From 9f9d5d32c742f1f86693d711595d2c7df188f853 Mon Sep 17 00:00:00 2001 From: vdo Date: Wed, 25 May 2022 11:55:53 +0100 Subject: [PATCH 1/2] add compose Use domain, break command, port rename to proxy Change ports, cors middleware Enable restricted RPC Enable restricted RPC, with bind ip --- .env | 9 ++++++ Dockerfile | 14 +++++++++ config.docker.ini | 6 ++++ docker-compose.yml | 78 ++++++++++++++++++++++++++++++++++++++++++++++ docker/config.ini | 9 ++++++ 5 files changed, 116 insertions(+) create mode 100644 .env create mode 100644 Dockerfile create mode 100644 config.docker.ini create mode 100644 docker-compose.yml create mode 100644 docker/config.ini diff --git a/.env b/.env new file mode 100644 index 0000000..1102e49 --- /dev/null +++ b/.env @@ -0,0 +1,9 @@ +PROXY_DOMAIN=mainnet.xmr.sh +PROXY_PORT=8081 +PROXY_TAG=master + +TRAEFIK_TAG=2.7 +TRAEFIK_ACME_EMAIL=vdo1138@rbx.run +TRAEFIK_LOGLEVEL=DEBUG + +MONEROD_TAG=latest diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9b896a7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ + +FROM golang:1.17.7 AS builder + +WORKDIR /src +ARG BUILDARGS +COPY . . +RUN go build $BUILDARGS + + +FROM debian:11.2-slim + +WORKDIR /app +COPY --from=builder /src/monerod-proxy ./ +ENTRYPOINT ["/app/monerod-proxy"] diff --git a/config.docker.ini b/config.docker.ini new file mode 100644 index 0000000..e7087f4 --- /dev/null +++ b/config.docker.ini @@ -0,0 +1,6 @@ +http_port=8081 +log_level=Debug # one of Trace, Debug, Info, Warn, Error, Fatal or Panic (levels from logrus) +seconds_between_health_checks = 600 +# admin_password_hash=$2a$14$MjwiSCzHYI.nEt/N7R6tI.nF9WQf9bl/7Xi3ivmQ0f2ysmzQliMF2 # "password" + +node=http://monerod:18089/ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..41793c6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,78 @@ +version: "3.7" + +services: + monerod-proxy: + container_name: monerod-proxy + build: + context: ./ + image: "monerod-proxy:master" + sysctls: + net.core.somaxconn: 8128 + volumes: + - "./config.docker.ini:/app/config.ini" + labels: + - "traefik.enable=true" + # - "traefik.http.routers.monerod-proxy.rule=(Host(`${proxy_DOMAIN}`) && PathPrefix(`/ws`))" + - "traefik.http.routers.monerod-proxy.rule=(Host(`${PROXY_DOMAIN}`))" + - "traefik.http.routers.monerod-proxy.entrypoints=websecure" + - "traefik.http.routers.monerod-proxy.tls.certresolver=le" + - "traefik.http.routers.monerod-proxy.service=monerod-proxy" + - "traefik.http.services.monerod-proxy.loadbalancer.server.port=${PROXY_PORT}" + - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto = https" + - "traefik.http.middlewares.corsheader.headers.accessControlAllowOriginList=*" + - "traefik.http.routers.monerod-proxy.middlewares=corsheader" + # - "traefik.http.routers.monerod-proxy.middlewares=wss-stripprefix" + # - "traefik.http.middlewares.wss-stripprefix.stripprefix.prefixes=/wss" + # - "traefik.http.services.monerod-proxy.loadbalancer.sticky.cookie=true" + # - "traefik.http.services.monerod-proxy.loadbalancer.sticky.cookie.name=io" + # - "traefik.http.services.monerod-proxy.loadbalancer.sticky.cookie.httponly=true" + # - "traefik.http.services.monerod-proxy.loadbalancer.sticky.cookie.secure=true" + # - "traefik.http.services.monerod-proxy.loadbalancer.sticky.cookie.samesite=io" + + traefik: + image: traefik:${TRAEFIK_TAG} + container_name: traefik + ports: + - 80:80 + - 443:443 + volumes: + - "./letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + command: + - "--log.level=${TRAEFIK_LOGLEVEL}" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.le.acme.httpchallenge=true" + - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}" + - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json" + restart: always + monerod: + container_name: monerod + image: sethsimmons/simple-monerod:${MONEROD_TAG} + command: >- + --restricted-rpc --public-node --no-igd --no-zmq + --enable-dns-blocklist --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18089 --confirm-external-bind + --prune-blockchain + ports: + - "18080:18080" # Expose P2P port + - "18089" + volumes: + - "monerod-data:/home/monero/.bitmonero" + restart: unless-stopped + + # Uncomment for automatic updates + # watchtower: + # image: containrrr/watchtower + # volumes: + # - /var/run/docker.sock:/var/run/docker.sock + # labels: + # - com.centurylinklabs.watchtower.enable="false" + # command: --interval 360 --include-stopped +volumes: + monerod-data: {} diff --git a/docker/config.ini b/docker/config.ini new file mode 100644 index 0000000..675f8c1 --- /dev/null +++ b/docker/config.ini @@ -0,0 +1,9 @@ +http_port=18081 +log_level=Debug # one of Trace, Debug, Info, Warn, Error, Fatal or Panic (levels from logrus) +seconds_between_health_checks = 600 +admin_password_hash=$2a$14$MjwiSCzHYI.nEt/N7R6tI.nF9WQf9bl/7Xi3ivmQ0f2ysmzQliMF2 # "password" + +node=http://xmrnode.digitalcashtools.com:18084/,\ +https://node.monerod.org:443/,\ +http://node.supportxmr.com:18081/ +# find more nodes at https://monero.fail/?nettype=mainnet From 743c2c70a986df9d25cb33a359cfdaa68f08ca20 Mon Sep 17 00:00:00 2001 From: vdo Date: Wed, 25 May 2022 16:23:33 +0100 Subject: [PATCH 2/2] example domains, DOCKER.md --- .env | 4 ++-- DOCKER.md | 26 ++++++++++++++++++++++++++ docker/config.ini | 9 --------- 3 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 DOCKER.md delete mode 100644 docker/config.ini diff --git a/.env b/.env index 1102e49..a32cb05 100644 --- a/.env +++ b/.env @@ -1,9 +1,9 @@ -PROXY_DOMAIN=mainnet.xmr.sh +PROXY_DOMAIN=your-domain.xmr.example PROXY_PORT=8081 PROXY_TAG=master TRAEFIK_TAG=2.7 -TRAEFIK_ACME_EMAIL=vdo1138@rbx.run +TRAEFIK_ACME_EMAIL=your-email@xmr.example TRAEFIK_LOGLEVEL=DEBUG MONEROD_TAG=latest diff --git a/DOCKER.md b/DOCKER.md new file mode 100644 index 0000000..e498b75 --- /dev/null +++ b/DOCKER.md @@ -0,0 +1,26 @@ +# Docker How-To + +The Docker deployment adds a Traefik balancer and adds SSL support making use of Let's Encrypt. By default, it also adds a CORS headers middleware, so the node can be used in web applications seamlessly. + +### Requirements + +- [Docker](https://docs.docker.com/get-docker/) +- [Docker Compose](https://docs.docker.com/compose/install/) +- A DNS domain pointing to your server (optional) + +### Build and deploy + +To build the base image, run: + +``` +docker-compose build +``` + +Once completed, configure the config file `.env` and `config.docker.ini` to your needs. Don't change the port and keep the node `http://monerod:18089/` as a primary to use the local node. + +Then the node is ready to deploy with: + +``` +docker-compose pull +docker-compose up -d +``` diff --git a/docker/config.ini b/docker/config.ini deleted file mode 100644 index 675f8c1..0000000 --- a/docker/config.ini +++ /dev/null @@ -1,9 +0,0 @@ -http_port=18081 -log_level=Debug # one of Trace, Debug, Info, Warn, Error, Fatal or Panic (levels from logrus) -seconds_between_health_checks = 600 -admin_password_hash=$2a$14$MjwiSCzHYI.nEt/N7R6tI.nF9WQf9bl/7Xi3ivmQ0f2ysmzQliMF2 # "password" - -node=http://xmrnode.digitalcashtools.com:18084/,\ -https://node.monerod.org:443/,\ -http://node.supportxmr.com:18081/ -# find more nodes at https://monero.fail/?nettype=mainnet