy/eth-healthcheck.sh b/haproxy/eth-healthcheck.sh new file mode 100644 index 00000000..e3413d66 --- /dev/null +++ b/haproxy/eth-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/eth-healthcheck.sh~ b/haproxy/eth-healthcheck.sh~ new file mode 100644 index 00000000..c8727d81 --- /dev/null +++ b/haproxy/eth-healthcheck.sh~ @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg new file mode 100644 index 00000000..9572390a --- /dev/null +++ b/haproxy/haproxy.cfg @@ -0,0 +1,68 @@ +global + + nbproc 1 + nbthread 2 + cpu-map auto:1/1-2 0-1 + + log /dev/log local0 + log /dev/log local1 notice + #chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + external-check + +defaults + mode http + log global + option httplog + option http-keep-alive + option dontlognull + option redispatch + option contstats + retries 3 + backlog 10000 + timeout client 50s + timeout connect 5s + timeout server 50s + timeout tunnel 3600s + timeout http-keep-alive 2s + timeout http-request 15s + timeout queue 30s + timeout tarpit 60s + default-server inter 3s rise 2 fall 3 + option forwardfor + + +listen stats + bind *:9600 + stats enable + stats uri /stats + stats realm Haproxy\ Statistics + stats auth pocket:P@ssw0rd00! + + +frontend rpc-frontend + bind *:80 + acl host_is_erigon path_beg /erigon + acl host_is_goerli path_beg /goerli + acl host_is_avalanche path_beg /avalanche + acl host_is_ropsten path_beg /ropsten + acl host_is_geth path_beg /geth + acl host_is_rinkeby path_beg /rinkeby + + use_backend default-cluster if host_is_erigon OR host_is_goerli OR host_is_avalanche OR host_is_ropsten OR host_is_geth OR host_is_rinkeby + default_backend backend-no-match + +backend backend-no-match + http-request deny deny_status 400 + +backend default-cluster + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/eth-healthcheck.sh + + #server 157.90.90.23 157.90.90.23:80 check inter 10000 fall 3 rise 2 maxconn 2000 diff --git a/haproxy/haproxy.cfg~ b/haproxy/haproxy.cfg~ new file mode 100644 index 00000000..3b1be603 --- /dev/null +++ b/haproxy/haproxy.cfg~ @@ -0,0 +1,80 @@ +global + + nbproc 1 + nbthread 2 + cpu-map auto:1/1-2 0-1 + + log /dev/log local0 + log /dev/log local1 notice + #chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + external-check + +defaults + mode http + log global + option httplog + option http-keep-alive + option dontlognull + option redispatch + option contstats + retries 3 + backlog 10000 + timeout client 50s + timeout connect 5s + timeout server 50s + timeout tunnel 3600s + timeout http-keep-alive 2s + timeout http-request 15s + timeout queue 30s + timeout tarpit 60s + default-server inter 3s rise 2 fall 3 + option forwardfor + + # +listen stats + bind *:9600 + stats enable + stats uri /stats + stats realm Haproxy\ Statistics + stats auth pocket:P@ssw0rd00! + +frontend eth-frontend + bind 0.0.0.0:80 + acl network_allowed src 178.63.240.5/32 65.21.146.185/32 51.89.64.105/32 157.90.16.143/32 5.2.147.185/32 88.99.249.251/32 135.181.73.218/32 95.217.16.102/32 178.170.47.16/32 178.170.42.130/32 203. +86.232.156/32 49.12.165.122/32 162.55.165.32/32 148.251.194.119/32 + acl is_oe-lb-ext hdr(host) -i oe-lb-ext.easy2stake.com + acl is_tg-lb-ext hdr(host) -i tg-lb-ext.easy2stake.com + use_backend oe-nodes if is_oe-lb-ext network_allowed + #use_backend tg-nodes if is_tg-lb-ext network_allowed + default_backend backend-no-match + +backend backend-no-match + http-request deny deny_status 400 + + +backend oe-nodes + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /var/lib/haproxy/eth-healthcheck.sh + + server 157.90.90.29 157.90.90.29:8545 check inter 10000 fall 3 rise 2 maxconn 2000 + server 162.55.4.245 162.55.4.245:8545 check inter 10000 fall 3 rise 2 maxconn 2000 + #server 65.21.76.113 65.21.76.113:8545 check inter 10000 fall 3 rise 2 maxconn 2000 + +#backend tg-nodes +# mode http +# balance roundrobin +# +# option external-check +# external-check path "/usr/bin:/bin" +# external-check command /var/lib/haproxy/eth-healthcheck.sh +# +# server 135.181.5.147 135.181.5.147:9656 check inter 10000 fall 3 rise 2 maxconn 2000 +# server 176.9.147.47 176.9.147.47:9656 check inter 10000 fall 3 rise 2 maxconn 2000 +# server 168.119.64.26 168.119.64.26:9656 check inter 10000 fall 3 rise 2 maxconn 2000 \ No newline at end of file From 537025b568350084985fc06f99801e963cd35d1b Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 16:33:47 +0100 Subject: [PATCH 3/9] remove the temp files again --- haproxy/eth-healthcheck.sh~ | 25 ------------ haproxy/haproxy.cfg~ | 80 ------------------------------------- 2 files changed, 105 deletions(-) delete mode 100644 haproxy/eth-healthcheck.sh~ delete mode 100644 haproxy/haproxy.cfg~ diff --git a/haproxy/eth-healthcheck.sh~ b/haproxy/eth-healthcheck.sh~ deleted file mode 100644 index c8727d81..00000000 --- a/haproxy/eth-healthcheck.sh~ +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# $1 = Virtual Service IP (VIP) -# $2 = Virtual Service Port (VPT) -# $3 = Real Server IP (RIP) -# $4 = Real Server Port (RPT) -# $5 = Check Source IP - -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -VIP=$1 -VPT=$2 -RIP=$3 -RPT=$4 -# RPT=8545 - -# Run curl with appropriate options -curl -s -X POST -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r | grep -q false -exit1=$? - -peers=$(curl -s -X POST -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r) - -# If any of the above tests failed, then exit 1. -if [[ "$exit1" -ne 0 ]]; then exit 1; fi -if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi -exit 0 diff --git a/haproxy/haproxy.cfg~ b/haproxy/haproxy.cfg~ deleted file mode 100644 index 3b1be603..00000000 --- a/haproxy/haproxy.cfg~ +++ /dev/null @@ -1,80 +0,0 @@ -global - - nbproc 1 - nbthread 2 - cpu-map auto:1/1-2 0-1 - - log /dev/log local0 - log /dev/log local1 notice - #chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - external-check - -defaults - mode http - log global - option httplog - option http-keep-alive - option dontlognull - option redispatch - option contstats - retries 3 - backlog 10000 - timeout client 50s - timeout connect 5s - timeout server 50s - timeout tunnel 3600s - timeout http-keep-alive 2s - timeout http-request 15s - timeout queue 30s - timeout tarpit 60s - default-server inter 3s rise 2 fall 3 - option forwardfor - - # -listen stats - bind *:9600 - stats enable - stats uri /stats - stats realm Haproxy\ Statistics - stats auth pocket:P@ssw0rd00! - -frontend eth-frontend - bind 0.0.0.0:80 - acl network_allowed src 178.63.240.5/32 65.21.146.185/32 51.89.64.105/32 157.90.16.143/32 5.2.147.185/32 88.99.249.251/32 135.181.73.218/32 95.217.16.102/32 178.170.47.16/32 178.170.42.130/32 203. -86.232.156/32 49.12.165.122/32 162.55.165.32/32 148.251.194.119/32 - acl is_oe-lb-ext hdr(host) -i oe-lb-ext.easy2stake.com - acl is_tg-lb-ext hdr(host) -i tg-lb-ext.easy2stake.com - use_backend oe-nodes if is_oe-lb-ext network_allowed - #use_backend tg-nodes if is_tg-lb-ext network_allowed - default_backend backend-no-match - -backend backend-no-match - http-request deny deny_status 400 - - -backend oe-nodes - mode http - balance roundrobin - - option external-check - external-check path "/usr/bin:/bin" - external-check command /var/lib/haproxy/eth-healthcheck.sh - - server 157.90.90.29 157.90.90.29:8545 check inter 10000 fall 3 rise 2 maxconn 2000 - server 162.55.4.245 162.55.4.245:8545 check inter 10000 fall 3 rise 2 maxconn 2000 - #server 65.21.76.113 65.21.76.113:8545 check inter 10000 fall 3 rise 2 maxconn 2000 - -#backend tg-nodes -# mode http -# balance roundrobin -# -# option external-check -# external-check path "/usr/bin:/bin" -# external-check command /var/lib/haproxy/eth-healthcheck.sh -# -# server 135.181.5.147 135.181.5.147:9656 check inter 10000 fall 3 rise 2 maxconn 2000 -# server 176.9.147.47 176.9.147.47:9656 check inter 10000 fall 