StakeSquid/ethereum-rpc-docker
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

chainsaw massacre

Browse Source
This commit is contained in:
Para Dox
2025-04-11 13:21:07 +07:00
parent 00997f8bc0
commit e4296a117c
410 changed files with 1285 additions and 1356241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
op/.dockerignore
View File

@@ -1 +0,0 @@
geth

55
op/Dockerfile
View File

@@ -1,55 +0,0 @@
FROM golang:1.22 as op
WORKDIR /app
ARG OP_REPO=https://github.com/ethereum-optimism/optimism.git
ARG OP_VERSION=v1.12.2
ARG OP_PATCH
RUN curl -fsSL https://github.com/casey/just/releases/download/1.38.0/just-1.38.0-x86_64-unknown-linux-musl.tar.gz | tar -xzf - -C /usr/local/bin
RUN git clone $OP_REPO --branch op-node/$OP_VERSION --single-branch . && \
git switch -c branch-$OP_VERSION
# Apply patch if provided and valid
COPY ${OP_PATCH:-empty.patch} /tmp/my-patch.patch
RUN if [ -n "$OP_PATCH" ]; then \
echo "Using patch file: $OP_PATCH"; \
cd op-node && git apply --verbose /tmp/my-patch.patch || \
(echo "Patch failed to apply!" && exit 1); \
else \
echo "No patch file provided. Skipping."; \
fi
RUN cd op-node && \
just op-node
FROM golang:1.22 as geth
WORKDIR /app
ARG GETH_REPO=https://github.com/ethereum-optimism/op-geth.git
ARG GETH_VERSION=v1.101503.1
# avoid depth=1, so the geth build can read tags
RUN git clone $GETH_REPO --branch $GETH_VERSION --single-branch . && \
git switch -c branch-$GETH_VERSION
RUN go run build/ci.go install -static ./cmd/geth
FROM golang:1.22
# not sure why that was in here ... maybe some script expecting it to clone peers ...
# but it broke the build on a server in japan for whatever reason.
RUN apt-get update && \
apt-get install -y jq curl && \
rm -rf /var/lib/apt/lists
WORKDIR /app
COPY --from=op /app/op-node/bin/op-node ./
COPY --from=geth /app/build/bin/geth ./
COPY geth-entrypoint .
COPY op-node-entrypoint .
COPY sepolia ./sepolia
COPY mainnet ./mainnet

107
op/Dockerfile.debug
View File

@@ -1,107 +0,0 @@
FROM node:20 as nodebuild
# this helps to rewind a chain like so
# ./op-w/bin/op-wheel engine set-forkchoice --unsafe=16966680 --safe=16966680 --finalized=16966680 --engine=http://localhost:8551/ --engine.jwt-secret=/jwtsecret
WORKDIR /app
RUN apt-get update && apt-get install -y \
curl \
jq \
python3 \
ca-certificates \
git \
g++ \
make \
gcc \
musl-dev \
bash \
# the following 4 deps are needed for node-hid
# which is a deep sub dependency of ethers to install
# correctly
pkg-config \
libusb-1.0-0-dev \
libudev-dev \
--no-install-recommends
# Clone the repository and checkout the specific commit
ARG OP_NODE_REPO=https://github.com/ethereum-optimism/optimism.git
ARG OP_NODE_VERSION
ARG OP_NODE_COMMIT
RUN git clone $OP_NODE_REPO --branch $OP_NODE_VERSION --single-branch . && \
git switch -c branch-$OP_NODE_VERSION
# Install pnpm
#RUN npm install -g pnpm && \
# curl -L https://foundry.paradigm.xyz | bash
#ENV PATH="${PATH}:/root/.foundry/bin"
#RUN /root/.foundry/bin/foundryup
# Assuming the op-node project is located at the root of the repository
# Install dependencies and build the project
#RUN cd op-node && pnpm install && pnpm build && ls
# Now, switch to the Golang image for the rest of the operations
FROM golang:1.22 as op-node
WORKDIR /app
# Copy the op-node project's source code and build artifacts
COPY --from=nodebuild /app /app
RUN cd op-node && ls && \
make op-node
FROM golang:1.22 as op-wheel
WORKDIR /app
# Copy the op-node project's source code and build artifacts
COPY --from=nodebuild /app /app
RUN cd op-wheel && \
make op-wheel
FROM golang:1.22 as geth
WORKDIR /app
ARG OP_GETH_REPO=https://github.com/ethereum-optimism/op-geth.git
ARG OP_GETH_VERSION
ARG OP_GETH_COMMIT
# avoid depth=1, so the geth build can read tags
RUN git clone $OP_GETH_REPO --branch $OP_GETH_VERSION --single-branch . && \
git switch -c branch-$OP_GETH_VERSION
RUN go run build/ci.go install -static ./cmd/geth
FROM golang:1.22
RUN apt-get update && \
apt-get install -y jq curl supervisor && \
rm -rf /var/lib/apt/lists
RUN mkdir -p /var/log/supervisor
WORKDIR /app
COPY --from=op-node /app/op-node/bin/ ./
COPY --from=op-node /app/op-node/bin/ /bin/
#run mkdir op-n
#COPY --from=op-node / ./op-n
run mkdir op-w
COPY --from=op-wheel /app/op-wheel/ ./op-w
COPY --from=geth /app/build/bin/geth ./
COPY --from=geth /app/build/bin/geth /bin/
# COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY geth-entrypoint .
COPY op-node-entrypoint .
#COPY goerli ./goerli
COPY sepolia ./sepolia
COPY mainnet ./mainnet
# CMD ["/usr/bin/supervisord"]

71
op/geth-entrypoint
View File

@@ -1,71 +0,0 @@
#!/bin/bash
set -eu
VERBOSITY=${GETH_VERBOSITY:-3}
GETH_DATA_DIR=/data
GETH_CHAINDATA_DIR="$GETH_DATA_DIR/geth/chaindata"
GETH_GENESIS_FILE_PATH="${GETH_GENESIS_FILE_PATH:-/genesis.json}"
CHAIN_ID=$(jq -r .config.chainId < "$GETH_GENESIS_FILE_PATH")
RPC_PORT="${RPC_PORT:-8545}"
WS_PORT="${WS_PORT:-8546}"
AUTHRPC_PORT="${AUTHRPC_PORT:-8551}"
METRICS_PORT="${METRICS_PORT:-6060}"
HOST_IP="${IP}"
P2P_PORT="${P2P_PORT:-30303}"
ADDITIONAL_ARGS=""
if [ ! -d "$GETH_CHAINDATA_DIR" ]; then
echo "$GETH_CHAINDATA_DIR missing, running init"
echo "Initializing genesis."
./geth --verbosity="$VERBOSITY" init \
--datadir="$GETH_DATA_DIR" \
"$GETH_GENESIS_FILE_PATH"
else
echo "$GETH_CHAINDATA_DIR exists."
fi
if [ "${OP_NODE_L2_ENGINE_AUTH_RAW+x}" ] && [ -n "$OP_NODE_L2_ENGINE_AUTH_RAW" ]; then
echo "$OP_NODE_L2_ENGINE_AUTH_RAW" > "$OP_NODE_L2_ENGINE_AUTH"
fi
if [ "${GETH_ETH_STATS+x}" = x ]; then
ADDITIONAL_ARGS="$ADDITIONAL_ARGS --ethstats=$GETH_ETH_STATS"
fi
if [ "${GETH_ALLOW_UNPROTECTED_TXS+x}" = x ]; then
ADDITIONAL_ARGS="$ADDITIONAL_ARGS --rpc.allow-unprotected-txs=$GETH_ALLOW_UNPROTECTED_TXS"
fi
exec ./geth \
--datadir="$GETH_DATA_DIR" \
--verbosity="$VERBOSITY" \
--http \
--http.corsdomain="*" \
--http.vhosts="*" \
--http.addr=0.0.0.0 \
--http.port="$RPC_PORT" \
--http.api=web3,debug,eth,net,engine \
--authrpc.addr=0.0.0.0 \
--authrpc.port="$AUTHRPC_PORT" \
--authrpc.vhosts="*" \
--authrpc.jwtsecret="$OP_NODE_L2_ENGINE_AUTH" \
--ws \
--ws.addr=0.0.0.0 \
--ws.port="$WS_PORT" \
--ws.origins="*" \
--ws.api=debug,eth,net,engine \
--metrics \
--metrics.addr=0.0.0.0 \
--metrics.port="$METRICS_PORT" \
--syncmode=full \
--gcmode=${GETH_GCMODE:-full} \
--state.scheme=${GETH_STATE_SCHEME:-path} \
--db.engine=${GETH_DB_ENGINE:-pebble} \
--discovery.port=${P2P_PORT:-30303} \
--maxpeers=${GETH_MAXPEERS:-100} \
--nat=extip:$HOST_IP \
--networkid="$CHAIN_ID" \
--rollup.halt=major \
--port="$P2P_PORT" \
$ADDITIONAL_ARGS # intentionally unquoted

