136 lines
4.0 KiB
Bash
Executable File
136 lines
4.0 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
echo "I am a nwaku node"
|
|
|
|
if [ -n "${ETH_CLIENT_ADDRESS}" ] ; then
|
|
echo "ETH_CLIENT_ADDRESS variable was renamed to RLN_RELAY_ETH_CLIENT_ADDRESS"
|
|
echo "Please update your .env file"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${RLN_RELAY_ETH_CLIENT_ADDRESS}" ]; then
|
|
echo "Missing Eth client address, please refer to README.md for detailed instructions"
|
|
exit 1
|
|
fi
|
|
|
|
MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
|
|
DNS_WSS_CMD=
|
|
|
|
if [ -z "${DOMAIN}" ]; then
|
|
echo "auto-domain: DOMAIN is unset, trying to guess it"
|
|
|
|
# Check if we have an IP
|
|
IPCHECK=$(echo "${MY_EXT_IP}" | grep -c '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$')
|
|
|
|
if [ "${IPCHECK}" -ne 1 ]; then
|
|
echo "Failed to get ip, received: '${MY_EXT_IP}'"
|
|
else
|
|
echo "auto-domain: ip is '${MY_EXT_IP}'"
|
|
|
|
# Get reverse DNS
|
|
DNS=$(dig +short -x "${MY_EXT_IP}")
|
|
|
|
# Check if looks like a DNS
|
|
DNSCHECK=$(echo "${DNS}" | grep -c '^\([a-zA-Z0-9_\-]\+\.\)\+$')
|
|
|
|
if [ "${DNSCHECK}" -ne 1 ]; then
|
|
echo "Failed to get DNS, received: '${DNS}'"
|
|
else
|
|
DOMAIN=$(echo "${DNS}" | sed s/\.$//)
|
|
echo "auto-domain: DOMAIN deduced and set to ${DOMAIN}"
|
|
|
|
# Double check the domain is setup to return right IP
|
|
# OpenDNS servers are used to bypass /etc/hosts as it may return loopback address
|
|
DNS_IP=$(dig +short @208.67.222.222 "${DNS}")
|
|
|
|
if [ "${DNS_IP}" != "${MY_EXT_IP}" ]; then
|
|
echo "auto-domain: DNS queried returned a different ip: '${DNS_IP}', unsetting DOMAIN"
|
|
unset DOMAIN
|
|
else
|
|
echo "auto-domain: last verification successful, DOMAIN=${DOMAIN}"
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${DOMAIN}" ]; then
|
|
|
|
LETSENCRYPT_PATH=/etc/letsencrypt/live/${DOMAIN}
|
|
|
|
if ! [ -d "${LETSENCRYPT_PATH}" ]; then
|
|
apk add --no-cache certbot
|
|
|
|
certbot certonly\
|
|
--non-interactive\
|
|
--agree-tos\
|
|
--no-eff-email\
|
|
--no-redirect\
|
|
--email admin@${DOMAIN}\
|
|
-d ${DOMAIN}\
|
|
--standalone
|
|
fi
|
|
|
|
if ! [ -e "${LETSENCRYPT_PATH}/privkey.pem" ]; then
|
|
echo "The certificate does not exist. Proceeding without supporting websocket"
|
|
else
|
|
WS_SUPPORT="--websocket-support=true"
|
|
WSS_SUPPORT="--websocket-secure-support=true"
|
|
WSS_KEY="--websocket-secure-key-path=${LETSENCRYPT_PATH}/privkey.pem"
|
|
WSS_CERT="--websocket-secure-cert-path=${LETSENCRYPT_PATH}/cert.pem"
|
|
DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"
|
|
|
|
DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${NODEKEY}" ]; then
|
|
NODEKEY=--nodekey=${NODEKEY}
|
|
fi
|
|
|
|
RLN_RELAY_CRED_PATH=--rln-relay-cred-path=${RLN_RELAY_CRED_PATH:-/keystore/keystore.json}
|
|
|
|
|
|
if [ -n "${RLN_RELAY_CRED_PASSWORD}" ]; then
|
|
RLN_RELAY_CRED_PASSWORD=--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}"
|
|
fi
|
|
|
|
STORE_RETENTION_POLICY=--store-message-retention-policy=size:1GB
|
|
|
|
if [ -n "${STORAGE_SIZE}" ]; then
|
|
STORE_RETENTION_POLICY=--store-message-retention-policy=size:"${STORAGE_SIZE}"
|
|
fi
|
|
|
|
exec /usr/bin/wakunode\
|
|
--relay=true\
|
|
--filter=true\
|
|
--lightpush=true\
|
|
--keep-alive=true\
|
|
--max-connections=150\
|
|
--cluster-id=1\
|
|
--discv5-discovery=true\
|
|
--discv5-udp-port=9005\
|
|
--discv5-enr-auto-update=True\
|
|
--log-level=DEBUG\
|
|
--tcp-port=30304\
|
|
--metrics-server=True\
|
|
--metrics-server-port=8003\
|
|
--metrics-server-address=0.0.0.0\
|
|
--rest=true\
|
|
--rest-admin=true\
|
|
--rest-address=0.0.0.0\
|
|
--rest-port=8645\
|
|
--rest-allow-origin="waku-org.github.io"\
|
|
--rest-allow-origin="localhost:*"\
|
|
--nat=extip:"${MY_EXT_IP}"\
|
|
--store=true\
|
|
--store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
|
|
--rln-relay-eth-client-address="${RLN_RELAY_ETH_CLIENT_ADDRESS}"\
|
|
--rln-relay-tree-path="/etc/rln_tree"\
|
|
"${RLN_RELAY_CRED_PATH}"\
|
|
"${RLN_RELAY_CRED_PASSWORD}"\
|
|
${DNS_WSS_CMD}\
|
|
${NODEKEY}\
|
|
${STORE_RETENTION_POLICY}\
|
|
${EXTRA_ARGS}
|
|
|