3 rise 2 maxconn 2000 -# server 168.119.64.26 168.119.64.26:9656 check inter 10000 fall 3 rise 2 maxconn 2000 \ No newline at end of file From 3ea29ec695eadb02d91700c66317a75f1b2565e7 Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 17:04:42 +0100 Subject: [PATCH 4/9] fix heathcheck and add variable for backend node --- haproxy/avalanche-healthcheck.sh | 25 +++++++++++++++++++ haproxy/erigon-healthcheck.sh | 25 +++++++++++++++++++ ...eth-healthcheck.sh => geth-healthcheck.sh} | 4 +-- haproxy/rinkeby-healthcheck.sh | 25 +++++++++++++++++++ haproxy/ropsten-healthcheck.sh | 25 +++++++++++++++++++ 5 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 haproxy/avalanche-healthcheck.sh create mode 100644 haproxy/erigon-healthcheck.sh rename haproxy/{eth-healthcheck.sh => geth-healthcheck.sh} (83%) create mode 100644 haproxy/rinkeby-healthcheck.sh create mode 100644 haproxy/ropsten-healthcheck.sh diff --git a/haproxy/avalanche-healthcheck.sh b/haproxy/avalanche-healthcheck.sh new file mode 100644 index 00000000..211d2266 --- /dev/null +++ b/haproxy/avalanche-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/avalanche 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/avalanche 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/erigon-healthcheck.sh b/haproxy/erigon-healthcheck.sh new file mode 100644 index 00000000..22922204 --- /dev/null +++ b/haproxy/erigon-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/erigon 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/erigon 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/eth-healthcheck.sh b/haproxy/geth-healthcheck.sh similarity index 83% rename from haproxy/eth-healthcheck.sh rename to haproxy/geth-healthcheck.sh index e3413d66..08dcb292 100644 --- a/haproxy/eth-healthcheck.sh +++ b/haproxy/geth-healthcheck.sh @@ -14,10 +14,10 @@ RPT=$4 # RPT=8545 # Run curl with appropriate options -curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r | grep -q false +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/geth 2>/dev/null | jq '.result' -r | grep -q false exit1=$? -peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT 2>/dev/null | jq '.result' -r) +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/geth 2>/dev/null | jq '.result' -r) # If any of the above tests failed, then exit 1. if [[ "$exit1" -ne 0 ]]; then exit 1; fi diff --git a/haproxy/rinkeby-healthcheck.sh b/haproxy/rinkeby-healthcheck.sh new file mode 100644 index 00000000..36154d02 --- /dev/null +++ b/haproxy/rinkeby-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/rinkeby 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/rinkeby 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 diff --git a/haproxy/ropsten-healthcheck.sh b/haproxy/ropsten-healthcheck.sh new file mode 100644 index 00000000..14f10878 --- /dev/null +++ b/haproxy/ropsten-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/ropsten 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/ropsten 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 From d3eaad53729ff7e22a6540a39e508dfcbdaa00ca Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 17:13:47 +0100 Subject: [PATCH 5/9] move traefik to separate compose file --- docker-compose.traefik.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 docker-compose.traefik.yml diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml new file mode 100644 index 00000000..5642d5d3 --- /dev/null +++ b/docker-compose.traefik.yml @@ -0,0 +1,35 @@ +version: '3.1' + +services: + +### TRAEFIK +# Basic Auth not working. Problems with parsing var from .env + traefik: + image: traefik:latest + container_name: traefik + restart: always + ports: + - "443:443" + - "127.0.0.1:8080:8080" + networks: + - $NET_POKT + command: + - "--api=true" + - "--api.insecure=true" + - "--api.dashboard=true" + - "--log.level=DEBUG" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + # TESTING + # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=$MAIL" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + volumes: + - "./traefik/letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" + From 6ec0104ebad26d7c05c480e47f9243387480feea Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 17:16:02 +0100 Subject: [PATCH 6/9] jo --- docker-compose.base.yml | 34 +------------------ docker-compose.nodes.yml | 1 + docker-compose.proxy.yml | 3 +- haproxy/haproxy.cfg | 71 +++++++++++++++++++++++++++++++++++++--- 4 files changed, 70 insertions(+), 39 deletions(-) diff --git a/docker-compose.base.yml b/docker-compose.base.yml index c3349689..0fc76c9a 100644 --- a/docker-compose.base.yml +++ b/docker-compose.base.yml @@ -2,38 +2,6 @@ version: '3.1' services: -### TRAEFIK -# Basic Auth not working. Problems with parsing var from .env - traefik: - image: traefik:latest - container_name: traefik - restart: always - ports: - - "443:443" - - "127.0.0.1:8080:8080" - networks: - - $NET_POKT - command: - - "--api=true" - - "--api.insecure=true" - - "--api.dashboard=true" - - "--log.level=DEBUG" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - # TESTING - # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.email=$MAIL" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - volumes: - - "./traefik/letsencrypt:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" - - ### WIREGUARD wireguard: @@ -56,7 +24,7 @@ services: sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped - + ### MONITORING diff --git a/docker-compose.nodes.yml b/docker-compose.nodes.yml index 781625c1..c8e2f994 100644 --- a/docker-compose.nodes.yml +++ b/docker-compose.nodes.yml @@ -93,6 +93,7 @@ services: - $NET_POKT restart: unless-stopped + ### VOLUMES volumes: diff --git a/docker-compose.proxy.yml b/docker-compose.proxy.yml index 67f70a04..7df9766f 100644 --- a/docker-compose.proxy.yml +++ b/docker-compose.proxy.yml @@ -10,10 +10,9 @@ services: - 80 environment: - AUTH_HTTP=$AUTH_HTTP + - MAINNODE=$MAIN_NODE volumes: - ./haproxy/:/usr/local/etc/haproxy:ro - networks: - - $NET_POKT restart: unless-stopped diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index 9572390a..ffad8396 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -51,18 +51,81 @@ frontend rpc-frontend acl host_is_geth path_beg /geth acl host_is_rinkeby path_beg /rinkeby - use_backend default-cluster if host_is_erigon OR host_is_goerli OR host_is_avalanche OR host_is_ropsten OR host_is_geth OR host_is_rinkeby + use_backend erigon if host_is_erigon + use_backend goerli if host_is_goerli + use_backend avalanche if host_is_avalanche + use_backend ropsten if host_is_ropsten + use_backend geth if host_is_geth + use_backend rinkeby if host_is_rinkeby + default_backend backend-no-match backend backend-no-match http-request deny deny_status 400 -backend default-cluster +backend erigon mode http balance roundrobin option external-check external-check path "/usr/bin:/bin" - external-check command /usr/local/etc/eth-healthcheck.sh + external-check command /usr/local/etc/erigon-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend goerli + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/goerli-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend rinkeby + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/rinkeby-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend ropsten + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/ropsten-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend avalanche + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/avalanche-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + + +backend geth + mode http + balance roundrobin + + option external-check + external-check path "/usr/bin:/bin" + external-check command /usr/local/etc/geth-healthcheck.sh + + server %[env(MAINNODE)] %[env(MAINNODE)]:80 check inter 10000 fall 3 rise 2 maxconn 2000 + - #server 157.90.90.23 157.90.90.23:80 check inter 10000 fall 3 rise 2 maxconn 2000 From b0e5399a089e0b4b5880bc05843cd251bd5510e1 Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 17:18:00 +0100 Subject: [PATCH 7/9] let's go --- haproxy/goerli-healthcheck.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 haproxy/goerli-healthcheck.sh diff --git a/haproxy/goerli-healthcheck.sh b/haproxy/goerli-healthcheck.sh new file mode 100644 index 00000000..f8424bd1 --- /dev/null +++ b/haproxy/goerli-healthcheck.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# $1 = Virtual Service IP (VIP) +# $2 = Virtual Service Port (VPT) +# $3 = Real Server IP (RIP) +# $4 = Real Server Port (RPT) +# $5 = Check Source IP + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +VIP=$1 +VPT=$2 +RIP=$3 +RPT=$4 +# RPT=8545 + +# Run curl with appropriate options +curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"eth_syncing","params": [],"id":1}' http://$RIP:$RPT/goerli 2>/dev/null | jq '.result' -r | grep -q false +exit1=$? + +peers=$(curl -s -X POST -u ${AUTH_HTTP} -H "Content-Type: application/json" -m 2 -d '{"jsonrpc":"2.0","method":"net_peerCount","params": [],"id":1}' http://$RIP:$RPT/goerli 2>/dev/null | jq '.result' -r) + +# If any of the above tests failed, then exit 1. +if [[ "$exit1" -ne 0 ]]; then exit 1; fi +if [[ `printf "%d" $peers` == "0" || `printf "%d" $peers` == "1" ]]; then exit 1; fi +exit 0 From a0fae6a3719e6a5201f801d37f2c56bf92f82298 Mon Sep 17 00:00:00 2001 From: cventastic Date: Mon, 27 Dec 2021 10:37:16 +0100 Subject: [PATCH 8/9] removed networks --- docker-compose.base.yml | 7 ------- docker-compose.pokt-mainnet.yml | 2 -- docker-compose.pokt-testnet.yml | 2 -- docker-compose.traefik.yml | 2 -- 4 files changed, 13 deletions(-) diff --git a/docker-compose.base.yml b/docker-compose.base.yml index 0fc76c9a..a7a7c200 100644 --- a/docker-compose.base.yml +++ b/docker-compose.base.yml @@ -98,10 +98,3 @@ services: volumes: prometheus_data: -### NETWORKS - -networks: - pocket: - driver: bridge - monitor-net: - driver: bridge diff --git a/docker-compose.pokt-mainnet.yml b/docker-compose.pokt-mainnet.yml index f5292d77..070b7da2 100644 --- a/docker-compose.pokt-mainnet.yml +++ b/docker-compose.pokt-mainnet.yml @@ -20,8 +20,6 @@ services: - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh - pocket-mainnet:/home/app/.pocket - networks: - - $NET_POKT labels: - "traefik.enable=true" - "traefik.http.services.myservice.loadbalancer.server.port=8081" diff --git a/docker-compose.pokt-testnet.yml b/docker-compose.pokt-testnet.yml index f484f5dc..e6175277 100644 --- a/docker-compose.pokt-testnet.yml +++ b/docker-compose.pokt-testnet.yml @@ -18,8 +18,6 @@ services: volumes: - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json - pocket-testnet:/home/app/.pocket - networks: - - $NET_POKT restart: unless-stopped ### VOLUMES diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml index 5642d5d3..88724f1a 100644 --- a/docker-compose.traefik.yml +++ b/docker-compose.traefik.yml @@ -11,8 +11,6 @@ services: ports: - "443:443" - "127.0.0.1:8080:8080" - networks: - - $NET_POKT command: - "--api=true" - "--api.insecure=true" From 1c5a175f3ef19a9e1d0bbd619bd44e9474af8ad8 Mon Sep 17 00:00:00 2001 From: cventastic Date: Mon, 27 Dec 2021 10:38:12 +0100 Subject: [PATCH 9/9] turn of simulate --- docker-compose.pokt-mainnet.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.pokt-mainnet.yml b/docker-compose.pokt-mainnet.yml index 070b7da2..47a3110b 100644 --- a/docker-compose.pokt-mainnet.yml +++ b/docker-compose.pokt-mainnet.yml @@ -10,8 +10,8 @@ services: expose: - 26656 - 8081 - #command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet - command: pocket start --simulateRelay + command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet + #command: pocket start --simulateRelay environment: - POCKET_CORE_KEY=$POCKET_CORE_KEY - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE