version: '3.1' services: traefik: image: traefik:latest container_name: traefik restart: always ports: - "443:443" - "127.0.0.1:8080:8080" command: - "--api=true" - "--api.insecure=true" - "--api.dashboard=true" - "--log.level=DEBUG" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.websecure.address=:443" - "--entryPoints.metrics.address=:8082" - "--metrics.prometheus.entryPoint=metrics" - "--certificatesresolvers.myresolver.acme.tlschallenge=true" # TESTING # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - "--certificatesresolvers.myresolver.acme.email=$MAIL" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" volumes: - "./traefik/letsencrypt:/letsencrypt" - "/var/run/docker.sock:/var/run/docker.sock:ro" labels: - "traefik.enable=true" ### NODES geth-goerli: image: ethereum/client-go:latest expose: - "8545" - "6060" - "30303" volumes: - geth-goerli:/.goerli command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3 --metrics.addr 0.0.0.0 --pprof.addr 0.0.0.0" labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.geth-goerli-stripprefix.stripprefix.prefixes=/goerli" - "traefik.http.services.geth-goerli.loadbalancer.server.port=8545" - "traefik.http.routers.geth-goerli.entrypoints=websecure" - "traefik.http.routers.geth-goerli.tls.certresolver=myresolver" - "traefik.http.routers.geth-goerli.rule=Host(`$DOMAIN`) && PathPrefix(`/goerli`)" - "traefik.http.routers.geth-goerli.middlewares=geth-goerli-stripprefix, ipwhitelist" geth-rinkeby: image: ethereum/client-go:latest expose: - "8545" - "6060" - "30303" volumes: - geth-rinkeby:/.rinkeby command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3 --metrics.addr 0.0.0.0 --pprof.addr 0.0.0.0" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.geth-rinkeby-stripprefix.stripprefix.prefixes=/rinkeby" - "traefik.http.services.geth-rinkeby.loadbalancer.server.port=8545" - "traefik.http.routers.geth-rinkeby.entrypoints=websecure" - "traefik.http.routers.geth-rinkeby.tls.certresolver=myresolver" - "traefik.http.routers.geth-rinkeby.rule=Host(`$DOMAIN`) && PathPrefix(`/rinkeby`)" - "traefik.http.routers.geth-rinkeby.middlewares=geth-rinkeby-stripprefix, ipwhitelist" geth-ropsten: image: ethereum/client-go:latest expose: - "8545" - "6060" - "30303" volumes: - geth-ropsten:/.ropsten command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3 --metrics.addr 0.0.0.0 --pprof.addr 0.0.0.0" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.geth-ropsten-stripprefix.stripprefix.prefixes=/ropsten" - "traefik.http.services.geth-ropsten.loadbalancer.server.port=8545" - "traefik.http.routers.geth-ropsten.entrypoints=websecure" - "traefik.http.routers.geth-ropsten.tls.certresolver=myresolver" - "traefik.http.routers.geth-ropsten.rule=Host(`$DOMAIN`) && PathPrefix(`/ropsten`)" - "traefik.http.routers.geth-ropsten.middlewares=geth-ropsten-stripprefix, ipwhitelist" geth-mainnet: image: ethereum/client-go:latest expose: - "8545" - "8546" - "6060" - "30303" volumes: - geth-mainnet:/.mainnet command: "--http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3 --metrics.addr 0.0.0.0 --pprof.addr 0.0.0.0" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.geth-mainnet-stripprefix.stripprefix.prefixes=/geth" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.services.geth-mainnet.loadbalancer.server.port=8545" - "traefik.http.routers.geth-mainnet.entrypoints=websecure" - "traefik.http.routers.geth-mainnet.tls.certresolver=myresolver" - "traefik.http.routers.geth-mainnet.rule=Host(`$DOMAIN`) && PathPrefix(`/geth`)" - "traefik.http.routers.geth-mainnet.middlewares=geth-mainnet-stripprefix, ipwhitelist" xdai: image: nethermind/nethermind:latest expose: - "8545" - "40444" ports: - "40444:40444" - "40444:40444/udp" volumes: - xdai:/nethermind_db/xdai - ./xdai/xdai.cfg:/xdai.cfg - ./xdai/xdai.json:/xdai.json command: "--config /xdai.cfg" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.xdai-stripprefix.stripprefix.prefixes=/xdai" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.services.xdai.loadbalancer.server.port=8545" - "traefik.http.routers.xdai.entrypoints=websecure" - "traefik.http.routers.xdai.tls.certresolver=myresolver" - "traefik.http.routers.xdai.rule=Host(`$DOMAIN`) && PathPrefix(`/xdai`)" - "traefik.http.routers.xdai.middlewares=xdai-stripprefix, ipwhitelist" harmony-mainnet: build: ./harmony/build sysctls: net.core.somaxconn: 1024 # net.core.netdev_max_backlog: 65536 net.ipv4.tcp_tw_reuse: 1 net.ipv4.tcp_rmem: 4096 65536 16777216 net.ipv4.tcp_wmem: 4096 65536 16777216 # net.ipv4.tcp_mem: 65536 131072 262144 ulimits: nproc: 65535 nofile: soft: 65535 hard: 65535 expose: - "9500" - "9000" - "6000" - "30303" volumes: - ./harmony/harmony_db_0:/harmony/harmony_db_0 - ./harmony/log:/harmony/log restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.harmony-mainnet-stripprefix.stripprefix.prefixes=/harmony" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.services.harmony-mainnet.loadbalancer.server.port=9500" - "traefik.http.routers.harmony-mainnet.entrypoints=websecure" - "traefik.http.routers.harmony-mainnet.tls.certresolver=myresolver" - "traefik.http.routers.harmony-mainnet.rule=Host(`$DOMAIN`) && PathPrefix(`/harmony`)" - "traefik.http.routers.harmony-mainnet.middlewares=harmony-mainnet-stripprefix, ipwhitelist" erigon-trace: image: thorax/erigon expose: - "30303" - "30304" - "9090" volumes: - erigon-trace:/home/erigon/.local/share/erigon command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 restart: unless-stopped rpcdaemon: image: thorax/erigon:latest command: rpcdaemon --datadir=/home/erigon/.local/share/erigon --private.api.addr=erigon-trace:9090 --txpool.api.addr=erigon-trace:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,erigon,web3,net,debug,trace,txpool --ws pid: service:erigon-trace # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) volumes: - erigon-trace:/home/erigon/.local/share/erigon expose: - "8545" restart: unless-stopped depends_on: - "erigon-trace" labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.rpcdaemon-stripprefix.stripprefix.prefixes=/erigon" - "traefik.http.services.rpcdaemon.loadbalancer.server.port=8545" - "traefik.http.routers.rpcdaemon.entrypoints=websecure" - "traefik.http.routers.rpcdaemon.tls.certresolver=myresolver" - "traefik.http.routers.rpcdaemon.rule=Host(`$DOMAIN`) && PathPrefix(`/erigon`)" - "traefik.http.routers.rpcdaemon.middlewares=rpcdaemon-stripprefix, ipwhitelist" avalanche: image: avaplatform/avalanchego expose: - "9650" - "9651" ports: - "9651:9651/tcp" - "9651:9651/udp" volumes: - avalanche:/root/.avalanchego command: "/avalanchego/build/avalanchego --http-host=" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.avalanche-stripprefix.stripprefix.prefixes=/avalanche" - "traefik.http.services.avalanche.loadbalancer.server.port=8545" - "traefik.http.routers.avalanche.entrypoints=websecure" - "traefik.http.routers.avalanche.tls.certresolver=myresolver" - "traefik.http.routers.avalanche.rule=Host(`$DOMAIN`) && PathPrefix(`/avalanche`)" - "traefik.http.routers.avalanche.middlewares=avalanche-stripprefix, ipwhitelist" # wants tcp and udp port bindings on 30303 binance-smart-chain: image: dysnix/bsc expose: - "8545" - "8546" - "30303" volumes: - /root/bsc-datadir:/datadir - /root/bsc-config.toml:/config.toml command: "--cache 18000 --rpc --rpcaddr=\"0.0.0.0\" --rpc.allow-unprotected-txs --txlookuplimit 0 --syncmode snap --config /config.toml --datadir /datadir" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.bsc-stripprefix.stripprefix.prefixes=/bsc" - "traefik.http.services.bsc.loadbalancer.server.port=8545" - "traefik.http.routers.bsc.entrypoints=websecure" - "traefik.http.routers.bsc.tls.certresolver=myresolver" - "traefik.http.routers.bsc.rule=Host(`$DOMAIN`) && PathPrefix(`/bsc`)" - "traefik.http.routers.bsc.middlewares=avalanche-stripprefix, ipwhitelist" pocket-testnet: image: poktnetwork/pocket-core:stagenet-latest ports: - "127.0.0.1:8082:8081" - "26657:26656" expose: - 26656 - 8081 command: pocket start --seeds=$POCKET_TEST_SEEDS --testnet #command: pocket start --simulateRelay environment: - POCKET_CORE_KEY=$POCKET_CORE_KEY_TEST - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE_TEST volumes: - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json - pocket-testnet:/home/app/.pocket restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.pocket-testnet-stripprefix.stripprefix.prefixes=/pokttest" - "traefik.http.services.pocket-testnet.loadbalancer.server.port=8081" - "traefik.http.routers.pocket-testnet.entrypoints=websecure" - "traefik.http.routers.pocket-testnet.tls.certresolver=myresolver" - "traefik.http.routers.pocket-testnet.rule=Host(`$DOMAIN`) && PathPrefix(`/pokttest`)" - "traefik.http.routers.pocket-testnet.middlewares=pocket-testnet-stripprefix, ipwhitelist" pocket-mainnet: image: poktnetwork/pocket-core:stagenet-latest ports: - "127.0.0.1:8081:8081" - "26656:26656" expose: - 26656 - 8081 command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet #command: pocket start --simulateRelay environment: - POCKET_CORE_KEY=$POCKET_CORE_KEY - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE - POCKET_SNAPSHOT=$POCKET_SNAPSHOT volumes: - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json - ./pokt/config.json:/home/app/.pocket/config/config.json - pocket-mainnet:/home/app/.pocket labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.pocket-mainnet-stripprefix.stripprefix.prefixes=/pokt" - "traefik.http.services.pocket-mainner.loadbalancer.server.port=8081" - "traefik.http.routers.pocket-mainnet.entrypoints=websecure" - "traefik.http.routers.pocket-mainnet.tls.certresolver=myresolver" - "traefik.http.routers.pocket-mainnet.rule=Host(`$DOMAIN`) && PathPrefix(`/pokt`)" - "traefik.http.routers.pocket-mainnet.middlewares=pocket-mainnet-stripprefix, ipwhitelist" restart: unless-stopped fusenetstat: image: fusenet/netstat:1.0.0 command: "--instance-name 0xeb5Ca1d019e9D8b9aa9C47991993C84d1062628d --role node --parity-version 2.0.1 --fuseapp-version 1.0.0 --netstats-version 1.0.0" network_mode: "service:fusenet" restart: unless-stopped depends_on: - fusenet # wants udp and tcp port bindings on 30303 fusenet: image: fusenet/node:2.0.1 expose: - "8545" - "8546" - "30303" environment: - HOME=/home/parity - PARITY_HOME_DIR=/home/parity/.local/share/io.parity.ethereum - PARITY_CONFIG_FILE_CHAIN=/home/parity/.local/share/io.parity.ethereum/spec.json - PARITY_CONFIG_FILE_BOOTNODES=/home/parity/.local/share/io.parity.ethereum/bootnodes.txt - PARITY_CONFIG_FILE_TEMPLATE=/home/parity/.local/share/io.parity.ethereum/config_template.toml - PARITY_DATA_DIR=/home/parity/.local/share/io.parity.ethereum/chains - PARITY_BIN=/usr/local/bin/parity - PARITY_WRAPPER_SCRIPT=/home/parity/parity_wrapper.sh volumes: - /root/fusenet/database:/data - /root/fusenet/config:/config/custom command: "--role node --parity-args --no-warp --node-key 0xeb5Ca1d019e9D8b9aa9C47991993C84d1062628d --jsonrpc-threads 1 --jsonrpc-server-threads 4" restart: unless-stopped labels: - "traefik.enable=true" - "traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange=$WHITELIST" - "traefik.http.middlewares.fuse-stripprefix.stripprefix.prefixes=/fuse" - "traefik.http.services.fuse.loadbalancer.server.port=8545" - "traefik.http.routers.fuse.entrypoints=websecure" - "traefik.http.routers.fuse.tls.certresolver=myresolver" - "traefik.http.routers.fuse.rule=Host(`$DOMAIN`) && PathPrefix(`/fuse`)" - "traefik.http.routers.fuse.middlewares=fuse-stripprefix, ipwhitelist" ### WIREGUARD wireguard: image: lscr.io/linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=$PUID - PGID=$PGID volumes: - ./wireguard/config/wg0.conf:/config/wg0.conf - /lib/modules:/lib/modules # Expose prometheus port expose: - 9090 ports: - $SERVERPORT:$SERVERPORT/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped ### MONITORING prometheus: image: prom/prometheus:v2.30.3 container_name: prometheus volumes: - ./prometheus/prometheus-rpc.yml:/etc/prometheus/prometheus.yml - prometheus_data:/prometheus command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/etc/prometheus/console_libraries' - '--web.console.templates=/etc/prometheus/consoles' - '--storage.tsdb.retention.time=200h' - '--web.enable-lifecycle' restart: unless-stopped network_mode: "service:wireguard" labels: org.label-schema.group: "monitoring" depends_on: - wireguard nodeexporter: image: prom/node-exporter:v1.2.2 container_name: nodeexporter volumes: - /proc:/host/proc:ro - /sys:/host/sys:ro - /:/rootfs:ro command: - '--path.procfs=/host/proc' - '--path.rootfs=/rootfs' - '--path.sysfs=/host/sys' - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' restart: unless-stopped expose: - 9100 labels: org.label-schema.group: "monitoring" cadvisor: image: gcr.io/cadvisor/cadvisor:v0.42.0 container_name: cadvisor privileged: true devices: - /dev/kmsg:/dev/kmsg volumes: - /:/rootfs:ro - /var/run:/var/run:ro - /sys:/sys:ro - /var/lib/docker:/var/lib/docker:ro #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux restart: unless-stopped expose: - 8080 labels: org.label-schema.group: "monitoring" pushgateway: image: prom/pushgateway:v1.4.2 container_name: pushgateway restart: unless-stopped expose: - 9091 labels: org.label-schema.group: "monitoring" ### VOLUMES volumes: xdai: geth-goerli: geth-rinkeby: geth-ropsten: geth-mainnet: erigon-trace: avalanche: pocket-testnet: pocket-mainnet: prometheus_data: