ethereum-rpc-docker/ethereum/reth/ethereum-mainnet-reth-minimal-trace--nimbus.yml

---
x-logging-defaults: &logging-defaults
  driver: json-file
  options:
    max-size: "10m"
    max-file: "3"
# this is a minimal node, it will not have a full state. you achieve this by removing files form the static_files directory
# it's important to disable certain methods on the rpc server which would otherwise cause issues with the drpc gateway.
# this is why we have a minimal profile that doesn't actually exist in reth.
# This node is built from source with architecture-specific optimizations
# Build command: docker compose build --build-arg ARCH_TARGET=${ARCH_TARGET:-native} ethereum-mainnet-reth-minimal
#
# IMPORTANT: Cache optimization considerations

# If running multiple nodes on the same machine, be aware that:
# - L3 cache is shared across all cores, causing cache contention
# - Multiple nodes compete for cache space, reducing optimization effectiveness

# - Consider CPU pinning to minimize cache conflicts:
#   docker run --cpuset-cpus="0-7" ethereum-mainnet-reth-minimal  # Pin to specific cores
# - For AMD X3D CPUs, CCD0 (cores 0-7) has the 3D V-Cache
# - For multi-node setups, generic builds may perform better than cache-optimized ones

# Usage:
#
# mkdir rpc && cd rpc
#
# git init
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
# git fetch origin vibe
# git checkout origin/vibe
#
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
#
# env
# ...
# IP=$(curl ipinfo.io/ip)
# DOMAIN=${IP}.traefik.me
# COMPOSE_FILE=base.yml:rpc.yml:ethereum/reth/ethereum-mainnet-reth-minimal-trace--nimbus.yml
#
# docker compose up -d
#
# curl -X POST https://${IP}.traefik.me/ethereum-mainnet-reth-minimal \
#   -H "Content-Type: application/json" \
#   --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

services:
  ethereum-mainnet-reth-minimal:
    build:
      context: ./
      dockerfile: reth.Dockerfile
      args:
        LLVM_IMAGE: ${LLVM_IMAGE:-snowstep/llvm}
        LLVM_VERSION: ${LLVM_VERSION:-20250912105042}
        RETH_VERSION: ${ETHEREUM_MAINNET_RETH_VERSION:-v1.9.3}
        RETH_REPO: ${ETHEREUM_MAINNET_RETH_REPO:-https://github.com/paradigmxyz/reth}
        ARCH_TARGET: ${ARCH_TARGET:-native}
        PROFILE: ${RETH_BUILD_PROFILE:-maxperf}
    sysctls:
      # TCP Performance
      net.ipv4.tcp_slow_start_after_idle: 0       # Disable slow start after idle
      net.ipv4.tcp_no_metrics_save: 1             # Disable metrics cache
      net.ipv4.tcp_rmem: 4096 87380 16777216      # Increase TCP read buffers
      net.ipv4.tcp_wmem: 4096 87380 16777216      # Increase TCP write buffers
      net.core.somaxconn: 32768                   # Higher connection queue
      # Memory/Connection Management
      # net.core.netdev_max_backlog: 50000          # Increase network buffer
      net.ipv4.tcp_max_syn_backlog: 30000         # More SYN requests
      net.ipv4.tcp_max_tw_buckets: 2000000        # Allow more TIME_WAIT sockets
    ulimits:
      nofile: 1048576    # Max open files (for RPC/WS connections)
      memlock: -1        # Disable memory locking limits (for in-memory DBs like MDBX)
    user: root
    ports:
      - 14286:14286
      - 14286:14286/udp
    expose:
      - 8545
      - 9001
      - 8551
    entrypoint: [reth, node]
    command:
      - --chain=mainnet
      - --datadir=/root/.local/share/reth
      - --discovery.port=14286
      - --engine.cross-block-cache-size=${ETHEREUM_MAINNET_RETH_STATE_CACHE:-4096}
      - --engine.memory-block-buffer-target=0
      - --engine.persistence-threshold=0
      - --full
      - --max-inbound-peers=50
      - --max-outbound-peers=50
      - --metrics=0.0.0.0:9001
      - --nat=extip:${IP}
      - --port=14286
      - --rpc-cache.max-blocks=10000
      - --rpc-cache.max-concurrent-db-requests=2048
      - --rpc.gascap=600000000
      - --rpc.max-blocks-per-filter=0
      - --rpc.max-connections=50000
      - --rpc.max-logs-per-response=0
      - --http
      - --http.addr=0.0.0.0
      - --http.api=admin,debug,eth,net,trace,txpool,web3,rpc,reth,ots,flashbots,mev
      - --http.corsdomain=*
      - --http.port=8545
      - --ws
      - --ws.addr=0.0.0.0
      - --ws.api=admin,debug,eth,net,trace,txpool,web3,rpc,reth,ots,flashbots,mev
      - --ws.origins=*
      - --ws.port=8545
      - --authrpc.addr=0.0.0.0
      - --authrpc.jwtsecret=/jwtsecret
    restart: unless-stopped
    stop_grace_period: 5m
    networks:
      - chains
    volumes:
      - ${ETHEREUM_MAINNET_RETH_MINIMAL_TRACE_DATA:-ethereum-mainnet-reth-minimal-trace}:/root/.local/share/reth
      - .jwtsecret:/jwtsecret:ro
      - /slowdisk:/slowdisk
    logging: *logging-defaults
    labels:
      - prometheus-scrape.enabled=true
      - prometheus-scrape.port=9001
      - prometheus-scrape.path=/metrics
      - traefik.enable=true
      - traefik.http.middlewares.ethereum-mainnet-reth-minimal-trace-stripprefix.stripprefix.prefixes=/ethereum-mainnet-reth-minimal
      - traefik.http.services.ethereum-mainnet-reth-minimal-trace.loadbalancer.server.port=8545
      - ${NO_SSL:-traefik.http.routers.ethereum-mainnet-reth-minimal-trace.entrypoints=websecure}
      - ${NO_SSL:-traefik.http.routers.ethereum-mainnet-reth-minimal-trace.tls.certresolver=myresolver}
      - ${NO_SSL:-traefik.http.routers.ethereum-mainnet-reth-minimal-trace.rule=Host(`$DOMAIN`) && (Path(`/ethereum-mainnet-reth-minimal`) || Path(`/ethereum-mainnet-reth-minimal/`))}
      - ${NO_SSL:+traefik.http.routers.ethereum-mainnet-reth-minimal-trace.rule=Path(`/ethereum-mainnet-reth-minimal`) || Path(`/ethereum-mainnet-reth-minimal/`)}
      - traefik.http.routers.ethereum-mainnet-reth-minimal-trace.middlewares=ethereum-mainnet-reth-minimal-trace-stripprefix, ipallowlist
    shm_size: 2gb

  ethereum-mainnet-reth-minimal-pruner:
    image: debian:latest
    entrypoint: [/scripts/prune-reth.sh]
    restart: no
    volumes:
      - ./scripts/castrate-reth.sh:/scripts/prune-reth.sh
      - ethereum-mainnet-reth-minimal-trace:/data
    logging: *logging-defaults
    profiles:
      - pruning

  ethereum-mainnet-reth-minimal-node:
    image: ${ETHEREUM_NIMBUS_IMAGE:-statusim/nimbus-eth2}:${ETHEREUM_MAINNET_NIMBUS_VERSION:-multiarch-v25.11.1}
    user: root
    ports:
      - 19286:19286
      - 19286:19286/udp
    expose:
      - 3500
    entrypoint: /bin/sh -c '/home/user/nimbus-eth2/build/nimbus_beacon_node trustedNodeSync --network=mainnet --trusted-node-url=https://mainnet.beaconstate.info --backfill=false; exec /home/user/nimbus-eth2/build/nimbus_beacon_node "$@"' --
    command:
      - --history=prune
      - --jwt-secret=/jwtsecret
      - --metrics-address=0.0.0.0
      - --metrics-port=8008
      - --nat=extip:${IP}
      - --network=mainnet
      - --rest
      - --rest-address=0.0.0.0
      - --rest-port=3500
      - --tcp-port=19286
      - --udp-port=19286
      - --web3-url=http://ethereum-mainnet-reth-minimal:8551
    restart: unless-stopped
    depends_on:
      - ethereum-mainnet-reth-minimal
    networks:
      - chains
    volumes:
      - ${ETHEREUM_MAINNET_RETH_MINIMAL_TRACE__NIMBUS_DATA:-ethereum-mainnet-reth-minimal-trace_nimbus}:/root/.cache/nimbus/BeaconNode
      - .jwtsecret:/jwtsecret:ro
    logging: *logging-defaults
    labels:
      - prometheus-scrape.enabled=true
      - prometheus-scrape.port=8008
      - prometheus-scrape.path=/metrics
      - traefik.enable=true
      - traefik.http.middlewares.ethereum-mainnet-reth-minimal-trace-node-stripprefix.stripprefix.prefixes=/ethereum-mainnet-reth-minimal
      - traefik.http.services.ethereum-mainnet-reth-minimal-trace-node.loadbalancer.server.port=3500
      - ${NO_SSL:-traefik.http.routers.ethereum-mainnet-reth-minimal-trace-node.entrypoints=websecure}
      - ${NO_SSL:-traefik.http.routers.ethereum-mainnet-reth-minimal-trace-node.tls.certresolver=myresolver}
      - ${NO_SSL:-traefik.http.routers.ethereum-mainnet-reth-minimal-trace-node.rule=Host(`$DOMAIN`) && PathPrefix(`/ethereum-mainnet-reth-minimal/eth`)}
      - ${NO_SSL:+traefik.http.routers.ethereum-mainnet-reth-minimal-trace-node.rule=PathPrefix(`/ethereum-mainnet-reth-minimal/eth`)}
      - traefik.http.routers.ethereum-mainnet-reth-minimal-trace-node.middlewares=ethereum-mainnet-reth-minimal-trace-node-stripprefix, ipallowlist

volumes:
  ethereum-mainnet-reth-minimal-trace:
  ethereum-mainnet-reth-minimal-trace_nimbus:

x-upstreams:
  - id: $${ID}
    labels:
      provider: $${PROVIDER}
    connection:
      generic:
        rpc:
          url: $${RPC_URL}
        ws:
          frameSize: 20Mb
          msgSize: 50Mb
          url: $${WS_URL}
    chain: ethereum
    method-groups:
      enabled:
        - debug
        - filter
        - trace
    methods:
      disabled:
        - name: eth_getTransactionByBlockNumberAndIndex
        - name: eth_getBlockByNumber
        - name: eth_getLogs
        - name: eth_getTransactionByBlockNumberAndIndex
        - name: eth_getTransactionByBlockHashAndIndex
        - name: eth_getBlockByNumber
        - name: eth_getLogs
        - name: debug_traceBlockByNumber
        - name: debug_traceBlockByHash
        - name: eth_getTransactionByHash
        - name: debug_getRawTransaction
        - name: debug_getRawReceipts
        - name: eth_getBlockReceipts
        - name: eth_getFilterLogs
        - name: eth_getTransactionReceipt
        - name: trace_get
        - name: trace_replayTransaction
        - name: trace_transaction
        - name: debug_getRawHeader
        - name: eth_getBlockByHash
        - name: eth_getBlockTransactionCountByHash
        - name: eth_getBlockTransactionCountByNumber
      enabled:
        - name: txpool_content # TODO: should be disabled for rollup nodes
  - id: $${ID}-beacon-chain
    chain: eth-beacon-chain
    labels:
      provider: $${PROVIDER}-beacon-chain
    connection:
      generic:
        rpc:
          url: $${RPC_URL}
...