nwaku-compose/run_node.sh

136 lines
4.0 KiB
Bash
Executable File

#!/bin/sh
echo "I am a nwaku node"
if [ -n "${ETH_CLIENT_ADDRESS}" ] ; then
echo "ETH_CLIENT_ADDRESS variable was renamed to RLN_RELAY_ETH_CLIENT_ADDRESS"
echo "Please update your .env file"
exit 1
fi
if [ -z "${RLN_RELAY_ETH_CLIENT_ADDRESS}" ]; then
echo "Missing Eth client address, please refer to README.md for detailed instructions"
exit 1
fi
MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
DNS_WSS_CMD=
if [ -z "${DOMAIN}" ]; then
echo "auto-domain: DOMAIN is unset, trying to guess it"
# Check if we have an IP
IPCHECK=$(echo "${MY_EXT_IP}" | grep -c '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$')
if [ "${IPCHECK}" -ne 1 ]; then
echo "Failed to get ip, received: '${MY_EXT_IP}'"
else
echo "auto-domain: ip is '${MY_EXT_IP}'"
# Get reverse DNS
DNS=$(dig +short -x "${MY_EXT_IP}")
# Check if looks like a DNS
DNSCHECK=$(echo "${DNS}" | grep -c '^\([a-zA-Z0-9_\-]\+\.\)\+$')
if [ "${DNSCHECK}" -ne 1 ]; then
echo "Failed to get DNS, received: '${DNS}'"
else
DOMAIN=$(echo "${DNS}" | sed s/\.$//)
echo "auto-domain: DOMAIN deduced and set to ${DOMAIN}"
# Double check the domain is setup to return right IP
# OpenDNS servers are used to bypass /etc/hosts as it may return loopback address
DNS_IP=$(dig +short @208.67.222.222 "${DNS}")
if [ "${DNS_IP}" != "${MY_EXT_IP}" ]; then
echo "auto-domain: DNS queried returned a different ip: '${DNS_IP}', unsetting DOMAIN"
unset DOMAIN
else
echo "auto-domain: last verification successful, DOMAIN=${DOMAIN}"
fi
fi
fi
fi
if [ -n "${DOMAIN}" ]; then
LETSENCRYPT_PATH=/etc/letsencrypt/live/${DOMAIN}
if ! [ -d "${LETSENCRYPT_PATH}" ]; then
apk add --no-cache certbot
certbot certonly\
--non-interactive\
--agree-tos\
--no-eff-email\
--no-redirect\
--email admin@${DOMAIN}\
-d ${DOMAIN}\
--standalone
fi
if ! [ -e "${LETSENCRYPT_PATH}/privkey.pem" ]; then
echo "The certificate does not exist. Proceeding without supporting websocket"
else
WS_SUPPORT="--websocket-support=true"
WSS_SUPPORT="--websocket-secure-support=true"
WSS_KEY="--websocket-secure-key-path=${LETSENCRYPT_PATH}/privkey.pem"
WSS_CERT="--websocket-secure-cert-path=${LETSENCRYPT_PATH}/cert.pem"
DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"
DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"
fi
fi
if [ -n "${NODEKEY}" ]; then
NODEKEY=--nodekey=${NODEKEY}
fi
RLN_RELAY_CRED_PATH=--rln-relay-cred-path=${RLN_RELAY_CRED_PATH:-/keystore/keystore.json}
if [ -n "${RLN_RELAY_CRED_PASSWORD}" ]; then
RLN_RELAY_CRED_PASSWORD=--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}"
fi
STORE_RETENTION_POLICY=--store-message-retention-policy=size:1GB
if [ -n "${STORAGE_SIZE}" ]; then
STORE_RETENTION_POLICY=--store-message-retention-policy=size:"${STORAGE_SIZE}"
fi
exec /usr/bin/wakunode\
--relay=true\
--filter=true\
--lightpush=true\
--keep-alive=true\
--max-connections=150\
--cluster-id=1\
--discv5-discovery=true\
--discv5-udp-port=9005\
--discv5-enr-auto-update=True\
--log-level=DEBUG\
--tcp-port=30304\
--metrics-server=True\
--metrics-server-port=8003\
--metrics-server-address=0.0.0.0\
--rest=true\
--rest-admin=true\
--rest-address=0.0.0.0\
--rest-port=8645\
--rest-allow-origin="waku-org.github.io"\
--rest-allow-origin="localhost:*"\
--nat=extip:"${MY_EXT_IP}"\
--store=true\
--store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
--rln-relay-eth-client-address="${RLN_RELAY_ETH_CLIENT_ADDRESS}"\
--rln-relay-tree-path="/etc/rln_tree"\
"${RLN_RELAY_CRED_PATH}"\
"${RLN_RELAY_CRED_PASSWORD}"\
${DNS_WSS_CMD}\
${NODEKEY}\
${STORE_RETENTION_POLICY}\
${EXTRA_ARGS}