StakeSquid/ethereum-rpc-docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deploy: regenerate compose from vibe-node main c56d34414bfa

Browse Source
This commit is contained in:
Claude Agent
2026-06-24 05:20:48 +00:00
parent eb1b37d5c0
commit ee3fbd39e4
39 changed files with 8248 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
op/geth/bob-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,198 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/bob-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/bob-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
bob-mainnet-archive:
image: ${BOB_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${BOB_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 14046:14046
- 14046:14046/udp
expose:
- 8545
- 6060
- 8551
env_file:
- ./op/bob/mainnet.env
environment:
- GETH_OP_NETWORK=bob-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://bob-mainnet.public.blastapi.io
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=14046
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${BOB_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-bob-mainnet-op-geth-archive-leveldb-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/bob-mainnet-archive
- traefik.http.services.bob-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/bob-mainnet-archive`) || Path(`/bob-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/bob-mainnet-archive`) || Path(`/bob-mainnet-archive/`)}
- traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash.middlewares=bob-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
bob-mainnet-archive-node:
image: ${BOB_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${BOB_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 19046:19046
- 19046:19046/udp
env_file:
- ./op/bob/mainnet.env
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${BOB_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=60808
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://bob-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=19046
- KONA_NODE_P2P_LISTEN_UDP_PORT=19046
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- bob-mainnet-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/bob-mainnet-archive/node
- traefik.http.services.bob-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/bob-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/bob-mainnet-archive/node`)}
- traefik.http.routers.bob-mainnet-op-geth-archive-leveldb-hash-node.middlewares=bob-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
bob-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: bob
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

198
op/geth/bob-mainnet-op-geth-archive-pebble-hash--kona.yml Normal file
View File

@@ -0,0 +1,198 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/bob-mainnet-op-geth-archive-pebble-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/bob-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
bob-mainnet-archive:
image: ${BOB_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${BOB_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 12223:12223
- 12223:12223/udp
expose:
- 8545
- 6060
- 8551
env_file:
- ./op/bob/mainnet.env
environment:
- GETH_OP_NETWORK=bob-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://bob-mainnet.public.blastapi.io
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=12223
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${BOB_MAINNET_OP_GETH_ARCHIVE_PEBBLE_HASH_DATA:-bob-mainnet-op-geth-archive-pebble-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-archive-pebble-hash-stripprefix.stripprefix.prefixes=/bob-mainnet-archive
- traefik.http.services.bob-mainnet-op-geth-archive-pebble-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash.rule=Host(`$DOMAIN`) && (Path(`/bob-mainnet-archive`) || Path(`/bob-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash.rule=Path(`/bob-mainnet-archive`) || Path(`/bob-mainnet-archive/`)}
- traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash.middlewares=bob-mainnet-op-geth-archive-pebble-hash-stripprefix, ipallowlist
bob-mainnet-archive-node:
image: ${BOB_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${BOB_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 17223:17223
- 17223:17223/udp
env_file:
- ./op/bob/mainnet.env
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${BOB_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=60808
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://bob-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=17223
- KONA_NODE_P2P_LISTEN_UDP_PORT=17223
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- bob-mainnet-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-archive-pebble-hash-node-stripprefix.stripprefix.prefixes=/bob-mainnet-archive/node
- traefik.http.services.bob-mainnet-op-geth-archive-pebble-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/bob-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash-node.rule=PathPrefix(`/bob-mainnet-archive/node`)}
- traefik.http.routers.bob-mainnet-op-geth-archive-pebble-hash-node.middlewares=bob-mainnet-op-geth-archive-pebble-hash-node-stripprefix, ipallowlist
volumes:
bob-mainnet-op-geth-archive-pebble-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: bob
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

198
op/geth/bob-mainnet-op-geth-pruned-pebble-hash--kona.yml Normal file
View File

@@ -0,0 +1,198 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/bob-mainnet-op-geth-pruned-pebble-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/bob-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
bob-mainnet:
image: ${BOB_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${BOB_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11363:11363
- 11363:11363/udp
expose:
- 8545
- 6060
- 8551
env_file:
- ./op/bob/mainnet.env
environment:
- GETH_OP_NETWORK=bob-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://bob-mainnet.public.blastapi.io
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=11363
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${BOB_MAINNET_OP_GETH_PRUNED_PEBBLE_HASH_DATA:-bob-mainnet-op-geth-pruned-pebble-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-pruned-pebble-hash-stripprefix.stripprefix.prefixes=/bob-mainnet
- traefik.http.services.bob-mainnet-op-geth-pruned-pebble-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash.rule=Host(`$DOMAIN`) && (Path(`/bob-mainnet`) || Path(`/bob-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash.rule=Path(`/bob-mainnet`) || Path(`/bob-mainnet/`)}
- traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash.middlewares=bob-mainnet-op-geth-pruned-pebble-hash-stripprefix, ipallowlist
bob-mainnet-node:
image: ${BOB_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${BOB_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 16363:16363
- 16363:16363/udp
env_file:
- ./op/bob/mainnet.env
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${BOB_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=60808
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://bob-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16363
- KONA_NODE_P2P_LISTEN_UDP_PORT=16363
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- bob-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-pruned-pebble-hash-node-stripprefix.stripprefix.prefixes=/bob-mainnet/node
- traefik.http.services.bob-mainnet-op-geth-pruned-pebble-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/bob-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash-node.rule=PathPrefix(`/bob-mainnet/node`)}
- traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-hash-node.middlewares=bob-mainnet-op-geth-pruned-pebble-hash-node-stripprefix, ipallowlist
volumes:
bob-mainnet-op-geth-pruned-pebble-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: bob
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

200
op/geth/bob-mainnet-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,200 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/bob-mainnet-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/bob-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
bob-mainnet:
image: ${BOB_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${BOB_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 13347:13347
- 13347:13347/udp
expose:
- 8545
- 6060
- 8551
env_file:
- ./op/bob/mainnet.env
environment:
- GETH_OP_NETWORK=bob-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://bob-mainnet.public.blastapi.io
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=13347
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${BOB_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-bob-mainnet-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/bob-mainnet
- traefik.http.services.bob-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/bob-mainnet`) || Path(`/bob-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path.rule=Path(`/bob-mainnet`) || Path(`/bob-mainnet/`)}
- traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path.middlewares=bob-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
bob-mainnet-node:
image: ${BOB_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${BOB_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 18347:18347
- 18347:18347/udp
env_file:
- ./op/bob/mainnet.env
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${BOB_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=60808
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://bob-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=18347
- KONA_NODE_P2P_LISTEN_UDP_PORT=18347
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- bob-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.bob-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/bob-mainnet/node
- traefik.http.services.bob-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/bob-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/bob-mainnet/node`)}
- traefik.http.routers.bob-mainnet-op-geth-pruned-pebble-path-node.middlewares=bob-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
bob-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: bob
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

194
op/geth/ink-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,194 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/ink-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/ink-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
ink-mainnet-archive:
image: ${INK_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${INK_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 10713:10713
- 10713:10713/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=ink-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc-gel.inkonchain.com
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=10713
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${INK_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-ink-mainnet-op-geth-archive-leveldb-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.ink-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/ink-mainnet-archive
- traefik.http.services.ink-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/ink-mainnet-archive`) || Path(`/ink-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/ink-mainnet-archive`) || Path(`/ink-mainnet-archive/`)}
- traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash.middlewares=ink-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
ink-mainnet-archive-node:
image: ${INK_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${INK_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 15713:15713
- 15713:15713/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${INK_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=57073
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://ink-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=15713
- KONA_NODE_P2P_LISTEN_UDP_PORT=15713
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- ink-mainnet-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.ink-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/ink-mainnet-archive/node
- traefik.http.services.ink-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/ink-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/ink-mainnet-archive/node`)}
- traefik.http.routers.ink-mainnet-op-geth-archive-leveldb-hash-node.middlewares=ink-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
ink-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: ink
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

196
op/geth/ink-mainnet-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,196 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/ink-mainnet-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/ink-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
ink-mainnet:
image: ${INK_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${INK_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11271:11271
- 11271:11271/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=ink-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc-gel.inkonchain.com
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=11271
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${INK_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-ink-mainnet-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.ink-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/ink-mainnet
- traefik.http.services.ink-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/ink-mainnet`) || Path(`/ink-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path.rule=Path(`/ink-mainnet`) || Path(`/ink-mainnet/`)}
- traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path.middlewares=ink-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
ink-mainnet-node:
image: ${INK_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${INK_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 16271:16271
- 16271:16271/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${INK_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=57073
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://ink-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16271
- KONA_NODE_P2P_LISTEN_UDP_PORT=16271
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- ink-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.ink-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/ink-mainnet/node
- traefik.http.services.ink-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/ink-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/ink-mainnet/node`)}
- traefik.http.routers.ink-mainnet-op-geth-pruned-pebble-path-node.middlewares=ink-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
ink-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: ink
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

195
op/geth/ink-sepolia-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,195 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/ink-sepolia-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/ink-sepolia-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
ink-sepolia-archive:
image: ${INK_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${INK_SEPOLIA_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11659:11659
- 11659:11659/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=ink-sepolia
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc-gel-sepolia.inkonchain.com
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=11659
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${INK_SEPOLIA_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-ink-sepolia-op-geth-archive-leveldb-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.ink-sepolia-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/ink-sepolia-archive
- traefik.http.services.ink-sepolia-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/ink-sepolia-archive`) || Path(`/ink-sepolia-archive/`))}
- ${NO_SSL:+traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash.rule=Path(`/ink-sepolia-archive`) || Path(`/ink-sepolia-archive/`)}
- traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash.middlewares=ink-sepolia-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
ink-sepolia-archive-node:
image: ${INK_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${INK_SEPOLIA_KONA_VERSION:-v1.6.0}
ports:
- 16659:16659
- 16659:16659/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_SEPOLIA_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${INK_SEPOLIA_L1_EXECUTION_RPC:-${ETHEREUM_SEPOLIA_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_SEPOLIA_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=763373
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://ink-sepolia-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_OVERRIDE_PECTRA_BLOB_SCHEDULE=1742486400
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16659
- KONA_NODE_P2P_LISTEN_UDP_PORT=16659
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- ink-sepolia-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.ink-sepolia-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/ink-sepolia-archive/node
- traefik.http.services.ink-sepolia-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/ink-sepolia-archive/node`)}
- ${NO_SSL:+traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/ink-sepolia-archive/node`)}
- traefik.http.routers.ink-sepolia-op-geth-archive-leveldb-hash-node.middlewares=ink-sepolia-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
ink-sepolia-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: ink-sepolia
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

197
op/geth/ink-sepolia-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,197 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/ink-sepolia-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/ink-sepolia \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
ink-sepolia:
image: ${INK_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${INK_SEPOLIA_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11869:11869
- 11869:11869/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=ink-sepolia
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc-gel-sepolia.inkonchain.com
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=11869
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${INK_SEPOLIA_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-ink-sepolia-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.ink-sepolia-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/ink-sepolia
- traefik.http.services.ink-sepolia-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/ink-sepolia`) || Path(`/ink-sepolia/`))}
- ${NO_SSL:+traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path.rule=Path(`/ink-sepolia`) || Path(`/ink-sepolia/`)}
- traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path.middlewares=ink-sepolia-op-geth-pruned-pebble-path-stripprefix, ipallowlist
ink-sepolia-node:
image: ${INK_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${INK_SEPOLIA_KONA_VERSION:-v1.6.0}
ports:
- 16869:16869
- 16869:16869/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_SEPOLIA_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${INK_SEPOLIA_L1_EXECUTION_RPC:-${ETHEREUM_SEPOLIA_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_SEPOLIA_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=763373
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://ink-sepolia:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_OVERRIDE_PECTRA_BLOB_SCHEDULE=1742486400
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16869
- KONA_NODE_P2P_LISTEN_UDP_PORT=16869
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- ink-sepolia
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.ink-sepolia-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/ink-sepolia/node
- traefik.http.services.ink-sepolia-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/ink-sepolia/node`)}
- ${NO_SSL:+traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/ink-sepolia/node`)}
- traefik.http.routers.ink-sepolia-op-geth-pruned-pebble-path-node.middlewares=ink-sepolia-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
ink-sepolia-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: ink-sepolia
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

199
op/geth/lisk-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,199 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/lisk-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/lisk-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
lisk-mainnet-archive:
image: ${LISK_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${LISK_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11157:11157
- 11157:11157/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_BOOTNODES=enode://87a32fd13bd596b2ffca97020e31aef4ddcc1bbd4b95bb633d16c1329f654f34049ed240a36b449fda5e5225d70fe40bc667f53c304b71f8e68fc9d448690b51@3.231.138.188:30301,enode://ca21ea8f176adb2e229ce2d700830c844af0ea941a1d8152a9513b966fe525e809c3a6c73a2c18a12b74ed6ec4380edf91662778fe0b79f6a591236e49e176f9@184.72.129.189:30301,enode://acf4507a211ba7c1e52cdf4eef62cdc3c32e7c9c47998954f7ba024026f9a6b2150cd3f0b734d9c78e507ab70d59ba61dfe5c45e1078c7ad0775fb251d7735a2@3.220.145.177:30301,enode://8a5a5006159bf079d06a04e5eceab2a1ce6e0f721875b2a9c96905336219dbe14203d38f70f3754686a6324f786c2f9852d8c0dd3adac2d080f4db35efc678c5@3.231.11.52:30301,enode://cdadbe835308ad3557f9a1de8db411da1a260a98f8421d62da90e71da66e55e98aaa8e90aa7ce01b408a54e4bd2253d701218081ded3dbe5efbbc7b41d7cef79@54.198.153.150:30301
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc.api.lisk.com
entrypoint: /bin/sh -c '[ -f /config/genesis.json ] && geth --db.engine=leveldb --gcmode=archive --datadir /data init --state.scheme=hash /config/genesis.json; exec geth "$@"' --
command:
- --bootnodes=enode://87a32fd13bd596b2ffca97020e31aef4ddcc1bbd4b95bb633d16c1329f654f34049ed240a36b449fda5e5225d70fe40bc667f53c304b71f8e68fc9d448690b51@3.231.138.188:30301,enode://ca21ea8f176adb2e229ce2d700830c844af0ea941a1d8152a9513b966fe525e809c3a6c73a2c18a12b74ed6ec4380edf91662778fe0b79f6a591236e49e176f9@184.72.129.189:30301,enode://acf4507a211ba7c1e52cdf4eef62cdc3c32e7c9c47998954f7ba024026f9a6b2150cd3f0b734d9c78e507ab70d59ba61dfe5c45e1078c7ad0775fb251d7735a2@3.220.145.177:30301,enode://8a5a5006159bf079d06a04e5eceab2a1ce6e0f721875b2a9c96905336219dbe14203d38f70f3754686a6324f786c2f9852d8c0dd3adac2d080f4db35efc678c5@3.231.11.52:30301,enode://cdadbe835308ad3557f9a1de8db411da1a260a98f8421d62da90e71da66e55e98aaa8e90aa7ce01b408a54e4bd2253d701218081ded3dbe5efbbc7b41d7cef79@54.198.153.150:30301
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --networkid=1135
- --port=11157
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${LISK_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-lisk-mainnet-op-geth-archive-leveldb-hash}:/data
- ./op/lisk/mainnet:/config
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.lisk-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/lisk-mainnet-archive
- traefik.http.services.lisk-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/lisk-mainnet-archive`) || Path(`/lisk-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/lisk-mainnet-archive`) || Path(`/lisk-mainnet-archive/`)}
- traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash.middlewares=lisk-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
lisk-mainnet-archive-node:
image: ${LISK_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${LISK_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 16157:16157
- 16157:16157/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${LISK_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=1135
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://lisk-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_BOOTNODES=enr:-Iu4QBCIUw0OhAq5ErARIYBLIr6xPb83OqeFRqlUJGlJ9kWpNECaumPArYWsEFdM_cEKm26JJT_EA52f4dlavBldldgBgmlkgnY0gmlwhCPqq5CJc2VjcDI1NmsxoQLBE74gZyIHkwBEnkI4K7nR4SM2Lytj2VTLqJaj5nQevoN0Y3CCIyuDdWRwgiMs
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16157
- KONA_NODE_P2P_LISTEN_UDP_PORT=16157
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- lisk-mainnet-archive
networks:
- chains
volumes:
- ./op/lisk/mainnet:/config
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.lisk-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/lisk-mainnet-archive/node
- traefik.http.services.lisk-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/lisk-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/lisk-mainnet-archive/node`)}
- traefik.http.routers.lisk-mainnet-op-geth-archive-leveldb-hash-node.middlewares=lisk-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
lisk-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: lisk
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

291
op/geth/op-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,291 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/op-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/op-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
op-mainnet-archive:
image: ${OP_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${OP_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 13399:13399
- 13399:13399/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=op-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://mainnet-sequencer.optimism.io
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=13399
- --rollup.historicalrpc=${OP_MAINNET_CLASSIC_ARCHIVE_RPC:-http://op-mainnet-l2geth-archive:8545}
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
depends_on:
- op-mainnet-l2geth-archive
networks:
- chains
volumes:
- ${OP_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-op-mainnet-op-geth-archive-leveldb-hash}:/data
- ./op/op/mainnet:/config
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.op-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/op-mainnet-archive
- traefik.http.services.op-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/op-mainnet-archive`) || Path(`/op-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/op-mainnet-archive`) || Path(`/op-mainnet-archive/`)}
- traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash.middlewares=op-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
op-mainnet-archive-node:
image: ${OP_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${OP_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 18399:18399
- 18399:18399/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${OP_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=10
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://op-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=18399
- KONA_NODE_P2P_LISTEN_UDP_PORT=18399
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- op-mainnet-archive
networks:
- chains
volumes:
- ./op/op/mainnet:/config
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.op-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/op-mainnet-archive/node
- traefik.http.services.op-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/op-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/op-mainnet-archive/node`)}
- traefik.http.routers.op-mainnet-op-geth-archive-leveldb-hash-node.middlewares=op-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
op-mainnet-l2geth-archive:
image: ${OP_L2GETH_IMAGE:-ethereumoptimism/l2geth}:${OP_MAINNET_L2GETH_VERSION:-0.5.31}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 12952:12952
- 12952:12952/udp
expose:
- 8545
env_file:
- ./op/op/mainnet/l2geth.env
environment:
- ROLLUP_BACKEND=l2
- SYNC_SOURCE=l2
command:
- --datadir=/geth
- --gcmode=archive
- --maxpeers=50
- --nat=extip:${IP}
- --port=12952
- --rpc
- --rpc.gascap=600000000
- --rpcaddr=0.0.0.0
- --rpcapi=eth,net,web3,admin,debug
- --rpcport=8545
- --syncmode=full
- --vmodule=eth/*=5,miner=4,rpc=5,rollup=4,consensus/clique=1
- --ws
- --wsaddr=0.0.0.0
- --wsapi=eth,net,web3,admin,debug
- --wsport=8546
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${OP_MAINNET_L2GETH_ARCHIVE_LEVELDB_HASH_DATA:-op-mainnet-l2geth-archive-leveldb-hash}:/geth
- ./op/op/mainnet:/config
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=false
volumes:
op-mainnet-l2geth-archive-leveldb-hash:
op-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: optimism
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: optimism
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

263
op/geth/op-mainnet-op-geth-pruned-pebble-path--kona--fireeth.yml Normal file
View File

@@ -0,0 +1,263 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/op-mainnet-op-geth-pruned-pebble-path--kona--fireeth.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/op-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
op-mainnet:
image: ${OP_FIREETH_IMAGE:-ghcr.io/streamingfast/go-ethereum}:${OP_MAINNET_FIREETH_VERSION:-v2.12.4-optimism-v1.101511.0-op-node.v1.13.3-1}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 12687:12687
- 12687:12687/udp
expose:
- 8545
- 6060
- 8551
- 10010
environment:
- GETH_OP_NETWORK=op-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://mainnet-sequencer.optimism.io
entrypoint: [sh, -c, exec fireeth start reader-node --reader-node-arguments "$*", _]
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=12687
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=full
- --vmtrace=firehose
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${OP_MAINNET_FIREETH_DATA:-op-mainnet-fireeth}:/app/firehose-data
- ${OP_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-op-mainnet-op-geth-pruned-pebble-path}:/data
- ./op/op/mainnet:/config
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.op-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/op-mainnet
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/op-mainnet`) || Path(`/op-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.rule=Path(`/op-mainnet`) || Path(`/op-mainnet/`)}
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.middlewares=op-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
op-mainnet-firehose:
image: ${OP_FIREETH_IMAGE:-ghcr.io/streamingfast/go-ethereum}:${OP_MAINNET_FIREETH_VERSION:-v2.12.4-optimism-v1.101511.0-op-node.v1.13.3-1}
expose:
- 10015
- 10014
environment:
- ${OP_MAINNET_FIREETH_BLOCKS_STORE:-/app/firehose-data/storage/merged-blocks}
entrypoint: [sh, -c, exec fireeth --config-file="" --log-to-file=false start firehose index-builder relayer merger $@, _]
command:
- --firehose-rate-limit-bucket-fill-rate=${OP_MAINNET_FIREHOSE_RATE_LIMIT_BUCKET_FILL_RATE:-1s}
- --firehose-rate-limit-bucket-size=${OP_MAINNET_FIREHOSE_RATE_LIMIT_BUCKET_SIZE:-200}
- --log-to-file=false
- --relayer-source=op-mainnet:10010
restart: unless-stopped
depends_on:
- op-mainnet
networks:
- chains
volumes:
- ${OP_MAINNET_FIREETH_DATA:-op-mainnet-fireeth}:/app/firehose-data
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=false
- traefik.enable=true
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path-firehose.loadbalancer.server.scheme=h2c
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-firehose.service=op-mainnet-op-geth-pruned-pebble-path-firehose
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path-firehose.loadbalancer.server.port=10015
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-firehose.entrypoints=grpc
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-firehose.tls.certresolver=myresolver}
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-firehose.rule=Host(`op-mainnet-firehose.${DOMAIN}`)
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-firehose.middlewares=ipallowlist
op-mainnet-events:
image: ${OP_FIREETH_IMAGE:-ghcr.io/streamingfast/go-ethereum}:${OP_MAINNET_FIREETH_VERSION:-v2.12.4-optimism-v1.101511.0-op-node.v1.13.3-1}
expose:
- 10016
entrypoint: [sh, -c, exec fireeth --config-file="" --log-to-file=false start substreams-tier1 substreams-tier2 $@, _]
command:
- --common-live-blocks-addr=op-mainnet-firehose:10014
- --log-to-file=false
- --substreams-block-execution-timeout=${OP_MAINNET_SUBSTREAMS_BLOCK_EXECUTION_TIMEOUT:-3m0s}
- --substreams-rpc-endpoints=${OP_MAINNET_EXECUTION_ARCHIVE_RPC}
- --substreams-tier1-max-subrequests=${OP_MAINNET_SUBSTREAMS_TIER1_MAX_SUBREQUESTS:-4}
restart: unless-stopped
depends_on:
- op-mainnet
networks:
- chains
volumes:
- ${OP_MAINNET_FIREETH_DATA:-op-mainnet-fireeth}:/app/firehose-data
logging: *logging-defaults
labels:
- traefik.enable=true
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path-events.loadbalancer.server.scheme=h2c
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-events.service=op-mainnet-op-geth-pruned-pebble-path-events
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path-events.loadbalancer.server.port=10016
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-events.entrypoints=grpc
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-events.tls.certresolver=myresolver}
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-events.rule=Host(`op-mainnet-events.${DOMAIN}`)
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-events.middlewares=ipallowlist
op-mainnet-node:
image: ${OP_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${OP_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 17687:17687
- 17687:17687/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${OP_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=10
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://op-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=17687
- KONA_NODE_P2P_LISTEN_UDP_PORT=17687
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- op-mainnet
networks:
- chains
volumes:
- ./op/op/mainnet:/config
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.op-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/op-mainnet/node
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/op-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/op-mainnet/node`)}
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.middlewares=op-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
op-mainnet-op-geth-pruned-pebble-path:
op-mainnet-op-geth-pruned-pebble-path_fireeth:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: optimism
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

198
op/geth/op-mainnet-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,198 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/op-mainnet-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/op-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
op-mainnet:
image: ${OP_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${OP_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 12687:12687
- 12687:12687/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=op-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://mainnet-sequencer.optimism.io
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=12687
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${OP_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-op-mainnet-op-geth-pruned-pebble-path}:/data
- ./op/op/mainnet:/config
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.op-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/op-mainnet
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/op-mainnet`) || Path(`/op-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.rule=Path(`/op-mainnet`) || Path(`/op-mainnet/`)}
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path.middlewares=op-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
op-mainnet-node:
image: ${OP_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${OP_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 17687:17687
- 17687:17687/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${OP_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=10
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://op-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=17687
- KONA_NODE_P2P_LISTEN_UDP_PORT=17687
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- op-mainnet
networks:
- chains
volumes:
- ./op/op/mainnet:/config
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.op-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/op-mainnet/node
- traefik.http.services.op-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/op-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/op-mainnet/node`)}
- traefik.http.routers.op-mainnet-op-geth-pruned-pebble-path-node.middlewares=op-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
op-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: optimism
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

194
op/geth/soneium-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,194 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/soneium-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/soneium-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
soneium-mainnet-archive:
image: ${SONEIUM_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${SONEIUM_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 10889:10889
- 10889:10889/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=soneium-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc.soneium.org
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=10889
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${SONEIUM_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-soneium-mainnet-op-geth-archive-leveldb-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.soneium-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/soneium-mainnet-archive
- traefik.http.services.soneium-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/soneium-mainnet-archive`) || Path(`/soneium-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/soneium-mainnet-archive`) || Path(`/soneium-mainnet-archive/`)}
- traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash.middlewares=soneium-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
soneium-mainnet-archive-node:
image: ${SONEIUM_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${SONEIUM_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 15889:15889
- 15889:15889/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${SONEIUM_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=1868
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://soneium-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=15889
- KONA_NODE_P2P_LISTEN_UDP_PORT=15889
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- soneium-mainnet-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.soneium-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/soneium-mainnet-archive/node
- traefik.http.services.soneium-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/soneium-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/soneium-mainnet-archive/node`)}
- traefik.http.routers.soneium-mainnet-op-geth-archive-leveldb-hash-node.middlewares=soneium-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
soneium-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: soneium
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

196
op/geth/soneium-mainnet-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,196 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/soneium-mainnet-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/soneium-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
soneium-mainnet:
image: ${SONEIUM_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${SONEIUM_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 14145:14145
- 14145:14145/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=soneium-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://rpc.soneium.org
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=14145
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${SONEIUM_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-soneium-mainnet-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.soneium-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/soneium-mainnet
- traefik.http.services.soneium-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/soneium-mainnet`) || Path(`/soneium-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path.rule=Path(`/soneium-mainnet`) || Path(`/soneium-mainnet/`)}
- traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path.middlewares=soneium-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
soneium-mainnet-node:
image: ${SONEIUM_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${SONEIUM_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 19145:19145
- 19145:19145/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${SONEIUM_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=1868
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://soneium-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=19145
- KONA_NODE_P2P_LISTEN_UDP_PORT=19145
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- soneium-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.soneium-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/soneium-mainnet/node
- traefik.http.services.soneium-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/soneium-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/soneium-mainnet/node`)}
- traefik.http.routers.soneium-mainnet-op-geth-pruned-pebble-path-node.middlewares=soneium-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
soneium-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: soneium
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

194
op/geth/unichain-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,194 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/unichain-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/unichain-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
unichain-mainnet-archive:
image: ${UNICHAIN_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${UNICHAIN_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11789:11789
- 11789:11789/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=unichain-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://mainnet.unichain.org
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=11789
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${UNICHAIN_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-unichain-mainnet-op-geth-archive-leveldb-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.unichain-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/unichain-mainnet-archive
- traefik.http.services.unichain-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/unichain-mainnet-archive`) || Path(`/unichain-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/unichain-mainnet-archive`) || Path(`/unichain-mainnet-archive/`)}
- traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash.middlewares=unichain-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
unichain-mainnet-archive-node:
image: ${UNICHAIN_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${UNICHAIN_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 16789:16789
- 16789:16789/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${UNICHAIN_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=130
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://unichain-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16789
- KONA_NODE_P2P_LISTEN_UDP_PORT=16789
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- unichain-mainnet-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.unichain-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/unichain-mainnet-archive/node
- traefik.http.services.unichain-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/unichain-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/unichain-mainnet-archive/node`)}
- traefik.http.routers.unichain-mainnet-op-geth-archive-leveldb-hash-node.middlewares=unichain-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
unichain-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: unichain
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

261
op/geth/unichain-mainnet-op-geth-pruned-pebble-path--kona--fireeth.yml Normal file
View File

@@ -0,0 +1,261 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/unichain-mainnet-op-geth-pruned-pebble-path--kona--fireeth.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/unichain-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
unichain-mainnet:
image: ${UNICHAIN_FIREETH_IMAGE:-ghcr.io/streamingfast/go-ethereum}:${UNICHAIN_MAINNET_FIREETH_VERSION:-v2.12.4-optimism-v1.101511.0-op-node.v1.13.3-1}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 10954:10954
- 10954:10954/udp
expose:
- 8545
- 6060
- 8551
- 10010
environment:
- GETH_OP_NETWORK=unichain-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://mainnet.unichain.org
entrypoint: [sh, -c, exec fireeth start reader-node --reader-node-arguments "$*", _]
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=10954
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=full
- --vmtrace=firehose
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${UNICHAIN_MAINNET_FIREETH_DATA:-unichain-mainnet-fireeth}:/app/firehose-data
- ${UNICHAIN_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-unichain-mainnet-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.unichain-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/unichain-mainnet
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/unichain-mainnet`) || Path(`/unichain-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.rule=Path(`/unichain-mainnet`) || Path(`/unichain-mainnet/`)}
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.middlewares=unichain-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
unichain-mainnet-firehose:
image: ${UNICHAIN_FIREETH_IMAGE:-ghcr.io/streamingfast/go-ethereum}:${UNICHAIN_MAINNET_FIREETH_VERSION:-v2.12.4-optimism-v1.101511.0-op-node.v1.13.3-1}
expose:
- 10015
- 10014
environment:
- ${UNICHAIN_MAINNET_FIREETH_BLOCKS_STORE:-/app/firehose-data/storage/merged-blocks}
entrypoint: [sh, -c, exec fireeth --config-file="" --log-to-file=false start firehose index-builder relayer merger $@, _]
command:
- --firehose-rate-limit-bucket-fill-rate=${UNICHAIN_MAINNET_FIREHOSE_RATE_LIMIT_BUCKET_FILL_RATE:-1s}
- --firehose-rate-limit-bucket-size=${UNICHAIN_MAINNET_FIREHOSE_RATE_LIMIT_BUCKET_SIZE:-200}
- --log-to-file=false
- --relayer-source=unichain-mainnet:10010
restart: unless-stopped
depends_on:
- unichain-mainnet
networks:
- chains
volumes:
- ${UNICHAIN_MAINNET_FIREETH_DATA:-unichain-mainnet-fireeth}:/app/firehose-data
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=false
- traefik.enable=true
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path-firehose.loadbalancer.server.scheme=h2c
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-firehose.service=unichain-mainnet-op-geth-pruned-pebble-path-firehose
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path-firehose.loadbalancer.server.port=10015
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-firehose.entrypoints=grpc
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-firehose.tls.certresolver=myresolver}
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-firehose.rule=Host(`unichain-mainnet-firehose.${DOMAIN}`)
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-firehose.middlewares=ipallowlist
unichain-mainnet-events:
image: ${UNICHAIN_FIREETH_IMAGE:-ghcr.io/streamingfast/go-ethereum}:${UNICHAIN_MAINNET_FIREETH_VERSION:-v2.12.4-optimism-v1.101511.0-op-node.v1.13.3-1}
expose:
- 10016
entrypoint: [sh, -c, exec fireeth --config-file="" --log-to-file=false start substreams-tier1 substreams-tier2 $@, _]
command:
- --common-live-blocks-addr=unichain-mainnet-firehose:10014
- --log-to-file=false
- --substreams-block-execution-timeout=${UNICHAIN_MAINNET_SUBSTREAMS_BLOCK_EXECUTION_TIMEOUT:-3m0s}
- --substreams-rpc-endpoints=${UNICHAIN_MAINNET_EXECUTION_ARCHIVE_RPC}
- --substreams-tier1-max-subrequests=${UNICHAIN_MAINNET_SUBSTREAMS_TIER1_MAX_SUBREQUESTS:-4}
restart: unless-stopped
depends_on:
- unichain-mainnet
networks:
- chains
volumes:
- ${UNICHAIN_MAINNET_FIREETH_DATA:-unichain-mainnet-fireeth}:/app/firehose-data
logging: *logging-defaults
labels:
- traefik.enable=true
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path-events.loadbalancer.server.scheme=h2c
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-events.service=unichain-mainnet-op-geth-pruned-pebble-path-events
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path-events.loadbalancer.server.port=10016
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-events.entrypoints=grpc
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-events.tls.certresolver=myresolver}
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-events.rule=Host(`unichain-mainnet-events.${DOMAIN}`)
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-events.middlewares=ipallowlist
unichain-mainnet-node:
image: ${UNICHAIN_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${UNICHAIN_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 15954:15954
- 15954:15954/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${UNICHAIN_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=130
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://unichain-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=15954
- KONA_NODE_P2P_LISTEN_UDP_PORT=15954
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- unichain-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.unichain-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/unichain-mainnet/node
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/unichain-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/unichain-mainnet/node`)}
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.middlewares=unichain-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
unichain-mainnet-op-geth-pruned-pebble-path:
unichain-mainnet-op-geth-pruned-pebble-path_fireeth:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: unichain
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

196
op/geth/unichain-mainnet-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,196 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/unichain-mainnet-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/unichain-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
unichain-mainnet:
image: ${UNICHAIN_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${UNICHAIN_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 10954:10954
- 10954:10954/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=unichain-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://mainnet.unichain.org
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=10954
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${UNICHAIN_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-unichain-mainnet-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.unichain-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/unichain-mainnet
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/unichain-mainnet`) || Path(`/unichain-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.rule=Path(`/unichain-mainnet`) || Path(`/unichain-mainnet/`)}
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path.middlewares=unichain-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
unichain-mainnet-node:
image: ${UNICHAIN_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${UNICHAIN_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 15954:15954
- 15954:15954/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${UNICHAIN_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=130
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://unichain-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=15954
- KONA_NODE_P2P_LISTEN_UDP_PORT=15954
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- unichain-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.unichain-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/unichain-mainnet/node
- traefik.http.services.unichain-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/unichain-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/unichain-mainnet/node`)}
- traefik.http.routers.unichain-mainnet-op-geth-pruned-pebble-path-node.middlewares=unichain-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
unichain-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: unichain
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

194
op/geth/worldchain-mainnet-op-geth-archive-leveldb-hash--kona.yml Normal file
View File

@@ -0,0 +1,194 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/worldchain-mainnet-op-geth-archive-leveldb-hash--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/worldchain-mainnet-archive \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
worldchain-mainnet-archive:
image: ${WORLDCHAIN_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${WORLDCHAIN_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 13162:13162
- 13162:13162/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=worldchain-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://worldchain-mainnet.g.alchemy.com/public
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=leveldb
- --gcmode=archive
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=13162
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=hash
- --syncmode=full
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${WORLDCHAIN_MAINNET_OP_GETH_ARCHIVE_LEVELDB_HASH_DATA:-worldchain-mainnet-op-geth-archive-leveldb-hash}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.worldchain-mainnet-op-geth-archive-leveldb-hash-stripprefix.stripprefix.prefixes=/worldchain-mainnet-archive
- traefik.http.services.worldchain-mainnet-op-geth-archive-leveldb-hash.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash.rule=Host(`$DOMAIN`) && (Path(`/worldchain-mainnet-archive`) || Path(`/worldchain-mainnet-archive/`))}
- ${NO_SSL:+traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash.rule=Path(`/worldchain-mainnet-archive`) || Path(`/worldchain-mainnet-archive/`)}
- traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash.middlewares=worldchain-mainnet-op-geth-archive-leveldb-hash-stripprefix, ipallowlist
worldchain-mainnet-archive-node:
image: ${WORLDCHAIN_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${WORLDCHAIN_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 18162:18162
- 18162:18162/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${WORLDCHAIN_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=480
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://worldchain-mainnet-archive:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=18162
- KONA_NODE_P2P_LISTEN_UDP_PORT=18162
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- worldchain-mainnet-archive
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.worldchain-mainnet-op-geth-archive-leveldb-hash-node-stripprefix.stripprefix.prefixes=/worldchain-mainnet-archive/node
- traefik.http.services.worldchain-mainnet-op-geth-archive-leveldb-hash-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash-node.rule=Host(`$DOMAIN`) && PathPrefix(`/worldchain-mainnet-archive/node`)}
- ${NO_SSL:+traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash-node.rule=PathPrefix(`/worldchain-mainnet-archive/node`)}
- traefik.http.routers.worldchain-mainnet-op-geth-archive-leveldb-hash-node.middlewares=worldchain-mainnet-op-geth-archive-leveldb-hash-node-stripprefix, ipallowlist
volumes:
worldchain-mainnet-op-geth-archive-leveldb-hash:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: worldchain
method-groups:
enabled:
- debug
- filter
methods:
disabled:
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...

196
op/geth/worldchain-mainnet-op-geth-pruned-pebble-path--kona.yml Normal file
View File

@@ -0,0 +1,196 @@
---
x-logging-defaults: &logging-defaults
driver: json-file
options:
max-size: "10m"
max-file: "3"
# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:op/geth/worldchain-mainnet-op-geth-pruned-pebble-path--kona.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/worldchain-mainnet \
# -H "Content-Type: application/json" \
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
services:
worldchain-mainnet:
image: ${WORLDCHAIN_GETH_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/op-geth}:${WORLDCHAIN_MAINNET_GETH_VERSION:-v1.101702.2}
sysctls:
# TCP Performance
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
net.core.somaxconn: 32768 # Higher connection queue
# Memory/Connection Management
# net.core.netdev_max_backlog: 50000 # Increase network buffer
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
ulimits:
nofile: 1048576 # Max open files (for RPC/WS connections)
user: root
ports:
- 11096:11096
- 11096:11096/udp
expose:
- 8545
- 6060
- 8551
environment:
- GETH_OP_NETWORK=worldchain-mainnet
- GETH_ROLLUP_DISABLETXPOOLGOSSIP=true
- GETH_ROLLUP_SEQUENCERHTTP=https://worldchain-mainnet.g.alchemy.com/public
entrypoint: /bin/sh -c 'exec geth "$@"' --
command:
- --datadir=/data
- --db.engine=pebble
- --gcmode=full
- --maxpeers=50
- --metrics
- --metrics.addr=0.0.0.0
- --metrics.port=6060
- --nat=extip:${IP}
- --port=11096
- --rpc.gascap=600000000
- --rpc.txfeecap=0
- --state.scheme=path
- --syncmode=snap
- --http
- --http.addr=0.0.0.0
- --http.api=eth,net,web3,debug,admin,txpool,engine
- --http.port=8545
- --http.vhosts=*
- --ws
- --ws.addr=0.0.0.0
- --ws.api=eth,net,web3,debug,admin,txpool,engine
- --ws.origins=*
- --ws.port=8545
- --authrpc.addr=0.0.0.0
- --authrpc.jwtsecret=/jwtsecret
- --authrpc.vhosts=*
restart: unless-stopped
stop_grace_period: 5m
networks:
- chains
volumes:
- ${WORLDCHAIN_MAINNET_OP_GETH_PRUNED_PEBBLE_PATH_DATA:-worldchain-mainnet-op-geth-pruned-pebble-path}:/data
- .jwtsecret:/jwtsecret:ro
- /slowdisk:/slowdisk
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=6060
- prometheus-scrape.path=/debug/metrics/prometheus
- traefik.enable=true
- traefik.http.middlewares.worldchain-mainnet-op-geth-pruned-pebble-path-stripprefix.stripprefix.prefixes=/worldchain-mainnet
- traefik.http.services.worldchain-mainnet-op-geth-pruned-pebble-path.loadbalancer.server.port=8545
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path.rule=Host(`$DOMAIN`) && (Path(`/worldchain-mainnet`) || Path(`/worldchain-mainnet/`))}
- ${NO_SSL:+traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path.rule=Path(`/worldchain-mainnet`) || Path(`/worldchain-mainnet/`)}
- traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path.middlewares=worldchain-mainnet-op-geth-pruned-pebble-path-stripprefix, ipallowlist
worldchain-mainnet-node:
image: ${WORLDCHAIN_KONA_IMAGE:-us-docker.pkg.dev/oplabs-tools-artifacts/images/kona-node}:${WORLDCHAIN_MAINNET_KONA_VERSION:-v1.6.0}
ports:
- 16096:16096
- 16096:16096/udp
environment:
- KONA_METRICS_ADDR=0.0.0.0
- KONA_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
- KONA_NODE_L1_ETH_RPC=${WORLDCHAIN_MAINNET_L1_EXECUTION_RPC:-${ETHEREUM_MAINNET_EXECUTION_RPC}}
- KONA_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
- KONA_NODE_L2_CHAIN_ID=480
- KONA_NODE_L2_ENGINE_AUTH=/jwtsecret
- KONA_NODE_L2_ENGINE_RPC=http://worldchain-mainnet:8551
- KONA_NODE_L2_ENGINE_TIMEOUT=120000
- KONA_NODE_L2_TRUST_RPC=true
- KONA_NODE_METRICS_PORT=7300
- KONA_NODE_MODE=verifier
- KONA_NODE_P2P_ADVERTISE_IP=${IP}
- KONA_NODE_P2P_LISTEN_IP=0.0.0.0
- KONA_NODE_P2P_LISTEN_TCP_PORT=16096
- KONA_NODE_P2P_LISTEN_UDP_PORT=16096
- KONA_NODE_RPC_ADDR=0.0.0.0
- KONA_NODE_RPC_PORT=9545
entrypoint: [kona-node, node]
restart: unless-stopped
depends_on:
- worldchain-mainnet
networks:
- chains
volumes:
- .jwtsecret:/jwtsecret:ro
logging: *logging-defaults
labels:
- prometheus-scrape.enabled=true
- prometheus-scrape.port=7300
- prometheus-scrape.path=/metrics
- traefik.enable=true
- traefik.http.middlewares.worldchain-mainnet-op-geth-pruned-pebble-path-node-stripprefix.stripprefix.prefixes=/worldchain-mainnet/node
- traefik.http.services.worldchain-mainnet-op-geth-pruned-pebble-path-node.loadbalancer.server.port=9545
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path-node.entrypoints=websecure}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path-node.tls.certresolver=myresolver}
- ${NO_SSL:-traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path-node.rule=Host(`$DOMAIN`) && PathPrefix(`/worldchain-mainnet/node`)}
- ${NO_SSL:+traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path-node.rule=PathPrefix(`/worldchain-mainnet/node`)}
- traefik.http.routers.worldchain-mainnet-op-geth-pruned-pebble-path-node.middlewares=worldchain-mainnet-op-geth-pruned-pebble-path-node-stripprefix, ipallowlist
volumes:
worldchain-mainnet-op-geth-pruned-pebble-path:
x-upstreams:
- id: $${ID}
labels:
provider: $${PROVIDER}
connection:
generic:
rpc:
url: $${RPC_URL}
ws:
frameSize: 20Mb
msgSize: 50Mb
url: $${WS_URL}
chain: worldchain
method-groups:
enabled:
- debug
- filter
methods:
disabled:
# not compatible with path state scheme
- name: debug_traceBlockByHash
enabled:
- name: txpool_content # TODO: should be disabled for rollup nodes
# standard geth only
- name: debug_getRawBlock
- name: debug_getRawTransaction
- name: debug_getRawReceipts
- name: debug_getRawHeader
- name: debug_getBadBlocks
# non standard geth only slightly dangerous
- name: debug_intermediateRoots
- name: debug_dumpBlock
# standard geth and erigon
- name: debug_accountRange
- name: debug_getModifiedAccountsByNumber
- name: debug_getModifiedAccountsByHash
# non standard geth and erigon
- name: eth_getRawTransactionByHash
- name: eth_getRawTransactionByBlockHashAndIndex
...