26
op/geth.Dockerfile
View File

@@ -1,26 +0,0 @@
FROM golang:1.22 as geth
WORKDIR /app
ARG GETH_REPO=https://github.com/ethereum-optimism/op-geth.git
ARG GETH_VERSION=v1.101503.1
# avoid depth=1, so the geth build can read tags
RUN git clone $GETH_REPO --branch $GETH_VERSION --single-branch . && \
git switch -c branch-$GETH_VERSION
RUN go run build/ci.go install -static ./cmd/geth
FROM golang:1.22
# not sure why that was in here ... maybe some script expecting it to clone peers ...
# but it broke the build on a server in japan for whatever reason.
RUN apt-get update && \
apt-get install -y jq curl && \
rm -rf /var/lib/apt/lists
WORKDIR /app
COPY --from=geth /app/build/bin/geth ./
ENTRYPOINT ["./geth"]

143
op/geth/manta-pacific-mainnet-op-geth-archive-leveldb-hash.yml Normal file
View File

@@ -0,0 +1,143 @@
# use at your own risk
services:
manta-pacific-mainnet-archive:
image: ${MANTA_PACIFIC_GETH_IMAGE:-public.ecr.aws/i6b2w2n6/op-geth}:${MANTA_PACIFIC_MAINNET_GETH_VERSION:-5.2.0}
user: root
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
expose:
- 8545
- 8551
ports:
- 10877:10877
- 10877:10877/udp
volumes:
- ${MANTA_PACIFIC_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-manta-pacific-mainnet-op-geth-archive-leveldb-hash}:/data
- /slowdisk:/slowdisk
- .jwtsecret:/jwtsecret:ro
environment:
- GETH_OP_NETWORK=manta-pacific-mainnet
entrypoint: [/bin/sh, -c, exec /usr/local/bin/geth "$@"]
command:
- --datadir=/data
- --port=10877
- --bind=0.0.0.0
- --nat=extip:${IP}
- --http
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.port=8545
- --ws.origins=*
- --ws.addr=0.0.0.0
- --http.addr=0.0.0.0
- --maxpeers=50
- --http.api=web3,net,eth,debug,admin
- --ws.api=web3,net,eth,debug,admin
- --rpc.gascap=600000000
- --rpc.returndatalimit=10000000
- --rpc.txfeecap=0
- --authrpc.addr=0.0.0.0
- --authrpc.vhosts=*
- --authrpc.jwtsecret=/jwtsecret
- --db.engine=leveldb
- --state.scheme=hash
- --syncmode=full
- --gcmode=archive
networks:
- chains
restart: unless-stopped
stop_grace_period: 5m
labels:
- traefik.enable=true
- traefik.http.middlewares.manta-pacific-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/manta-pacific-mainnet-archive
- traefik.http.services.manta-pacific-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.manta-pacific-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.manta-pacific-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.manta-pacific-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && PathPrefix(`/manta-pacific-mainnet-archive`)}
- ${NO_SSL:+traefik.http.routers.manta-pacific-mainnet-op-geth-archive-leveldb-hash.rule=PathPrefix(`/manta-pacific-mainnet-archive`)}
- traefik.http.routers.manta-pacific-mainnet-op-geth-archive-leveldb-hash.middlewares=manta-pacific-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipwhitelist
manta-pacific-mainnet-archive-node:
image: ${MANTA_PACIFIC_NODE_IMAGE:-public.ecr.aws/i6b2w2n6/op-node}:${MANTA_PACIFIC_MAINNET_NODE_VERSION:-celestia-3.0.0-dencun}
ports:
- 15877:15877
- 15877:15877/udp
environment:
- OP_NODE_NETWORK=manta-pacific-mainnet
- OP_NODE_L1_ETH_RPC=${ETHEREUM_MAINNET_EXECUTION_RPC}
- OP_NODE_L2_ENGINE_RPC=http://manta-pacific-mainnet-archive:8551
- OP_NODE_P2P_LISTEN_TCP_PORT=15877
- OP_NODE_P2P_LISTEN_UDP_PORT=15877
- OP_NODE_P2P_ADVERTISE_IP=${IP}
- OP_NODE_L1_RPC_KIND=${ETHEREUM_MAINNET_EXECUTION_KIND:-basic}
- OP_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- OP_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- OP_NODE_L1_BEACON_ARCHIVER=${ETHEREUM_MAINNET_BEACON_ARCHIVER}
- OP_NODE_SYNCMODE=execution-layer
- OP_NODE_L2_ENGINE_AUTH=/jwtsecret
- OP_NODE_LOG_LEVEL=info
- OP_NODE_METRICS_ADDR=0.0.0.0
- OP_NODE_METRICS_ENABLED=true
- OP_NODE_METRICS_PORT=7300
- OP_NODE_P2P_LISTEN_IP=0.0.0.0
- OP_NODE_RPC_ADDR=0.0.0.0
- OP_NODE_RPC_PORT=8545
- OP_NODE_SNAPSHOT_LOG=/tmp/op-node-snapshot-log
- OP_NODE_VERIFIER_L1_CONFS=0
entrypoint: [op-node]
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
restart: unless-stopped
volumes:
manta-pacific-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- chain: manta-pacific
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex

145
op/geth/manta-pacific-mainnet-op-geth-pruned-pebble-path.yml Normal file
View File

@@ -0,0 +1,145 @@
# use at your own risk
services:
manta-pacific-mainnet:
image: ${MANTA_PACIFIC_GETH_IMAGE:-public.ecr.aws/i6b2w2n6/op-geth}:${MANTA_PACIFIC_MAINNET_GETH_VERSION:-5.2.0}
user: root
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
expose:
- 8545
- 8551
ports:
- 10877:10877
- 10877:10877/udp
volumes:
- ${MANTA_PACIFIC_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-manta-pacific-mainnet-op-geth-pruned-pebble-path}:/data
- /slowdisk:/slowdisk
- .jwtsecret:/jwtsecret:ro
environment:
- GETH_OP_NETWORK=manta-pacific-mainnet
entrypoint: [/bin/sh, -c, exec /usr/local/bin/geth "$@"]
command:
- --datadir=/data
- --port=10877
- --bind=0.0.0.0
- --nat=extip:${IP}
- --http
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.port=8545
- --ws.origins=*
- --ws.addr=0.0.0.0
- --http.addr=0.0.0.0
- --maxpeers=50
- --http.api=web3,net,eth,debug,admin
- --ws.api=web3,net,eth,debug,admin
- --rpc.gascap=600000000
- --rpc.returndatalimit=10000000
- --rpc.txfeecap=0
- --authrpc.addr=0.0.0.0
- --authrpc.vhosts=*
- --authrpc.jwtsecret=/jwtsecret
- --db.engine=pebble
- --state.scheme=path
- --syncmode=snap
- --gcmode=full
networks:
- chains
restart: unless-stopped
stop_grace_period: 5m
labels:
- traefik.enable=true
- traefik.http.middlewares.manta-pacific-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/manta-pacific-mainnet
- traefik.http.services.manta-pacific-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.manta-pacific-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.manta-pacific-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.manta-pacific-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && PathPrefix(`/manta-pacific-mainnet`)}
- ${NO_SSL:+traefik.http.routers.manta-pacific-mainnet-op-geth-pruned-pebble-path.rule=PathPrefix(`/manta-pacific-mainnet`)}
- traefik.http.routers.manta-pacific-mainnet-op-geth-pruned-pebble-path.middlewares=manta-pacific-mainnet-op-geth-pruned-pebble-path-stripprefix, ipwhitelist
manta-pacific-mainnet-node:
image: ${MANTA_PACIFIC_NODE_IMAGE:-public.ecr.aws/i6b2w2n6/op-node}:${MANTA_PACIFIC_MAINNET_NODE_VERSION:-celestia-3.0.0-dencun}
ports:
- 15877:15877
- 15877:15877/udp
environment:
- OP_NODE_NETWORK=manta-pacific-mainnet
- OP_NODE_L1_ETH_RPC=${ETHEREUM_MAINNET_EXECUTION_RPC}
- OP_NODE_L2_ENGINE_RPC=http://manta-pacific-mainnet:8551
- OP_NODE_P2P_LISTEN_TCP_PORT=15877
- OP_NODE_P2P_LISTEN_UDP_PORT=15877
- OP_NODE_P2P_ADVERTISE_IP=${IP}
- OP_NODE_L1_RPC_KIND=${ETHEREUM_MAINNET_EXECUTION_KIND:-basic}
- OP_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- OP_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- OP_NODE_L1_BEACON_ARCHIVER=${ETHEREUM_MAINNET_BEACON_ARCHIVER}
- OP_NODE_SYNCMODE=execution-layer
- OP_NODE_L2_ENGINE_AUTH=/jwtsecret
- OP_NODE_LOG_LEVEL=info
- OP_NODE_METRICS_ADDR=0.0.0.0
- OP_NODE_METRICS_ENABLED=true
- OP_NODE_METRICS_PORT=7300
- OP_NODE_P2P_LISTEN_IP=0.0.0.0
- OP_NODE_RPC_ADDR=0.0.0.0
- OP_NODE_RPC_PORT=8545
- OP_NODE_SNAPSHOT_LOG=/tmp/op-node-snapshot-log
- OP_NODE_VERIFIER_L1_CONFS=0
entrypoint: [op-node]
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
restart: unless-stopped
volumes:
manta-pacific-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- chain: manta-pacific
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex

39
op/node.Dockerfile
View File

@@ -1,39 +0,0 @@
FROM golang:1.22 as op
WORKDIR /app
ARG OP_REPO=https://github.com/ethereum-optimism/optimism.git
ARG OP_VERSION=v1.12.2
ARG OP_PATCH
RUN curl -fsSL https://github.com/casey/just/releases/download/1.38.0/just-1.38.0-x86_64-unknown-linux-musl.tar.gz | tar -xzf - -C /usr/local/bin
RUN git clone $OP_REPO --branch op-node/$OP_VERSION --single-branch . && \
git switch -c branch-$OP_VERSION
# Apply patch if provided and valid
COPY ${OP_PATCH:-empty.patch} /tmp/my-patch.patch
RUN if [ -n "$OP_PATCH" ]; then \
echo "Using patch file: $OP_PATCH"; \
cd op-node && git apply --verbose /tmp/my-patch.patch || \
(echo "Patch failed to apply!" && exit 1); \
else \
echo "No patch file provided. Skipping."; \
fi
RUN cd op-node && \
just op-node
FROM golang:1.22
# not sure why that was in here ... maybe some script expecting it to clone peers ...
# but it broke the build on a server in japan for whatever reason.
RUN apt-get update && \
apt-get install -y jq curl && \
rm -rf /var/lib/apt/lists
WORKDIR /app
COPY --from=op /app/op-node/bin/op-node ./
ENTRYPOINT ["./op-node"]

18
op/op-node-entrypoint
View File

@@ -1,18 +0,0 @@
#!/bin/bash
set -eu
# wait until local geth comes up (authed so will return 401 without token)
until [ "$(curl -s -w '%{http_code}' -o /dev/null "$OP_NODE_L2_ENGINE_RPC")" -eq 401 ]; do
echo "waiting for geth to be ready"
sleep 5
done
# public-facing P2P node, advertise public IP address
PUBLIC_IP=$(curl -s v4.ident.me)
export OP_NODE_P2P_ADVERTISE_IP=$PUBLIC_IP
if [ -n "$OP_NODE_L2_ENGINE_AUTH_RAW" ]; then
echo "$OP_NODE_L2_ENGINE_AUTH_RAW" > "$OP_NODE_L2_ENGINE_AUTH"
fi
exec ./op-node

129
op/reth/lisk-mainnet-op-reth-archive-trace.yml Normal file
View File

@@ -0,0 +1,129 @@
# use at your own risk
services:
lisk-mainnet-archive:
image: ${LISK_RETH_IMAGE:-ghcr.io/paradigmxyz/reth}:${LISK_MAINNET_RETH_VERSION:-v1.3.4}
user: root
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
memlock: -1 # Disable memory locking limits (for in-memory DBs like MDBX)
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
expose:
- 8545
- 8551
ports:
- 10598:10598
- 10598:10598/udp
volumes:
- ${LISK_MAINNET_OP_RETH_ARCHIVE_TRACE_DATA:-lisk-mainnet-op-reth-archive-trace}:/root/.local/share/reth
- /slowdisk:/slowdisk
- .jwtsecret:/jwtsecret:ro
entrypoint: [op-reth, node]
command:
- --datadir=/root/.local/share/reth
- --port=10598
- --bind=0.0.0.0
- --nat=extip:${IP}
- --http
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.port=8545
- --ws.origins=*
- --ws.addr=0.0.0.0
- --http.addr=0.0.0.0
- --maxpeers=50
- --http.api=debug,eth,net,trace,txpool,web3,rpc,reth,admin
- --ws.api=debug,eth,net,trace,txpool,web3,rpc,reth,admin
- --rpc.gascap=600000000
- --rpc.returndatalimit=10000000
- --rpc.txfeecap=0
- --authrpc.addr=0.0.0.0
- --authrpc.vhosts=*
- --authrpc.jwtsecret=/jwtsecret
- --db.engine=
- --state.scheme=
- --syncmode=full
- --gcmode=archive
- --chain=lisk
- --rollup.sequencer-http=https://rpc.api.lisk.com
networks:
- chains
restart: unless-stopped
stop_grace_period: 5m
labels:
- traefik.enable=true
- traefik.http.middlewares.lisk-mainnet-op-reth-archive-trace-stripprefix.stripprefix.prefixes=/lisk-mainnet-archive
- traefik.http.services.lisk-mainnet-op-reth-archive-trace.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-reth-archive-trace.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-reth-archive-trace.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-reth-archive-trace.rule=Host(`$DOMAIN`) && PathPrefix(`/lisk-mainnet-archive`)}
- ${NO_SSL:+traefik.http.routers.lisk-mainnet-op-reth-archive-trace.rule=PathPrefix(`/lisk-mainnet-archive`)}
- traefik.http.routers.lisk-mainnet-op-reth-archive-trace.middlewares=lisk-mainnet-op-reth-archive-trace-stripprefix, ipwhitelist
lisk-mainnet-archive-node:
image: ${LISK_NODE_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/node}:${LISK_MAINNET_NODE_VERSION:-v1.12.2}
ports:
- 15598:15598
- 15598:15598/udp
environment:
- OP_NODE_NETWORK=lisk-mainnet
- OP_NODE_L1_ETH_RPC=${ETHEREUM_MAINNET_EXECUTION_RPC}
- OP_NODE_L2_ENGINE_RPC=http://lisk-mainnet-archive:8551
- OP_NODE_P2P_LISTEN_TCP_PORT=15598
- OP_NODE_P2P_LISTEN_UDP_PORT=15598
- OP_NODE_P2P_ADVERTISE_IP=${IP}
- OP_NODE_L1_RPC_KIND=${ETHEREUM_MAINNET_EXECUTION_KIND:-basic}
- OP_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- OP_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- OP_NODE_L1_BEACON_ARCHIVER=${ETHEREUM_MAINNET_BEACON_ARCHIVER}
- OP_NODE_SYNCMODE=execution-layer
- OP_NODE_L2_ENGINE_AUTH=/jwtsecret
- OP_NODE_LOG_LEVEL=info
- OP_NODE_METRICS_ADDR=0.0.0.0
- OP_NODE_METRICS_ENABLED=true
- OP_NODE_METRICS_PORT=7300
- OP_NODE_P2P_LISTEN_IP=0.0.0.0
- OP_NODE_RPC_ADDR=0.0.0.0
- OP_NODE_RPC_PORT=8545
- OP_NODE_SNAPSHOT_LOG=/tmp/op-node-snapshot-log
- OP_NODE_VERIFIER_L1_CONFS=0
entrypoint: [op-node]
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
restart: unless-stopped
volumes:
lisk-mainnet-op-reth-archive-trace:
x-upstreams:
- chain:
method-groups:
enabled:
- debug
- filter
- trace
methods:
disabled:
enabled:

129
op/reth/lisk-mainnet-op-reth-pruned-trace.yml Normal file
View File

@@ -0,0 +1,129 @@
# use at your own risk
services:
lisk-mainnet:
image: ${LISK_RETH_IMAGE:-ghcr.io/paradigmxyz/reth}:${LISK_MAINNET_RETH_VERSION:-v1.3.4}
user: root
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
memlock: -1 # Disable memory locking limits (for in-memory DBs like MDBX)
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
expose:
- 8545
- 8551
ports:
- 10598:10598
- 10598:10598/udp
volumes:
- ${LISK_MAINNET_OP_RETH_PRUNED_TRACE_DATA:-lisk-mainnet-op-reth-pruned-trace}:/root/.local/share/reth
- /slowdisk:/slowdisk
- .jwtsecret:/jwtsecret:ro
entrypoint: [op-reth, node]
command:
- --datadir=/root/.local/share/reth
- --port=10598
- --bind=0.0.0.0
- --nat=extip:${IP}
- --http
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.port=8545
- --ws.origins=*
- --ws.addr=0.0.0.0
- --http.addr=0.0.0.0
- --maxpeers=50
- --http.api=debug,eth,net,trace,txpool,web3,rpc,reth,admin
- --ws.api=debug,eth,net,trace,txpool,web3,rpc,reth,admin
- --rpc.gascap=600000000
- --rpc.returndatalimit=10000000
- --rpc.txfeecap=0
- --authrpc.addr=0.0.0.0
- --authrpc.vhosts=*
- --authrpc.jwtsecret=/jwtsecret
- --db.engine=
- --state.scheme=
- --syncmode=snap
- --gcmode=full
- --chain=lisk
- --rollup.sequencer-http=https://rpc.api.lisk.com
networks:
- chains
restart: unless-stopped
stop_grace_period: 5m
labels:
- traefik.enable=true
- traefik.http.middlewares.lisk-mainnet-op-reth-pruned-trace-stripprefix.stripprefix.prefixes=/lisk-mainnet
- traefik.http.services.lisk-mainnet-op-reth-pruned-trace.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-reth-pruned-trace.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-reth-pruned-trace.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-reth-pruned-trace.rule=Host(`$DOMAIN`) && PathPrefix(`/lisk-mainnet`)}
- ${NO_SSL:+traefik.http.routers.lisk-mainnet-op-reth-pruned-trace.rule=PathPrefix(`/lisk-mainnet`)}
- traefik.http.routers.lisk-mainnet-op-reth-pruned-trace.middlewares=lisk-mainnet-op-reth-pruned-trace-stripprefix, ipwhitelist
lisk-mainnet-node:
image: ${LISK_NODE_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/node}:${LISK_MAINNET_NODE_VERSION:-v1.12.2}
ports:
- 15598:15598
- 15598:15598/udp
environment:
- OP_NODE_NETWORK=lisk-mainnet
- OP_NODE_L1_ETH_RPC=${ETHEREUM_MAINNET_EXECUTION_RPC}
- OP_NODE_L2_ENGINE_RPC=http://lisk-mainnet:8551
- OP_NODE_P2P_LISTEN_TCP_PORT=15598
- OP_NODE_P2P_LISTEN_UDP_PORT=15598
- OP_NODE_P2P_ADVERTISE_IP=${IP}
- OP_NODE_L1_RPC_KIND=${ETHEREUM_MAINNET_EXECUTION_KIND:-basic}
- OP_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- OP_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- OP_NODE_L1_BEACON_ARCHIVER=${ETHEREUM_MAINNET_BEACON_ARCHIVER}
- OP_NODE_SYNCMODE=execution-layer
- OP_NODE_L2_ENGINE_AUTH=/jwtsecret
- OP_NODE_LOG_LEVEL=info
- OP_NODE_METRICS_ADDR=0.0.0.0
- OP_NODE_METRICS_ENABLED=true
- OP_NODE_METRICS_PORT=7300
- OP_NODE_P2P_LISTEN_IP=0.0.0.0
- OP_NODE_RPC_ADDR=0.0.0.0
- OP_NODE_RPC_PORT=8545
- OP_NODE_SNAPSHOT_LOG=/tmp/op-node-snapshot-log
- OP_NODE_VERIFIER_L1_CONFS=0
entrypoint: [op-node]
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
restart: unless-stopped
volumes:
lisk-mainnet-op-reth-pruned-trace:
x-upstreams:
- chain:
method-groups:
enabled:
- debug
- filter
- trace
methods:
disabled:
enabled: