Claude Agent
53697cb40d
The rsksmart/rskj:VETIVER-9.0.1 image bakes an env var:
RSKJ_SYS_PROPS=-Drpc.providers.web.http.bind_address=0.0.0.0
-Drpc.providers.web.http.hosts.0=localhost
-Drpc.providers.web.http.hosts.1=127.0.0.1
-Drpc.providers.web.http.hosts.2=::1
These JVM -D system properties take precedence over /etc/rsk/node.conf
in HOCON, so the Host whitelist always resolves to {localhost,127.0.0.1,::1}.
Result: traefik routing to rskj at IP rootstock-mainnet-client:8545
arrives with Host header that doesn't match those three. rskj returns
HTTP 400, traefik translates to 502 Bad Gateway.
Override the env var in the compose template so the http hosts whitelist
contains '*' (any host). Traefik's ipallowlist middleware is the actual
gatekeeper. Affects rootstock-mainnet AND rootstock-bamboo.
133 lines
5.2 KiB
YAML
133 lines
5.2 KiB
YAML
---
|
|
x-logging-defaults: &logging-defaults
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# Usage:
|
|
#
|
|
# mkdir rpc && cd rpc
|
|
#
|
|
# git init
|
|
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
|
|
# git fetch origin vibe
|
|
# git checkout origin/vibe
|
|
#
|
|
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
|
|
#
|
|
# env
|
|
# ...
|
|
# IP=$(curl ipinfo.io/ip)
|
|
# DOMAIN=${IP}.traefik.me
|
|
# COMPOSE_FILE=base.yml:rpc.yml:rootstock/rskj/rootstock-bamboo-rskj-archive.yml
|
|
#
|
|
# docker compose up -d
|
|
#
|
|
# curl -X POST https://${IP}.traefik.me/rootstock-bamboo \
|
|
# -H "Content-Type: application/json" \
|
|
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
|
|
|
|
services:
|
|
rootstock-bamboo-client:
|
|
image: ${ROOTSTOCK_RSKJ_IMAGE:-rsksmart/rskj}:${ROOTSTOCK_BAMBOO_RSKJ_VERSION:-VETIVER-9.0.1}
|
|
sysctls:
|
|
# TCP Performance
|
|
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
|
|
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
|
|
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
|
|
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
|
|
net.core.somaxconn: 32768 # Higher connection queue
|
|
# Memory/Connection Management
|
|
# net.core.netdev_max_backlog: 50000 # Increase network buffer
|
|
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
|
|
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
|
|
ulimits:
|
|
nofile: 1048576 # Max open files (for RPC/WS connections)
|
|
user: root
|
|
ports:
|
|
- 16093:16093
|
|
- 16093:16093/udp
|
|
expose:
|
|
- 8545
|
|
- 8546
|
|
environment:
|
|
RSKJ_SYS_PROPS: -Drpc.providers.web.http.bind_address=0.0.0.0 -Drpc.providers.web.http.hosts.0=*
|
|
restart: unless-stopped
|
|
stop_grace_period: 5m
|
|
networks:
|
|
- chains
|
|
volumes:
|
|
- ${ROOTSTOCK_BAMBOO_RSKJ_ARCHIVE_DATA:-rootstock-bamboo-rskj-archive}:/var/lib/rsk/database/testnet
|
|
- ./rootstock/bamboo/node.conf:/etc/rsk/node.conf
|
|
- ./rootstock/bamboo:/config
|
|
- /slowdisk:/slowdisk
|
|
logging: *logging-defaults
|
|
labels:
|
|
- prometheus-scrape.enabled=false
|
|
|
|
rootstock-bamboo:
|
|
image: nginx
|
|
expose:
|
|
- '80'
|
|
environment:
|
|
PROXY_HOST: rootstock-bamboo-client
|
|
RPC_PATH: /
|
|
RPC_PORT: 8545
|
|
WS_PATH: /
|
|
WS_PORT: 8546
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- rootstock-bamboo-client
|
|
networks:
|
|
- chains
|
|
volumes:
|
|
- ./nginx-proxy:/etc/nginx/templates
|
|
logging: *logging-defaults
|
|
labels:
|
|
- prometheus-scrape.enabled=false
|
|
- traefik.enable=true
|
|
- traefik.http.middlewares.rootstock-bamboo-rskj-archive-host.headers.customrequestheaders.Host=localhost
|
|
- traefik.http.middlewares.rootstock-bamboo-rskj-archive-stripprefix.stripprefix.prefixes=/rootstock-bamboo
|
|
- traefik.http.services.rootstock-bamboo-rskj-archive.loadbalancer.server.port=8545
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-bamboo-rskj-archive.entrypoints=websecure}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-bamboo-rskj-archive.tls.certresolver=myresolver}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-bamboo-rskj-archive.rule=Host(`$DOMAIN`) && (Path(`/rootstock-bamboo`) || Path(`/rootstock-bamboo/`))}
|
|
- ${NO_SSL:+traefik.http.routers.rootstock-bamboo-rskj-archive.rule=Path(`/rootstock-bamboo`) || Path(`/rootstock-bamboo/`)}
|
|
- traefik.http.routers.rootstock-bamboo-rskj-archive.middlewares=rootstock-bamboo-rskj-archive-stripprefix, rootstock-bamboo-rskj-archive-host, ipallowlist
|
|
- traefik.http.routers.rootstock-bamboo-rskj-archive.priority=50
|
|
- traefik.http.routers.rootstock-bamboo-rskj-archive-ws.priority=100
|
|
- traefik.http.services.rootstock-bamboo-rskj-archive-ws.loadbalancer.server.port=8546
|
|
- traefik.http.routers.rootstock-bamboo-rskj-archive-ws.service=rootstock-bamboo-rskj-archive-ws
|
|
- traefik.http.routers.rootstock-bamboo-rskj-archive.service=rootstock-bamboo-rskj-archive
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-bamboo-rskj-archive-ws.entrypoints=websecure}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-bamboo-rskj-archive-ws.tls.certresolver=myresolver}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-bamboo-rskj-archive-ws.rule=Host(`$DOMAIN`) && (Path(`/rootstock-bamboo`) || Path(`/rootstock-bamboo/`)) && Headers(`Upgrade`, `websocket`)}
|
|
- ${NO_SSL:+traefik.http.routers.rootstock-bamboo-rskj-archive-ws.rule=(Path(`/rootstock-bamboo`) || Path(`/rootstock-bamboo/`)) && Headers(`Upgrade`, `websocket`)}
|
|
- traefik.http.routers.rootstock-bamboo-rskj-archive-ws.middlewares=rootstock-bamboo-rskj-archive-stripprefix, rootstock-bamboo-rskj-archive-host, ipallowlist
|
|
|
|
volumes:
|
|
rootstock-bamboo-rskj-archive:
|
|
|
|
x-upstreams:
|
|
- id: $${ID}
|
|
labels:
|
|
provider: $${PROVIDER}
|
|
connection:
|
|
generic:
|
|
rpc:
|
|
url: $${RPC_URL}
|
|
ws:
|
|
frameSize: 20Mb
|
|
msgSize: 50Mb
|
|
url: $${WS_URL}
|
|
chain: rootstock
|
|
method-groups:
|
|
enabled:
|
|
- debug
|
|
- filter
|
|
methods:
|
|
disabled:
|
|
enabled:
|
|
- name: txpool_content # TODO: should be disabled for rollup nodes
|
|
... |