ethereum-rpc-docker/op/geth/boba-mainnet-op-geth-pruned.yml

---
# use at your own risk

services:
  boba-mainnet:
    image: ${BOBA_GETH_IMAGE:-us-docker.pkg.dev/boba-392114/bobanetwork-tools-artifacts/images/op-geth}:${BOBA_MAINNET_GETH_VERSION:-v1.101503.1}
    command:
      - --authrpc.addr=0.0.0.0
      - --authrpc.jwtsecret=/jwtsecret
      - --authrpc.vhosts=*
      - --datadir=/data
      - --db.engine=
      - --gcmode=full
      - --http
      - --http.addr=0.0.0.0
      - --http.api=eth,net,web3,debug,admin,txpool,engine
      - --http.port=8545
      - --http.vhosts=*
      - --maxpeers=50
      - --nat=extip:${IP}
      - --port=10022
      - --rpc.gascap=600000000
      - --rpc.txfeecap=0
      - --state.scheme=
      - --syncmode=snap
      - --ws
      - --ws.addr=0.0.0.0
      - --ws.api=eth,net,web3,debug,admin,txpool,engine
      - --ws.origins=*
      - --ws.port=8545
    entrypoint: [/bin/sh, -c, exec /usr/local/bin/geth "$@"]
    restart: unless-stopped
    user: root
    stop_grace_period: 5m
    networks:
      - chains
    ports:
      - 10022:10022
      - 10022:10022/udp
    expose:
      - 8545
      - 8551
    volumes:
      - ${BOBA_MAINNET_OP_GETH_PRUNED_DATA:-boba-mainnet-op-geth-pruned}:/data
      - .jwtsecret:/jwtsecret:ro
      - /slowdisk:/slowdisk
    environment:
      - GETH_OP_NETWORK=boba-mainnet
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.boba-mainnet-op-geth-pruned-stripprefix.stripprefix.prefixes=/boba-mainnet
      - traefik.http.services.boba-mainnet-op-geth-pruned.loadbalancer.server.port=8545
      - ${NO_SSL:-traefik.http.routers.boba-mainnet-op-geth-pruned.entrypoints=websecure}
      - ${NO_SSL:-traefik.http.routers.boba-mainnet-op-geth-pruned.tls.certresolver=myresolver}
      - ${NO_SSL:-traefik.http.routers.boba-mainnet-op-geth-pruned.rule=Host(`$DOMAIN`) && PathPrefix(`/boba-mainnet`)}
      - ${NO_SSL:+traefik.http.routers.boba-mainnet-op-geth-pruned.rule=PathPrefix(`/boba-mainnet`)}
      - traefik.http.routers.boba-mainnet-op-geth-pruned.middlewares=boba-mainnet-op-geth-pruned-stripprefix, ipwhitelist
    sysctls:
      # TCP Performance
      net.ipv4.tcp_slow_start_after_idle: 0       # Disable slow start after idle
      net.ipv4.tcp_no_metrics_save: 1             # Disable metrics cache
      net.ipv4.tcp_rmem: 4096 87380 16777216      # Increase TCP read buffers
      net.ipv4.tcp_wmem: 4096 87380 16777216      # Increase TCP write buffers
      net.core.somaxconn: 32768                   # Higher connection queue
      # Memory/Connection Management
      # net.core.netdev_max_backlog: 50000          # Increase network buffer
      net.ipv4.tcp_max_syn_backlog: 30000         # More SYN requests
      net.ipv4.tcp_max_tw_buckets: 2000000        # Allow more TIME_WAIT sockets
    ulimits:
      nofile: 1048576    # Max open files (for RPC/WS connections)

  boba-mainnet-node:
    image: ${BOBA_NODE_IMAGE:-us-docker.pkg.dev/boba-392114/bobanetwork-tools-artifacts/images/op-node}:${BOBA_MAINNET_NODE_VERSION:-v1.6.18}
    entrypoint: [op-node]
    restart: unless-stopped
    networks:
      - chains
    ports:
      - 15022:15022
      - 15022:15022/udp
    volumes:
      - .jwtsecret:/jwtsecret:ro
    environment:
      - OP_NODE_L1_BEACON=${ETHEREUM_MAINNET_BEACON_REST}
      - OP_NODE_L1_BEACON_ARCHIVER=${ETHEREUM_MAINNET_BEACON_ARCHIVER}
      - OP_NODE_L1_ETH_RPC=${ETHEREUM_MAINNET_EXECUTION_RPC}
      - OP_NODE_L1_RPC_KIND=${ETHEREUM_MAINNET_EXECUTION_KIND:-basic}
      - OP_NODE_L1_TRUST_RPC=${ETHEREUM_MAINNET_EXECUTION_TRUST:-false}
      - OP_NODE_L2_ENGINE_AUTH=/jwtsecret
      - OP_NODE_L2_ENGINE_RPC=http://boba-mainnet:8551
      - OP_NODE_LOG_LEVEL=info
      - OP_NODE_METRICS_ADDR=0.0.0.0
      - OP_NODE_METRICS_ENABLED=true
      - OP_NODE_METRICS_PORT=7300
      - OP_NODE_NETWORK=boba-mainnet
      - OP_NODE_P2P_ADVERTISE_IP=${IP}
      - OP_NODE_P2P_LISTEN_IP=0.0.0.0
      - OP_NODE_P2P_LISTEN_TCP_PORT=15022
      - OP_NODE_P2P_LISTEN_UDP_PORT=15022
      - OP_NODE_RPC_ADDR=0.0.0.0
      - OP_NODE_RPC_PORT=8545
      - OP_NODE_SNAPSHOT_LOG=/tmp/op-node-snapshot-log
      - OP_NODE_SYNCMODE=execution-layer
      - OP_NODE_VERIFIER_L1_CONFS=0

volumes:
  boba-mainnet-op-geth-pruned:

x-upstreams:
  - id: $${ID}
    labels:
      provider: $${PROVIDER}
    chain:
    method-groups:
      enabled:
        - debug
        - filter
    methods:
      disabled:
      enabled:
        - name: txpool_content # TODO: should be disabled for rollup nodes
        # standard geth only
        - name: debug_getRawBlock
        - name: debug_getRawTransaction
        - name: debug_getRawReceipts
        - name: debug_getRawHeader
        - name: debug_getBadBlocks
        # non standard geth only slightly dangerous
        - name: debug_intermediateRoots
        - name: debug_dumpBlock
        # standard geth and erigon
        - name: debug_accountRange
        - name: debug_getModifiedAccountsByNumber
        - name: debug_getModifiedAccountsByHash
        # non standard geth and erigon
        - name: eth_getRawTransactionByHash
        - name: eth_getRawTransactionByBlockHashAndIndex
...