feat: add support for WSS, nodekey and extra args
This commit is contained in:
parent
176657f4eb
commit
a8dec843af
|
@ -28,3 +28,12 @@ Go to [http://localhost:3000/d/yns_4vFVk/nwaku-monitoring?orgId=1](http://localh
|
||||||
Notes:
|
Notes:
|
||||||
* Feel free to change the image you are using `statusteam/nim-waku:xxx`. You can see the available tags in [docker hub](https://hub.docker.com/r/statusteam/nim-waku).
|
* Feel free to change the image you are using `statusteam/nim-waku:xxx`. You can see the available tags in [docker hub](https://hub.docker.com/r/statusteam/nim-waku).
|
||||||
* If you want to access grafana from outside your machine, feel free to remove `127.0.0.1` and open the port, but in that case you may want to set up a password to your grafana.
|
* If you want to access grafana from outside your machine, feel free to remove `127.0.0.1` and open the port, but in that case you may want to set up a password to your grafana.
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
There are multiple environment variables you can configure to modify behaviour of the Waku node:
|
||||||
|
|
||||||
|
* `NWAKU_IMAGE` - the image you want to use for the nwaku container (e.g. `NWAKU_IMAGE=statusteam/nim-waku:v0.19.0-rc.0`)
|
||||||
|
* `DOMAIN` - domain name pointing to the IP address of your node, when configured the run script will request SSL certs from Let's Encrypt and run Waku node with WebSockets Secure (WSS) options enabled (e.g. `DOMAIN=waku.example.com`)
|
||||||
|
* `NODEKEY` - this env variable allows you to provide a node key as described in [operators documentation](https://github.com/waku-org/nwaku/blob/master/docs/operators/how-to/configure-key.md) (e.g. `NODEKEY=9f439983aa4851346cfe6e17585e426f482871a43626812e23490895cd602c11`)
|
||||||
|
* `EXTRA_ARGS` - this variable allows you to specify additional or overriding CLI option for the Waku node which will be appended to the `wakunode2` command. (e.g. `EXTRA_ARGS="--store=false --max-connections=3000`)
|
|
@ -10,7 +10,6 @@ x-pg-pass: &pg_pass ${POSTGRES_PASSWORD:-test123}
|
||||||
x-pg-user: &pg_user ${POSTGRES_USER:-postgres}
|
x-pg-user: &pg_user ${POSTGRES_USER:-postgres}
|
||||||
|
|
||||||
x-pg-environment: &pg_env
|
x-pg-environment: &pg_env
|
||||||
environment:
|
|
||||||
POSTGRES_USER: *pg_user
|
POSTGRES_USER: *pg_user
|
||||||
POSTGRES_PASSWORD: *pg_pass
|
POSTGRES_PASSWORD: *pg_pass
|
||||||
|
|
||||||
|
@ -42,7 +41,7 @@ services:
|
||||||
# For a pre-built release. See available releases:
|
# For a pre-built release. See available releases:
|
||||||
# github.com/waku-org/nwaku/releases
|
# github.com/waku-org/nwaku/releases
|
||||||
|
|
||||||
image: statusteam/nim-waku:v0.19.0-rc.0
|
image: ${NWAKU_IMAGE:-statusteam/nim-waku:v0.19.0}
|
||||||
restart: on-failure
|
restart: on-failure
|
||||||
ports:
|
ports:
|
||||||
- 30304:30304/tcp
|
- 30304:30304/tcp
|
||||||
|
@ -50,11 +49,18 @@ services:
|
||||||
- 127.0.0.1:8545:8545/tcp
|
- 127.0.0.1:8545:8545/tcp
|
||||||
- 9005:9005/udp
|
- 9005:9005/udp
|
||||||
- 127.0.0.1:8003:8003
|
- 127.0.0.1:8003:8003
|
||||||
|
- 80:80 #Let's Encrypt
|
||||||
|
- 8000:8000/tcp #WSS
|
||||||
<<:
|
<<:
|
||||||
- *logging
|
- *logging
|
||||||
- *pg_env
|
environment:
|
||||||
|
DOMAIN: ${DOMAIN}
|
||||||
|
NODEKEY: ${NODEKEY}
|
||||||
|
EXTRA_ARGS: ${EXTRA_ARGS}
|
||||||
|
<<: *pg_env
|
||||||
volumes:
|
volumes:
|
||||||
- ./run_node.sh:/opt/run_node.sh:Z
|
- ./run_node.sh:/opt/run_node.sh:Z
|
||||||
|
- ./certs:/etc/letsencrypt/:Z
|
||||||
entrypoint: sh
|
entrypoint: sh
|
||||||
command:
|
command:
|
||||||
- /opt/run_node.sh
|
- /opt/run_node.sh
|
||||||
|
@ -97,13 +103,14 @@ services:
|
||||||
# and the store-message-db-url is set to use Postgres
|
# and the store-message-db-url is set to use Postgres
|
||||||
image: postgres:alpine3.18
|
image: postgres:alpine3.18
|
||||||
restart: on-failure
|
restart: on-failure
|
||||||
|
environment:
|
||||||
<<: *pg_env
|
<<: *pg_env
|
||||||
volumes:
|
volumes:
|
||||||
- ./postgres_cfg/postgresql.conf:/etc/postgresql/postgresql.conf
|
- ./postgres_cfg/postgresql.conf:/etc/postgresql/postgresql.conf:Z
|
||||||
- ./postgres_cfg/db.sql:/docker-entrypoint-initdb.d/db.sql
|
- ./postgres_cfg/db.sql:/docker-entrypoint-initdb.d/db.sql:Z
|
||||||
command: postgres -c config_file=/etc/postgresql/postgresql.conf
|
command: postgres -c config_file=/etc/postgresql/postgresql.conf
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
|
test: ["CMD-SHELL", "pg_isready -d db_prod"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 60s
|
timeout: 60s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
@ -115,8 +122,8 @@ services:
|
||||||
restart: on-failure
|
restart: on-failure
|
||||||
<<: *pg_exp_env
|
<<: *pg_exp_env
|
||||||
volumes:
|
volumes:
|
||||||
- ./monitoring/configuration/postgres-exporter.yml:/etc/pgexporter/postgres-exporter.yml
|
- ./monitoring/configuration/postgres-exporter.yml:/etc/pgexporter/postgres-exporter.yml:Z
|
||||||
- ./monitoring/configuration/pg-exporter-queries.yml:/etc/pgexporter/queries.yml
|
- ./monitoring/configuration/pg-exporter-queries.yml:/etc/pgexporter/queries.yml:Z
|
||||||
command:
|
command:
|
||||||
# Both the config file and 'DATA_SOURCE_NAME' should contain valid connection info
|
# Both the config file and 'DATA_SOURCE_NAME' should contain valid connection info
|
||||||
- --config.file=/etc/pgexporter/postgres-exporter.yml
|
- --config.file=/etc/pgexporter/postgres-exporter.yml
|
||||||
|
|
43
run_node.sh
43
run_node.sh
|
@ -3,6 +3,43 @@
|
||||||
echo "I am a nwaku node"
|
echo "I am a nwaku node"
|
||||||
|
|
||||||
MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
|
MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
|
||||||
|
DNS_WSS_CMD=
|
||||||
|
|
||||||
|
if [ -n "${DOMAIN}" ]; then
|
||||||
|
|
||||||
|
LETSENCRYPT_PATH=/etc/letsencrypt/live/${DOMAIN}
|
||||||
|
|
||||||
|
if ! [ -d "${LETSENCRYPT_PATH}" ]; then
|
||||||
|
apk add --no-cache certbot
|
||||||
|
|
||||||
|
certbot certonly\
|
||||||
|
--non-interactive\
|
||||||
|
--agree-tos\
|
||||||
|
--no-eff-email\
|
||||||
|
--no-redirect\
|
||||||
|
--email admin@${DOMAIN}\
|
||||||
|
-d ${DOMAIN}\
|
||||||
|
--standalone
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! [ -e "${LETSENCRYPT_PATH}/privkey.pem" ]; then
|
||||||
|
echo "The certificate does not exist"
|
||||||
|
sleep 60
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
WS_SUPPORT="--websocket-support=true"
|
||||||
|
WSS_SUPPORT="--websocket-secure-support=true"
|
||||||
|
WSS_KEY="--websocket-secure-key-path=${LETSENCRYPT_PATH}/privkey.pem"
|
||||||
|
WSS_CERT="--websocket-secure-cert-path=${LETSENCRYPT_PATH}/cert.pem"
|
||||||
|
DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"
|
||||||
|
|
||||||
|
DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${NODEKEY}" != "" ]; then
|
||||||
|
NODEKEY=--nodekey=${NODEKEY}
|
||||||
|
fi
|
||||||
|
|
||||||
exec /usr/bin/wakunode\
|
exec /usr/bin/wakunode\
|
||||||
--relay=true\
|
--relay=true\
|
||||||
|
@ -28,4 +65,8 @@ exec /usr/bin/wakunode\
|
||||||
--nat=extip:"${MY_EXT_IP}"\
|
--nat=extip:"${MY_EXT_IP}"\
|
||||||
--store=true\
|
--store=true\
|
||||||
--store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
|
--store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
|
||||||
--store-message-retention-policy=time:86400
|
--store-message-retention-policy=time:86400\
|
||||||
|
${DNS_WSS_CMD}\
|
||||||
|
${NODEKEY}\
|
||||||
|
${EXTRA_ARGS}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue