Claude Agent
20aeedbc9c
The rskj compose has an nginx proxy wrapper in front of the rskj client. The wrapper listens on port 80 and proxies to rskj:8545 internally (this is required because rskj's hosts whitelist is hard-coded to localhost only, so traefik forwards must look local to rskj). Traefik labels were pointing to port 8545, hitting the rskj client directly, which rejected the request because the Host header didn't match localhost. Fix: traefik loadbalancer.server.port now 80 for both rootstock-mainnet and rootstock-bamboo (mirrors the parent rpc-client.yml template's existing client_proxy_required logic, which the rskj client template inadvertently dropped). Verified on de-31: rootstock-mainnet eth_blockNumber returns block 8,872,189 after the fix. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
134 lines
5.2 KiB
YAML
134 lines
5.2 KiB
YAML
---
|
|
x-logging-defaults: &logging-defaults
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
# Usage:
|
|
#
|
|
# mkdir rpc && cd rpc
|
|
#
|
|
# git init
|
|
# git remote add origin https://github.com/StakeSquid/ethereum-rpc-docker.git
|
|
# git fetch origin vibe
|
|
# git checkout origin/vibe
|
|
#
|
|
# docker run --rm alpine sh -c "printf '0x'; head -c32 /dev/urandom | xxd -p -c 64" > .jwtsecret
|
|
#
|
|
# env
|
|
# ...
|
|
# IP=$(curl ipinfo.io/ip)
|
|
# DOMAIN=${IP}.traefik.me
|
|
# COMPOSE_FILE=base.yml:rpc.yml:rootstock/rskj/rootstock-mainnet-rskj-archive.yml
|
|
#
|
|
# docker compose up -d
|
|
#
|
|
# curl -X POST https://${IP}.traefik.me/rootstock-mainnet \
|
|
# -H "Content-Type: application/json" \
|
|
# --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
|
|
|
|
services:
|
|
rootstock-mainnet-client:
|
|
image: ${ROOTSTOCK_RSKJ_IMAGE:-rsksmart/rskj}:${ROOTSTOCK_MAINNET_RSKJ_VERSION:-VETIVER-9.0.1}
|
|
sysctls:
|
|
# TCP Performance
|
|
net.ipv4.tcp_slow_start_after_idle: 0 # Disable slow start after idle
|
|
net.ipv4.tcp_no_metrics_save: 1 # Disable metrics cache
|
|
net.ipv4.tcp_rmem: 4096 87380 16777216 # Increase TCP read buffers
|
|
net.ipv4.tcp_wmem: 4096 87380 16777216 # Increase TCP write buffers
|
|
net.core.somaxconn: 32768 # Higher connection queue
|
|
# Memory/Connection Management
|
|
# net.core.netdev_max_backlog: 50000 # Increase network buffer
|
|
net.ipv4.tcp_max_syn_backlog: 30000 # More SYN requests
|
|
net.ipv4.tcp_max_tw_buckets: 2000000 # Allow more TIME_WAIT sockets
|
|
ulimits:
|
|
nofile: 1048576 # Max open files (for RPC/WS connections)
|
|
user: root
|
|
ports:
|
|
- 3234:3234
|
|
- 3234:3234/udp
|
|
expose:
|
|
- 8545
|
|
- 8546
|
|
environment:
|
|
DOMAIN: ${DOMAIN}
|
|
RSKJ_SYS_PROPS: -Drpc.providers.web.http.bind_address=0.0.0.0
|
|
restart: unless-stopped
|
|
stop_grace_period: 5m
|
|
networks:
|
|
- chains
|
|
volumes:
|
|
- ${ROOTSTOCK_MAINNET_RSKJ_ARCHIVE_DATA:-rootstock-mainnet-rskj-archive}:/var/lib/rsk/database/mainnet
|
|
- ./rootstock/mainnet/node.conf:/etc/rsk/node.conf
|
|
- ./rootstock/mainnet:/config
|
|
- /slowdisk:/slowdisk
|
|
logging: *logging-defaults
|
|
labels:
|
|
- prometheus-scrape.enabled=false
|
|
|
|
rootstock-mainnet:
|
|
image: nginx
|
|
expose:
|
|
- '80'
|
|
environment:
|
|
PROXY_HOST: rootstock-mainnet-client
|
|
RPC_PATH: /
|
|
RPC_PORT: 8545
|
|
WS_PATH: /
|
|
WS_PORT: 8546
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- rootstock-mainnet-client
|
|
networks:
|
|
- chains
|
|
volumes:
|
|
- ./nginx-proxy:/etc/nginx/templates
|
|
logging: *logging-defaults
|
|
labels:
|
|
- prometheus-scrape.enabled=false
|
|
- traefik.enable=true
|
|
- traefik.http.middlewares.rootstock-mainnet-rskj-archive-host.headers.customrequestheaders.Host=localhost
|
|
- traefik.http.middlewares.rootstock-mainnet-rskj-archive-stripprefix.stripprefix.prefixes=/rootstock-mainnet
|
|
- traefik.http.services.rootstock-mainnet-rskj-archive.loadbalancer.server.port=80
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-mainnet-rskj-archive.entrypoints=websecure}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-mainnet-rskj-archive.tls.certresolver=myresolver}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-mainnet-rskj-archive.rule=Host(`$DOMAIN`) && (Path(`/rootstock-mainnet`) || Path(`/rootstock-mainnet/`))}
|
|
- ${NO_SSL:+traefik.http.routers.rootstock-mainnet-rskj-archive.rule=Path(`/rootstock-mainnet`) || Path(`/rootstock-mainnet/`)}
|
|
- traefik.http.routers.rootstock-mainnet-rskj-archive.middlewares=rootstock-mainnet-rskj-archive-stripprefix, rootstock-mainnet-rskj-archive-host, ipallowlist
|
|
- traefik.http.routers.rootstock-mainnet-rskj-archive.priority=50
|
|
- traefik.http.routers.rootstock-mainnet-rskj-archive-ws.priority=100
|
|
- traefik.http.services.rootstock-mainnet-rskj-archive-ws.loadbalancer.server.port=8546
|
|
- traefik.http.routers.rootstock-mainnet-rskj-archive-ws.service=rootstock-mainnet-rskj-archive-ws
|
|
- traefik.http.routers.rootstock-mainnet-rskj-archive.service=rootstock-mainnet-rskj-archive
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-mainnet-rskj-archive-ws.entrypoints=websecure}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-mainnet-rskj-archive-ws.tls.certresolver=myresolver}
|
|
- ${NO_SSL:-traefik.http.routers.rootstock-mainnet-rskj-archive-ws.rule=Host(`$DOMAIN`) && (Path(`/rootstock-mainnet`) || Path(`/rootstock-mainnet/`)) && Headers(`Upgrade`, `websocket`)}
|
|
- ${NO_SSL:+traefik.http.routers.rootstock-mainnet-rskj-archive-ws.rule=(Path(`/rootstock-mainnet`) || Path(`/rootstock-mainnet/`)) && Headers(`Upgrade`, `websocket`)}
|
|
- traefik.http.routers.rootstock-mainnet-rskj-archive-ws.middlewares=rootstock-mainnet-rskj-archive-stripprefix, rootstock-mainnet-rskj-archive-host, ipallowlist
|
|
|
|
volumes:
|
|
rootstock-mainnet-rskj-archive:
|
|
|
|
x-upstreams:
|
|
- id: $${ID}
|
|
labels:
|
|
provider: $${PROVIDER}
|
|
connection:
|
|
generic:
|
|
rpc:
|
|
url: $${RPC_URL}
|
|
ws:
|
|
frameSize: 20Mb
|
|
msgSize: 50Mb
|
|
url: $${WS_URL}
|
|
chain: rootstock
|
|
method-groups:
|
|
enabled:
|
|
- debug
|
|
- filter
|
|
methods:
|
|
disabled:
|
|
enabled:
|
|
- name: txpool_content # TODO: should be disabled for rollup nodes
|
|
... |