logos-messaging-nim-compose/run_node.sh

#!/bin/sh

echo "I am a Logos Messaging node"

if [ -n "${ETH_CLIENT_ADDRESS}" ] ; then
    echo "ETH_CLIENT_ADDRESS variable was renamed to RLN_RELAY_ETH_CLIENT_ADDRESS"
    echo "Please update your .env file"
    exit 1
fi

if [ -z "${RLN_RELAY_ETH_CLIENT_ADDRESS}" ]; then
    echo "Missing Eth client address, please refer to README.md for detailed instructions"
    exit 1
fi

MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
DNS_WSS_CMD=

if [ -z "${DOMAIN}" ]; then
    echo "auto-domain: DOMAIN is unset, trying to guess it"

    # Check if we have an IP
    IPCHECK=$(echo "${MY_EXT_IP}" | grep -c '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$')

    if [ "${IPCHECK}" -ne 1 ]; then
        echo "Failed to get ip, received: '${MY_EXT_IP}'"
    else
        echo "auto-domain: ip is '${MY_EXT_IP}'"

        # Get reverse DNS
        DNS=$(dig +short -x "${MY_EXT_IP}")

        # Check if looks like a DNS
        DNSCHECK=$(echo "${DNS}" | grep -c '^\([a-zA-Z0-9_\-]\+\.\)\+$')

        if [ "${DNSCHECK}" -ne 1 ]; then
            echo "Failed to get DNS, received: '${DNS}'"
        else
            DOMAIN=$(echo "${DNS}" | sed s/\.$//)
            echo "auto-domain: DOMAIN deduced and set to ${DOMAIN}"

           # Double check the domain is setup to return right IP
           # OpenDNS servers are used to bypass /etc/hosts as it may return loopback address
           DNS_IP=$(dig +short @208.67.222.222 "${DNS}")

           if [ "${DNS_IP}" != "${MY_EXT_IP}"  ]; then
               echo "auto-domain: DNS queried returned a different ip: '${DNS_IP}', unsetting DOMAIN"
               unset DOMAIN
           else
               echo "auto-domain: last verification successful, DOMAIN=${DOMAIN}"
           fi
        fi
    fi
fi

if [ -n "${DOMAIN}" ]; then
    ## A domain has been either set or inferred. Let's try to use it for websocket secure support.

    apk add --no-cache openssl

    LETSENCRYPT_PATH="/etc/letsencrypt/live/${DOMAIN}"
    CERT="${LETSENCRYPT_PATH}/fullchain.pem"
    KEY="${LETSENCRYPT_PATH}/privkey.pem"

    echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Waiting for a valid TLS certificate for ${DOMAIN}..."

    while true; do
        if [ ! -f "${CERT}" ] || [ ! -f "${KEY}" ]; then
            echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Certificate files not found yet. Waiting..."
        elif ! openssl x509 -checkend 0 -noout -in "${CERT}" >/dev/null 2>&1; then
            echo "$(date '+%Y-%m-%d %H:%M:%S') [WARN] Certificate exists but is expired. Waiting for renewal..."
            echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] If that takes more than 15 minutes, please remove --quiet attr in run_certbot.sh so that you can see the reason why renewal is not working."
        else
            echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Valid TLS certificate detected."
            break
        fi

        sleep 60
    done

    WS_SUPPORT="--websocket-support=true"
    WSS_SUPPORT="--websocket-secure-support=true"
    WSS_KEY="--websocket-secure-key-path=${KEY}"
    WSS_CERT="--websocket-secure-cert-path=${CERT}"
    DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"

    DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"
fi


if [ -n "${NODEKEY}" ]; then
    NODEKEY=--nodekey=${NODEKEY}
fi

if [ -n "${RLN_RELAY_CRED_PASSWORD}" ]; then
    RLN_RELAY_CRED_PASSWORD=--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}"
    ## Enable Light Push (RLNaaS) if RLN credentials are used
    LIGHTPUSH=--lightpush=true
    ## Pass default value for credentials path if not set
    RLN_RELAY_CRED_PATH=--rln-relay-cred-path=${RLN_RELAY_CRED_PATH:-/keystore/keystore.json}
    echo "Using RLN credentials from ${RLN_RELAY_CRED_PATH}"
else
    LIGHTPUSH=--lightpush=false
    # Ensure no empty values are passed
    RLN_RELAY_CRED_PATH=""
    RLN_RELAY_CRED_PASSWORD=""
fi


STORE_RETENTION_POLICY=--store-message-retention-policy=size:1GB

if [ -n "${STORAGE_SIZE}" ]; then
    STORE_RETENTION_POLICY=--store-message-retention-policy=size:"${STORAGE_SIZE}"
fi

exec /usr/bin/wakunode\
    --relay=true\
    --filter=true\
    --peer-exchange=true\
    ${LIGHTPUSH}\
    --keep-alive=true\
    --max-connections=150\
    --cluster-id=1\
    --discv5-discovery=true\
    --discv5-udp-port=9005\
    --discv5-enr-auto-update=True\
    --log-level=DEBUG\
    --tcp-port=30304\
    --metrics-server=True\
    --metrics-server-port=8003\
    --metrics-server-address=0.0.0.0\
    --rest=true\
    --rest-admin=true\
    --rest-address=0.0.0.0\
    --rest-port=8645\
    --rest-allow-origin="logos-messaging.github.io"\
    --rest-allow-origin="localhost:*"\
    --nat=extip:"${MY_EXT_IP}"\
    --store=true\
    --store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
    --rln-relay-eth-client-address="${RLN_RELAY_ETH_CLIENT_ADDRESS}"\
    ${RLN_RELAY_CRED_PATH}\
    ${RLN_RELAY_CRED_PASSWORD}\
    ${DNS_WSS_CMD}\
    ${NODEKEY}\
    ${STORE_RETENTION_POLICY}\
    ${EXTRA_ARGS}
Initial release of nwaku-compose 2023-08-09 12:36:03 +02:00			`#!/bin/sh`

adjust some names to lmn (#184) 2026-01-12 11:59:58 +01:00			`echo "I am a Logos Messaging node"`
Initial release of nwaku-compose 2023-08-09 12:36:03 +02:00
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`if [ -n "${ETH_CLIENT_ADDRESS}" ] ; then`
			`echo "ETH_CLIENT_ADDRESS variable was renamed to RLN_RELAY_ETH_CLIENT_ADDRESS"`
			`echo "Please update your .env file"`
			`exit 1`
feat: provide migration instructions to var name changes (#101) 2024-06-28 09:21:13 +10:00			`fi`

fix: eth related arguments have new `rln relay` prefix (#100) 2024-06-27 11:42:18 +10:00			`if [ -z "${RLN_RELAY_ETH_CLIENT_ADDRESS}" ]; then`
Refactoring and adding optional rln env variables 2023-09-22 11:45:45 +03:00			`echo "Missing Eth client address, please refer to README.md for detailed instructions"`
Changing new parameters to env variables and updating README 2023-09-21 15:28:39 +03:00			`exit 1`
			`fi`

Initial release of nwaku-compose 2023-08-09 12:36:03 +02:00			`MY_EXT_IP=$(wget -qO- https://api4.ipify.org)`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00			`DNS_WSS_CMD=`

feat: automatically fetch domain name if possible (#115) 2024-08-16 19:11:37 +10:00			`if [ -z "${DOMAIN}" ]; then`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`echo "auto-domain: DOMAIN is unset, trying to guess it"`
feat: automatically fetch domain name if possible (#115) 2024-08-16 19:11:37 +10:00
			`# Check if we have an IP`
			`IPCHECK=$(echo "${MY_EXT_IP}" \| grep -c '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$')`

feat: script to guesstimate store retention size (#133) 2024-10-14 16:17:56 +11:00			`if [ "${IPCHECK}" -ne 1 ]; then`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`echo "Failed to get ip, received: '${MY_EXT_IP}'"`
feat: automatically fetch domain name if possible (#115) 2024-08-16 19:11:37 +10:00			`else`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`echo "auto-domain: ip is '${MY_EXT_IP}'"`
feat: automatically fetch domain name if possible (#115) 2024-08-16 19:11:37 +10:00
			`# Get reverse DNS`
			`DNS=$(dig +short -x "${MY_EXT_IP}")`

			`# Check if looks like a DNS`
			`DNSCHECK=$(echo "${DNS}" \| grep -c '^\([a-zA-Z0-9_\-]\+\.\)\+$')`

feat: script to guesstimate store retention size (#133) 2024-10-14 16:17:56 +11:00			`if [ "${DNSCHECK}" -ne 1 ]; then`
feat: automatically fetch domain name if possible (#115) 2024-08-16 19:11:37 +10:00			`echo "Failed to get DNS, received: '${DNS}'"`
			`else`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`DOMAIN=$(echo "${DNS}" \| sed s/\.$//)`
			`echo "auto-domain: DOMAIN deduced and set to ${DOMAIN}"`

			`# Double check the domain is setup to return right IP`
			`# OpenDNS servers are used to bypass /etc/hosts as it may return loopback address`
			`DNS_IP=$(dig +short @208.67.222.222 "${DNS}")`

			`if [ "${DNS_IP}" != "${MY_EXT_IP}" ]; then`
			`echo "auto-domain: DNS queried returned a different ip: '${DNS_IP}', unsetting DOMAIN"`
			`unset DOMAIN`
			`else`
			`echo "auto-domain: last verification successful, DOMAIN=${DOMAIN}"`
			`fi`
			`fi`
feat: automatically fetch domain name if possible (#115) 2024-08-16 19:11:37 +10:00			`fi`
			`fi`

feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00			`if [ -n "${DOMAIN}" ]; then`
Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00			`## A domain has been either set or inferred. Let's try to use it for websocket secure support.`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00
Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00			`apk add --no-cache openssl`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00
Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00			`LETSENCRYPT_PATH="/etc/letsencrypt/live/${DOMAIN}"`
			`CERT="${LETSENCRYPT_PATH}/fullchain.pem"`
			`KEY="${LETSENCRYPT_PATH}/privkey.pem"`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00
Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00			`echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Waiting for a valid TLS certificate for ${DOMAIN}..."`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00
Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00			`while true; do`
			`if [ ! -f "${CERT}" ] \|\| [ ! -f "${KEY}" ]; then`
			`echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Certificate files not found yet. Waiting..."`
			`elif ! openssl x509 -checkend 0 -noout -in "${CERT}" >/dev/null 2>&1; then`
			`echo "$(date '+%Y-%m-%d %H:%M:%S') [WARN] Certificate exists but is expired. Waiting for renewal..."`
			`echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] If that takes more than 15 minutes, please remove --quiet attr in run_certbot.sh so that you can see the reason why renewal is not working."`
			`else`
			`echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Valid TLS certificate detected."`
			`break`
			`fi`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00
Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00			`sleep 60`
			`done`

			`WS_SUPPORT="--websocket-support=true"`
			`WSS_SUPPORT="--websocket-secure-support=true"`
			`WSS_KEY="--websocket-secure-key-path=${KEY}"`
			`WSS_CERT="--websocket-secure-cert-path=${CERT}"`
			`DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"`

			`DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00			`fi`

Automatic cert renew (#185) 2026-01-12 09:53:46 +01:00
Refactoring and adding optional rln env variables 2023-09-22 11:45:45 +03:00			`if [ -n "${NODEKEY}" ]; then`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00			`NODEKEY=--nodekey=${NODEKEY}`
			`fi`
Initial release of nwaku-compose 2023-08-09 12:36:03 +02:00
Refactoring and adding optional rln env variables 2023-09-22 11:45:45 +03:00			`if [ -n "${RLN_RELAY_CRED_PASSWORD}" ]; then`
fix:errors noticed when upgrading from older version 2024-01-09 16:12:20 +05:30			`RLN_RELAY_CRED_PASSWORD=--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}"`
Update default config for relay without publishing (#169) Co-authored-by: fryorcraken <commits@fryorcraken.xyz> 2025-07-29 02:37:45 +02:00			`## Enable Light Push (RLNaaS) if RLN credentials are used`
			`LIGHTPUSH=--lightpush=true`
			`## Pass default value for credentials path if not set`
			`RLN_RELAY_CRED_PATH=--rln-relay-cred-path=${RLN_RELAY_CRED_PATH:-/keystore/keystore.json}`
			`echo "Using RLN credentials from ${RLN_RELAY_CRED_PATH}"`
			`else`
			`LIGHTPUSH=--lightpush=false`
			`# Ensure no empty values are passed`
			`RLN_RELAY_CRED_PATH=""`
			`RLN_RELAY_CRED_PASSWORD=""`
Refactoring and adding optional rln env variables 2023-09-22 11:45:45 +03:00			`fi`

Update default config for relay without publishing (#169) Co-authored-by: fryorcraken <commits@fryorcraken.xyz> 2025-07-29 02:37:45 +02:00
bug: Fix typo of default size retention policy. (#79) 2024-03-15 14:22:58 +01:00			`STORE_RETENTION_POLICY=--store-message-retention-policy=size:1GB`
chore: Enable external configuration of DB storage size retention policy (#77) 2024-03-14 10:05:57 +01:00
			`if [ -n "${STORAGE_SIZE}" ]; then`
			`STORE_RETENTION_POLICY=--store-message-retention-policy=size:"${STORAGE_SIZE}"`
			`fi`

Initial release of nwaku-compose 2023-08-09 12:36:03 +02:00			`exec /usr/bin/wakunode\`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`--relay=true\`
			`--filter=true\`
enable peer exchange service by default (#177) 2025-09-12 13:36:48 +05:30			`--peer-exchange=true\`
Update default config for relay without publishing (#169) Co-authored-by: fryorcraken <commits@fryorcraken.xyz> 2025-07-29 02:37:45 +02:00			`${LIGHTPUSH}\`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`--keep-alive=true\`
			`--max-connections=150\`
			`--cluster-id=1\`
			`--discv5-discovery=true\`
			`--discv5-udp-port=9005\`
			`--discv5-enr-auto-update=True\`
			`--log-level=DEBUG\`
			`--tcp-port=30304\`
			`--metrics-server=True\`
			`--metrics-server-port=8003\`
			`--metrics-server-address=0.0.0.0\`
			`--rest=true\`
			`--rest-admin=true\`
			`--rest-address=0.0.0.0\`
			`--rest-port=8645\`
adjust some names to lmn (#184) 2026-01-12 11:59:58 +01:00			`--rest-allow-origin="logos-messaging.github.io"\`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`--rest-allow-origin="localhost:*"\`
			`--nat=extip:"${MY_EXT_IP}"\`
			`--store=true\`
			`--store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\`
			`--rln-relay-eth-client-address="${RLN_RELAY_ETH_CLIENT_ADDRESS}"\`
Update default config for relay without publishing (#169) Co-authored-by: fryorcraken <commits@fryorcraken.xyz> 2025-07-29 02:37:45 +02:00			`${RLN_RELAY_CRED_PATH}\`
			`${RLN_RELAY_CRED_PASSWORD}\`
fix: when guessing domain, double check domain returns right ip (#117) 2024-08-19 20:11:06 +10:00			`${DNS_WSS_CMD}\`
			`${NODEKEY}\`
			`${STORE_RETENTION_POLICY}\`
			`${EXTRA_ARGS}`
feat: add support for WSS, nodekey and extra args 2023-09-05 13:13:59 +02:00