diff --git a/README.md b/README.md index c7447eb..131026e 100644 --- a/README.md +++ b/README.md @@ -28,3 +28,12 @@ Go to [http://localhost:3000/d/yns_4vFVk/nwaku-monitoring?orgId=1](http://localh Notes: * Feel free to change the image you are using `statusteam/nim-waku:xxx`. You can see the available tags in [docker hub](https://hub.docker.com/r/statusteam/nim-waku). * If you want to access grafana from outside your machine, feel free to remove `127.0.0.1` and open the port, but in that case you may want to set up a password to your grafana. + +## Configuration + +There are multiple environment variables you can configure to modify behaviour of the Waku node: + +* `NWAKU_IMAGE` - the image you want to use for the nwaku container (e.g. `NWAKU_IMAGE=statusteam/nim-waku:v0.19.0-rc.0`) +* `DOMAIN` - domain name pointing to the IP address of your node, when configured the run script will request SSL certs from Let's Encrypt and run Waku node with WebSockets Secure (WSS) options enabled (e.g. `DOMAIN=waku.example.com`) +* `NODEKEY` - this env variable allows you to provide a node key as described in [operators documentation](https://github.com/waku-org/nwaku/blob/master/docs/operators/how-to/configure-key.md) (e.g. `NODEKEY=9f439983aa4851346cfe6e17585e426f482871a43626812e23490895cd602c11`) +* `EXTRA_ARGS` - this variable allows you to specify additional or overriding CLI option for the Waku node which will be appended to the `wakunode2` command. (e.g. `EXTRA_ARGS="--store=false --max-connections=3000`) \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 10dbdea..734f908 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,6 @@ x-pg-pass: &pg_pass ${POSTGRES_PASSWORD:-test123} x-pg-user: &pg_user ${POSTGRES_USER:-postgres} x-pg-environment: &pg_env - environment: POSTGRES_USER: *pg_user POSTGRES_PASSWORD: *pg_pass @@ -42,7 +41,7 @@ services: # For a pre-built release. See available releases: # github.com/waku-org/nwaku/releases - image: statusteam/nim-waku:v0.19.0-rc.0 + image: ${NWAKU_IMAGE:-statusteam/nim-waku:v0.19.0} restart: on-failure ports: - 30304:30304/tcp @@ -50,11 +49,18 @@ services: - 127.0.0.1:8545:8545/tcp - 9005:9005/udp - 127.0.0.1:8003:8003 + - 80:80 #Let's Encrypt + - 8000:8000/tcp #WSS <<: - *logging - - *pg_env + environment: + DOMAIN: ${DOMAIN} + NODEKEY: ${NODEKEY} + EXTRA_ARGS: ${EXTRA_ARGS} + <<: *pg_env volumes: - ./run_node.sh:/opt/run_node.sh:Z + - ./certs:/etc/letsencrypt/:Z entrypoint: sh command: - /opt/run_node.sh @@ -97,13 +103,14 @@ services: # and the store-message-db-url is set to use Postgres image: postgres:alpine3.18 restart: on-failure - <<: *pg_env + environment: + <<: *pg_env volumes: - - ./postgres_cfg/postgresql.conf:/etc/postgresql/postgresql.conf - - ./postgres_cfg/db.sql:/docker-entrypoint-initdb.d/db.sql + - ./postgres_cfg/postgresql.conf:/etc/postgresql/postgresql.conf:Z + - ./postgres_cfg/db.sql:/docker-entrypoint-initdb.d/db.sql:Z command: postgres -c config_file=/etc/postgresql/postgresql.conf healthcheck: - test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"] + test: ["CMD-SHELL", "pg_isready -d db_prod"] interval: 30s timeout: 60s retries: 5 @@ -115,8 +122,8 @@ services: restart: on-failure <<: *pg_exp_env volumes: - - ./monitoring/configuration/postgres-exporter.yml:/etc/pgexporter/postgres-exporter.yml - - ./monitoring/configuration/pg-exporter-queries.yml:/etc/pgexporter/queries.yml + - ./monitoring/configuration/postgres-exporter.yml:/etc/pgexporter/postgres-exporter.yml:Z + - ./monitoring/configuration/pg-exporter-queries.yml:/etc/pgexporter/queries.yml:Z command: # Both the config file and 'DATA_SOURCE_NAME' should contain valid connection info - --config.file=/etc/pgexporter/postgres-exporter.yml diff --git a/run_node.sh b/run_node.sh index 607f5c3..19d13f9 100644 --- a/run_node.sh +++ b/run_node.sh @@ -3,6 +3,43 @@ echo "I am a nwaku node" MY_EXT_IP=$(wget -qO- https://api4.ipify.org) +DNS_WSS_CMD= + +if [ -n "${DOMAIN}" ]; then + + LETSENCRYPT_PATH=/etc/letsencrypt/live/${DOMAIN} + + if ! [ -d "${LETSENCRYPT_PATH}" ]; then + apk add --no-cache certbot + + certbot certonly\ + --non-interactive\ + --agree-tos\ + --no-eff-email\ + --no-redirect\ + --email admin@${DOMAIN}\ + -d ${DOMAIN}\ + --standalone + fi + + if ! [ -e "${LETSENCRYPT_PATH}/privkey.pem" ]; then + echo "The certificate does not exist" + sleep 60 + exit 1 + fi + + WS_SUPPORT="--websocket-support=true" + WSS_SUPPORT="--websocket-secure-support=true" + WSS_KEY="--websocket-secure-key-path=${LETSENCRYPT_PATH}/privkey.pem" + WSS_CERT="--websocket-secure-cert-path=${LETSENCRYPT_PATH}/cert.pem" + DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}" + + DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}" +fi + +if [ "${NODEKEY}" != "" ]; then + NODEKEY=--nodekey=${NODEKEY} +fi exec /usr/bin/wakunode\ --relay=true\ @@ -28,4 +65,8 @@ exec /usr/bin/wakunode\ --nat=extip:"${MY_EXT_IP}"\ --store=true\ --store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\ - --store-message-retention-policy=time:86400 + --store-message-retention-policy=time:86400\ + ${DNS_WSS_CMD}\ + ${NODEKEY}\ + ${EXTRA_ARGS} +