From 2833c75fa46a16e8075f0bd1476fa42eadaea5be Mon Sep 17 00:00:00 2001 From: Yorick Downe Date: Thu, 2 Nov 2023 21:07:03 +0000 Subject: [PATCH] Breaking change - traefik files to avoid host header attacks on unsuspecting users --- README.md | 2 +- besu.yml | 24 ------------------------ cl-traefik.yml | 17 +++++++++++++++++ ee-traefik.yml | 12 ++++++++++++ el-traefik.yml | 24 ++++++++++++++++++++++++ erigon.yml | 24 ------------------------ ethd | 5 ++--- geth.yml | 24 ------------------------ lighthouse-cl-only.yml | 10 ---------- lighthouse.yml | 10 ---------- lodestar-cl-only.yml | 10 ---------- lodestar.yml | 10 ---------- nethermind.yml | 24 ------------------------ nimbus-cl-only.yml | 10 ---------- nimbus.yml | 10 ---------- prysm-cl-only.yml | 10 ---------- prysm.yml | 10 ---------- reth.yml | 24 ------------------------ teku-cl-only.yml | 10 ---------- teku.yml | 10 ---------- 20 files changed, 56 insertions(+), 224 deletions(-) create mode 100644 cl-traefik.yml create mode 100644 ee-traefik.yml create mode 100644 el-traefik.yml diff --git a/README.md b/README.md index b77bec3d..95c9f6e8 100644 --- a/README.md +++ b/README.md @@ -29,4 +29,4 @@ please read the [contribution guidelines](CONTRIBUTING.md) so you can run lint c ## Version -This is Eth Docker v2.3.5 +This is Eth Docker v2.3.6 diff --git a/besu.yml b/besu.yml index 34323619..2ec976a7 100644 --- a/besu.yml +++ b/besu.yml @@ -76,30 +76,6 @@ services: - "6060" - --nat-method=DOCKER labels: - - traefik.enable=true - - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} - - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} - - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} - - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure - - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) - - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt - - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} - metrics.scrape=true - metrics.path=/metrics - metrics.port=6060 diff --git a/cl-traefik.yml b/cl-traefik.yml new file mode 100644 index 00000000..09368a03 --- /dev/null +++ b/cl-traefik.yml @@ -0,0 +1,17 @@ +# To be used in conjunction with lodestar.yml, nimbus.yml, teku.yml, lighthouse.yml or prysm.yml, ditto their +# -cl-only.yml versions +# For remote validator setups only. Please be very cautious when exposing your consensus API port +version: "3.9" +services: + execution: + labels: + - traefik.enable=true + - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} + - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure + - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) + - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt + - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} + - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure + - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) + - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt + - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} diff --git a/ee-traefik.yml b/ee-traefik.yml new file mode 100644 index 00000000..9ed333ee --- /dev/null +++ b/ee-traefik.yml @@ -0,0 +1,12 @@ +# To be used in conjunction with erigon.yml, nethermind.yml, besu.yml, reth.yml or geth.yml +# For distributed setups only. Please be very cautious when exposing your engine port +version: "3.9" +services: + execution: + labels: + - traefik.enable=true + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} diff --git a/el-traefik.yml b/el-traefik.yml new file mode 100644 index 00000000..1baafecc --- /dev/null +++ b/el-traefik.yml @@ -0,0 +1,24 @@ +# To be used in conjunction with erigon.yml, nethermind.yml, besu.yml, reth.yml or geth.yml +version: "3.9" +services: + execution: + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} diff --git a/erigon.yml b/erigon.yml index 55d81242..fe4e9559 100644 --- a/erigon.yml +++ b/erigon.yml @@ -92,30 +92,6 @@ services: #- --batchSize #- 64m labels: - - traefik.enable=true - - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} - - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} - - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} - - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure - - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) - - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt - - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} - metrics.scrape=true - metrics.path=/debug/metrics/prometheus - metrics.port=6060 diff --git a/ethd b/ethd index c746ea1e..b143fd93 100755 --- a/ethd +++ b/ethd @@ -496,14 +496,13 @@ migrate_compose_file() { traefik-cf-v6.yml validator-keyapi-localport.yml consensus-keyapi-localport.yml prysm-web.yml blank-grafana.yml \ lh-grafana.yml lhcc-grafana.yml nimbus-grafana.yml prysm-grafana.yml teku-grafana.yml geth-grafana.yml \ erigon-grafana.yml oe.yml teku-stats.yml lh-stats.yml lh-stats-consensus.yml lh-stats-validator.yml \ - traefik-shared.yml lighthouse-slasher.yml prysm-slasher.yml el-traefik.yml ee-traefik.yml \ - prometheus-traefik.yml grafana-localhost.yml ) + traefik-shared.yml lighthouse-slasher.yml prysm-slasher.yml prometheus-traefik.yml grafana-localhost.yml ) TO_YML=( el-shared.yml el-traefik.yml cl-shared.yml grafana-shared.yml prysm-web-shared.yml lighthouse-base.yml \ lighthouse-vc-only.yml lighthouse-slasher.yml teku-base.yml teku-vc-only.yml lighthouse-cl-only.yml \ lighthouse-vc-only.yml lodestar-cl-only.yml lodestar-vc-only.yml nimbus-cl-only.yml prysm-cl-only.yml \ prysm-cl-only.yml prysm-vc-only.yml teku-cl-only.yml teku-vc-only.yml lighthouse-base.yml lighthouse-vc-only.yml \ lighthouse-cl-only.yml nethermind.yml lighthouse.yml teku.yml nimbus.yml prysm.yml lodestar.yml traefik-cf.yml \ - validator-keyapi-shared.yml validator-keyapi-shared.yml "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "") + validator-keyapi-shared.yml validator-keyapi-shared.yml "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "") __old_grafana=0 __new_grafana=0 diff --git a/geth.yml b/geth.yml index cfce222e..a8cbaa13 100644 --- a/geth.yml +++ b/geth.yml @@ -74,30 +74,6 @@ services: - --maxpeers - ${EL_MAX_PEER_COUNT:-50} labels: - - traefik.enable=true - - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} - - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} - - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} - - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure - - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) - - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt - - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} - metrics.scrape=true - metrics.path=/debug/metrics/prometheus - metrics.port=6060 diff --git a/lighthouse-cl-only.yml b/lighthouse-cl-only.yml index c41870a9..42809dd7 100644 --- a/lighthouse-cl-only.yml +++ b/lighthouse-cl-only.yml @@ -80,16 +80,6 @@ services: - --suggested-fee-recipient - ${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/lighthouse.yml b/lighthouse.yml index c8615c1d..30133619 100644 --- a/lighthouse.yml +++ b/lighthouse.yml @@ -84,16 +84,6 @@ services: - --suggested-fee-recipient - ${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/lodestar-cl-only.yml b/lodestar-cl-only.yml index fc40a0e4..76a7ec5a 100644 --- a/lodestar-cl-only.yml +++ b/lodestar-cl-only.yml @@ -74,16 +74,6 @@ services: - --suggestedFeeRecipient - ${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/lodestar.yml b/lodestar.yml index 07bc5aab..e3135b82 100644 --- a/lodestar.yml +++ b/lodestar.yml @@ -76,16 +76,6 @@ services: - --suggestedFeeRecipient - ${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/nethermind.yml b/nethermind.yml index 47832442..dfb64b15 100644 --- a/nethermind.yml +++ b/nethermind.yml @@ -82,30 +82,6 @@ services: - --log - ${LOG_LEVEL} labels: - - traefik.enable=true - - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} - - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} - - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} - - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure - - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) - - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt - - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} - metrics.scrape=true - metrics.path=/metrics - metrics.port=6060 diff --git a/nimbus-cl-only.yml b/nimbus-cl-only.yml index 003dd23a..a282bb35 100644 --- a/nimbus-cl-only.yml +++ b/nimbus-cl-only.yml @@ -75,16 +75,6 @@ services: - --suggested-fee-recipient=${FEE_RECIPIENT} - --in-process-validators=false labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/nimbus.yml b/nimbus.yml index ad94e7d0..fbd213b4 100644 --- a/nimbus.yml +++ b/nimbus.yml @@ -79,16 +79,6 @@ services: - --keymanager-token-file=/var/lib/nimbus/api-token.txt - --suggested-fee-recipient=${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/prysm-cl-only.yml b/prysm-cl-only.yml index 4d7e675a..9e9a96aa 100644 --- a/prysm-cl-only.yml +++ b/prysm-cl-only.yml @@ -83,16 +83,6 @@ services: - --suggested-fee-recipient - ${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/prysm.yml b/prysm.yml index 80967093..4636b682 100644 --- a/prysm.yml +++ b/prysm.yml @@ -84,16 +84,6 @@ services: - --suggested-fee-recipient - ${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/reth.yml b/reth.yml index 412b3a6d..2693151b 100644 --- a/reth.yml +++ b/reth.yml @@ -80,30 +80,6 @@ services: - --authrpc.jwtsecret - /var/lib/reth/ee-secret/jwtsecret labels: - - traefik.enable=true - - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} - - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} - - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} - - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure - - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) - - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt - - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} - metrics.scrape=true - metrics.path=/metrics - metrics.port=6060 diff --git a/teku-cl-only.yml b/teku-cl-only.yml index 1dc1808d..eb0eafa0 100644 --- a/teku-cl-only.yml +++ b/teku-cl-only.yml @@ -77,16 +77,6 @@ services: - --metrics-host-allowlist=* - --validators-proposer-default-fee-recipient=${FEE_RECIPIENT} labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008 diff --git a/teku.yml b/teku.yml index e456d3a5..8b9dec58 100644 --- a/teku.yml +++ b/teku.yml @@ -86,16 +86,6 @@ services: - --validators-proposer-default-fee-recipient=${FEE_RECIPIENT} - --validators-keystore-locking-enabled=false labels: - - traefik.enable=true - - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt - - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} - - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure - - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) - - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt - - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} - metrics.scrape=true - metrics.path=/metrics - metrics.port=8008