From 459764e3ada19da550fcee138fa7e0ec3f70b63e Mon Sep 17 00:00:00 2001 From: yorickdowne <71337066+yorickdowne@users.noreply.github.com> Date: Wed, 13 Sep 2023 12:45:40 -0400 Subject: [PATCH] Enable Siren and change how traefik and shared ports are configured (#1519) --- besu.yml | 25 +++++++++++++++++++++++++ cl-shared.yml | 2 +- consensus-keyapi-localport.yml | 5 ----- consensus-keyapi-shared.yml | 5 +++++ default.env | 12 ++++++++++++ ee-shared.yml | 2 +- ee-traefik.yml | 12 ------------ el-shared.yml | 4 ++-- el-traefik.yml | 24 ------------------------ erigon.yml | 25 +++++++++++++++++++++++++ ethd | 13 +++++++------ geth.yml | 25 +++++++++++++++++++++++++ grafana-cloud.yml | 6 ++++++ grafana-shared.yml | 5 +---- grafana.yml | 6 ++++++ lighthouse-vc-only.yml | 7 +++++++ lighthouse.yml | 19 +++++++++++++++++++ nethermind.yml | 25 +++++++++++++++++++++++++ nimbus-el.yml | 25 +++++++++++++++++++++++++ prometheus-shared.yml | 2 +- prometheus-traefik.yml | 10 ---------- prysm-web-shared.yml | 2 +- reth.yml | 25 +++++++++++++++++++++++++ siren-shared.yml | 6 ++++++ siren.yml | 24 ++++++++++++++++++++++++ validator-keyapi-localport.yml | 5 ----- validator-keyapi-shared.yml | 5 +++++ 27 files changed, 254 insertions(+), 72 deletions(-) delete mode 100644 consensus-keyapi-localport.yml create mode 100644 consensus-keyapi-shared.yml delete mode 100644 ee-traefik.yml delete mode 100644 el-traefik.yml delete mode 100644 prometheus-traefik.yml create mode 100644 siren-shared.yml create mode 100644 siren.yml delete mode 100644 validator-keyapi-localport.yml create mode 100644 validator-keyapi-shared.yml diff --git a/besu.yml b/besu.yml index 9a5e6fab..c43f6aa2 100644 --- a/besu.yml +++ b/besu.yml @@ -75,6 +75,31 @@ services: - --metrics-port - "6060" - --nat-method=DOCKER + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} volumes: besu-eth1-data: jwtsecret: diff --git a/cl-shared.yml b/cl-shared.yml index dd2d451b..a60ac472 100644 --- a/cl-shared.yml +++ b/cl-shared.yml @@ -2,4 +2,4 @@ version: "3.9" services: consensus: ports: - - ${HOST_IP:-}${CL_REST_PORT:-5052}:${CL_REST_PORT:-5052}/tcp + - ${SHARE_IP:-}${CL_REST_PORT:-5052}:${CL_REST_PORT:-5052}/tcp diff --git a/consensus-keyapi-localport.yml b/consensus-keyapi-localport.yml deleted file mode 100644 index ec6945cc..00000000 --- a/consensus-keyapi-localport.yml +++ /dev/null @@ -1,5 +0,0 @@ -version: "3.9" -services: - consensus: - ports: - - 127.0.0.1:${KEY_API_PORT:-7500}:${KEY_API_PORT:-7500}/tcp diff --git a/consensus-keyapi-shared.yml b/consensus-keyapi-shared.yml new file mode 100644 index 00000000..f717f13a --- /dev/null +++ b/consensus-keyapi-shared.yml @@ -0,0 +1,5 @@ +version: "3.9" +services: + consensus: + ports: + - ${SHARE_IP:-}${KEY_API_PORT:-7500}:${KEY_API_PORT:-7500}/tcp diff --git a/default.env b/default.env index a9478c95..8b77ba34 100644 --- a/default.env +++ b/default.env @@ -42,6 +42,7 @@ CF_ZONE_ID= AWS_PROFILE=myprofile AWS_HOSTED_ZONE_ID=myzoneid GRAFANA_HOST=grafana +SIREN_HOST=siren PROM_HOST=prometheus PRYSM_HOST=prysm EE_HOST=ee @@ -51,6 +52,7 @@ EL_WS_HOST=elws EL_WS_LB=elws-lb CL_HOST=cl CL_LB=cl-lb +VC_HOST=vc DDNS_SUBDOMAIN=grafana DDNS_PROXY=true @@ -70,6 +72,10 @@ BEACON_STATS_MACHINE= # Note if you set it, and only then, you MUST append a colon to the end, like 1.2.3.4: or [2001:1:2::3]:, to work around # a limitation of compose V1, even when using compose V2 HOST_IP= +# IP address to use when host-mapping port through *-shared.yml. Set this to 127.0.0.1: to restrict the share to localhost +# Note if you set it, and only then, you MUST append a colon to the end, like 1.2.3.4: or [2001:1:2::3]:, to work around +# a limitation of compose V1, even when using compose V2 +SHARE_IP= # P2P ports you will forward to your staking node. Adjust here if you are # going to use something other than defaults. @@ -79,6 +85,8 @@ PRYSM_PORT=9000 PRYSM_UDP_PORT=9000 # Local grafana dashboard port. Do not expose to Internet, it is insecure http GRAFANA_PORT=3000 +# Local Siren UI port. Do not expose to Internet, it is insecure http +SIREN_PORT=8080 # Prometheus port used when exposing directly on host; used for federation PROMETHEUS_PORT=9090 # Local key manager port. Reachable only via localhost. Also doubles as Prysm web port @@ -189,6 +197,10 @@ LH_DOCKER_TAG=latest-modern LH_DOCKER_REPO=sigp/lighthouse LH_DOCKERFILE=Dockerfile.binary +# Lighthouse Siren +SIREN_DOCKER_TAG=latest +SIREN_DOCKER_REPO=sigmaprime/siren + # Prysm # SRC build target can be a tag, a branch, or a pr as "pr-ID" PRYSM_SRC_BUILD_TARGET='$(git describe --tags $(git rev-list --tags --max-count=1))' diff --git a/ee-shared.yml b/ee-shared.yml index e36a948b..e551f9e2 100644 --- a/ee-shared.yml +++ b/ee-shared.yml @@ -4,4 +4,4 @@ version: "3.9" services: execution: ports: - - ${HOST_IP:-}${EE_PORT}:${EE_PORT:-8551}/tcp + - ${SHARE_IP:-}${EE_PORT}:${EE_PORT:-8551}/tcp diff --git a/ee-traefik.yml b/ee-traefik.yml deleted file mode 100644 index a98e16e2..00000000 --- a/ee-traefik.yml +++ /dev/null @@ -1,12 +0,0 @@ -# To be used in conjunction with erigon.yml, nethermind.yml, besu.yml or geth.yml -# For distributed setups only. Please be very cautious when exposing your engine port -version: "3.9" -services: - execution: - labels: - - traefik.enable=true - - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} - - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure - - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) - - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt - - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} diff --git a/el-shared.yml b/el-shared.yml index 6d91f035..4b1b832f 100644 --- a/el-shared.yml +++ b/el-shared.yml @@ -3,5 +3,5 @@ version: "3.9" services: execution: ports: - - ${HOST_IP:-}${EL_RPC_PORT}:${EL_RPC_PORT:-8545}/tcp - - ${HOST_IP:-}${EL_WS_PORT}:${EL_WS_PORT:-8546}/tcp + - ${SHARE_IP:-}${EL_RPC_PORT}:${EL_RPC_PORT:-8545}/tcp + - ${SHARE_IP:-}${EL_WS_PORT}:${EL_WS_PORT:-8546}/tcp diff --git a/el-traefik.yml b/el-traefik.yml deleted file mode 100644 index 4cd5bda5..00000000 --- a/el-traefik.yml +++ /dev/null @@ -1,24 +0,0 @@ -# To be used in conjunction with erigon.yml, nethermind.yml, besu.yml or geth.yml -version: "3.9" -services: - execution: - labels: - - traefik.enable=true - - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} - - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure - - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} - - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt - - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} - - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure - - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) - - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt - - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} diff --git a/erigon.yml b/erigon.yml index 64379659..9d4b57fa 100644 --- a/erigon.yml +++ b/erigon.yml @@ -91,6 +91,31 @@ services: # Memory use reduction. Not needed with 32G and does not help with 16G #- --batchSize #- 64m + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} volumes: erigon-el-data: jwtsecret: diff --git a/ethd b/ethd index 9ae7edc5..f1dff54b 100755 --- a/ethd +++ b/ethd @@ -682,10 +682,10 @@ envmigrate() { ALL_VARS=( COMPOSE_FILE FEE_RECIPIENT EL_NODE GRAFFITI DEFAULT_GRAFFITI NETWORK MEV_BOOST MEV_RELAYS MEV_MIN_BID MEV_NODE \ CL_MAX_PEER_COUNT CL_MIN_PEER_COUNT EL_MAX_PEER_COUNT EL_MIN_PEER_COUNT DOMAIN ACME_EMAIL AUTOPRUNE_NM LOGS_LABEL \ - CF_DNS_API_TOKEN CF_ZONE_API_TOKEN CF_ZONE_ID AWS_PROFILE AWS_HOSTED_ZONE_ID GRAFANA_HOST DISTRIBUTED BESU_HEAP TEKU_HEAP \ - PROM_HOST HOST_IP PRYSM_HOST EE_HOST EL_HOST EL_LB EL_WS_HOST EL_WS_LB CL_HOST CL_LB DDNS_SUBDOMAIN IPV6 \ + CF_DNS_API_TOKEN CF_ZONE_API_TOKEN CF_ZONE_ID AWS_PROFILE AWS_HOSTED_ZONE_ID GRAFANA_HOST SIREN_HOST DISTRIBUTED BESU_HEAP TEKU_HEAP \ + PROM_HOST HOST_IP SHARE_IP PRYSM_HOST EE_HOST EL_HOST EL_LB EL_WS_HOST EL_WS_LB CL_HOST CL_LB VC_HOST DDNS_SUBDOMAIN IPV6 \ DDNS_PROXY RAPID_SYNC_URL CL_NODE BEACON_STATS_API BEACON_STATS_MACHINE EL_P2P_PORT CL_P2P_PORT WEB3SIGNER \ - PRYSM_PORT DOPPELGANGER PRYSM_UDP_PORT GRAFANA_PORT PROMETHEUS_PORT KEY_API_PORT TRAEFIK_WEB_PORT TRAEFIK_WEB_HTTP_PORT \ + PRYSM_PORT DOPPELGANGER PRYSM_UDP_PORT GRAFANA_PORT SIREN_PORT PROMETHEUS_PORT KEY_API_PORT TRAEFIK_WEB_PORT TRAEFIK_WEB_HTTP_PORT \ CL_REST_PORT EL_RPC_PORT EL_WS_PORT EE_PORT ERIGON_TORRENT_PORT LOG_LEVEL JWT_SECRET EL_EXTRAS CL_EXTRAS \ VC_EXTRAS ARCHIVE_NODE SSV_P2P_PORT SSV_P2P_PORT_UDP ERIGON_P2P_PORT_2 ERIGON_P2P_PORT_3 ) TARGET_VARS=( NIM_SRC_BUILD_TARGET NIM_SRC_REPO NIM_DOCKER_TAG NIM_DOCKER_VC_TAG NIM_DOCKER_REPO NIM_DOCKER_VC_REPO NIM_DOCKERFILE \ @@ -697,7 +697,8 @@ envmigrate() { GETH_SRC_BUILD_TARGET GETH_SRC_REPO GETH_DOCKER_TAG GETH_DOCKER_REPO TRAEFIK_TAG DDNS_TAG GETH_DOCKERFILE NM_SRC_BUILD_TARGET \ NM_SRC_REPO NM_DOCKER_TAG NM_DOCKER_REPO NM_DOCKERFILE BESU_SRC_BUILD_TARGET BESU_SRC_REPO BESU_DOCKER_TAG BESU_DOCKER_REPO \ BESU_DOCKERFILE SSV_NODE_TAG SSV2_NODE_TAG DEPCLI_SRC_BUILD_TARGET DEPCLI_SRC_REPO DEPCLI_DOCKER_TAG W3S_DOCKER_TAG W3S_DOCKER_REPO \ - PG_DOCKER_TAG RETH_SRC_BUILD_TARGET RETH_SRC_REPO RETH_DOCKER_TAG RETH_DOCKER_REPO RETH_DOCKERFILE NODE_EXPORTER_IGNORE_MOUNT_REGEX ) + PG_DOCKER_TAG RETH_SRC_BUILD_TARGET RETH_SRC_REPO RETH_DOCKER_TAG RETH_DOCKER_REPO RETH_DOCKERFILE SIREN_DOCKER_TAG SIREN_DOCKER_REPO \ + NODE_EXPORTER_IGNORE_MOUNT_REGEX ) OLD_VARS=( LH_PORT PRYSM_WEB_PORT EC_NODE REWARDS_TO GETH_CACHE CF_API_TOKEN \ EC_HOST EC_LB EC_WS_HOST EC_WS_LB CC_HOST CC_LB EC_P2P_PORT CC_NODE CC_P2P_PORT EC_RPC_PORT EC_WS_PORT ) NEW_VARS=( CL_P2P_PORT KEY_API_PORT EL_NODE FEE_RECIPIENT EL_EXTRAS CF_DNS_API_TOKEN \ @@ -830,8 +831,8 @@ envmigrate() { migrate_compose_file() { # When this gets called $var is COMPOSE_FILE and $value is what is set in .env for it # Some files have been renamed and others removed altogether - FROM_YML=( ec-shared.yml ec-traefik.yml cc-shared.yml grafana-insecure.yml prysm-web-insecure.yml lh-base-notz.yml lh-validator-notz.yml lh-slasher.yml teku-base-notz.yml teku-validator-notz.yml lh-consensus.yml lh-validator.yml lodestar-consensus.yml lodestar-validator.yml nimbus-consensus.yml prysm-consensus.yml prysm-consensus-rest.yml prysm-validator.yml teku-consensus.yml teku-validator.yml lh-base.yml lh-vc-only.yml lh-cl-only.yml nm.yml lighthouse-base.yml teku-base.yml nimbus-base.yml prysm-base.yml lodestar-base.yml traefik-cf-v6.yml prysm-web.yml blank-grafana.yml lh-grafana.yml lhcc-grafana.yml nimbus-grafana.yml prysm-grafana.yml teku-grafana.yml geth-grafana.yml erigon-grafana.yml oe.yml teku-stats.yml lh-stats.yml lh-stats-consensus.yml lh-stats-validator.yml traefik-shared.yml lighthouse-slasher.yml prysm-slasher.yml ) - TO_YML=( el-shared.yml el-traefik.yml cl-shared.yml grafana-shared.yml prysm-web-shared.yml lighthouse-base.yml lighthouse-vc-only.yml lighthouse-slasher.yml teku-base.yml teku-vc-only.yml lighthouse-cl-only.yml lighthouse-vc-only.yml lodestar-cl-only.yml lodestar-vc-only.yml nimbus-cl-only.yml prysm-cl-only.yml prysm-cl-only.yml prysm-vc-only.yml teku-cl-only.yml teku-vc-only.yml lighthouse-base.yml lighthouse-vc-only.yml lighthouse-cl-only.yml nethermind.yml lighthouse.yml teku.yml nimbus.yml prysm.yml lodestar.yml traefik-cf.yml "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ) + FROM_YML=( ec-shared.yml ec-traefik.yml cc-shared.yml grafana-insecure.yml prysm-web-insecure.yml lh-base-notz.yml lh-validator-notz.yml lh-slasher.yml teku-base-notz.yml teku-validator-notz.yml lh-consensus.yml lh-validator.yml lodestar-consensus.yml lodestar-validator.yml nimbus-consensus.yml prysm-consensus.yml prysm-consensus-rest.yml prysm-validator.yml teku-consensus.yml teku-validator.yml lh-base.yml lh-vc-only.yml lh-cl-only.yml nm.yml lighthouse-base.yml teku-base.yml nimbus-base.yml prysm-base.yml lodestar-base.yml traefik-cf-v6.yml validator-keyapi-localport.yml consensus-keyapi-localport.yml prysm-web.yml blank-grafana.yml lh-grafana.yml lhcc-grafana.yml nimbus-grafana.yml prysm-grafana.yml teku-grafana.yml geth-grafana.yml erigon-grafana.yml oe.yml teku-stats.yml lh-stats.yml lh-stats-consensus.yml lh-stats-validator.yml traefik-shared.yml lighthouse-slasher.yml prysm-slasher.yml el-traefik.yml ee-traefik.yml prometheus-traefik.yml ) + TO_YML=( el-shared.yml el-traefik.yml cl-shared.yml grafana-shared.yml prysm-web-shared.yml lighthouse-base.yml lighthouse-vc-only.yml lighthouse-slasher.yml teku-base.yml teku-vc-only.yml lighthouse-cl-only.yml lighthouse-vc-only.yml lodestar-cl-only.yml lodestar-vc-only.yml nimbus-cl-only.yml prysm-cl-only.yml prysm-cl-only.yml prysm-vc-only.yml teku-cl-only.yml teku-vc-only.yml lighthouse-base.yml lighthouse-vc-only.yml lighthouse-cl-only.yml nethermind.yml lighthouse.yml teku.yml nimbus.yml prysm.yml lodestar.yml traefik-cf.yml validator-keyapi-shared.yml validator-keyapi-shared.yml "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "") __old_grafana=0 __new_grafana=0 diff --git a/geth.yml b/geth.yml index cf32b3db..0fdbbe02 100644 --- a/geth.yml +++ b/geth.yml @@ -73,6 +73,31 @@ services: - --authrpc.vhosts=* - --maxpeers - ${EL_MAX_PEER_COUNT:-50} + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} set-prune-marker: profiles: ["tools"] image: alpine:3 diff --git a/grafana-cloud.yml b/grafana-cloud.yml index 2f8dd769..98242a57 100644 --- a/grafana-cloud.yml +++ b/grafana-cloud.yml @@ -31,6 +31,12 @@ services: entrypoint: choose-config.sh command: ["/bin/prometheus", "--storage.tsdb.path=/prometheus", "--web.console.libraries=/usr/share/prometheus/console_libraries", "--web.console.templates=/usr/share/prometheus/consoles"] <<: *logging + labels: + - traefik.enable=true + - traefik.http.routers.prom.entrypoints=web,websecure + - traefik.http.routers.prom.rule=Host(`${PROM_HOST}.${DOMAIN}`) + - traefik.http.routers.prom.tls.certresolver=letsencrypt + - traefik.http.services.prom.loadbalancer.server.port=9090 ethereum-metrics-exporter: restart: "unless-stopped" diff --git a/grafana-shared.yml b/grafana-shared.yml index 8c27555f..ca955862 100644 --- a/grafana-shared.yml +++ b/grafana-shared.yml @@ -2,7 +2,4 @@ version: "3.9" services: grafana: ports: - - ${HOST_IP:-}${GRAFANA_PORT}:${GRAFANA_PORT}/tcp -# prometheus: -# ports: -# - 9090:9090/tcp + - ${SHARE_IP:-}${GRAFANA_PORT}:${GRAFANA_PORT}/tcp diff --git a/grafana.yml b/grafana.yml index f830668e..e9061202 100644 --- a/grafana.yml +++ b/grafana.yml @@ -21,6 +21,12 @@ services: entrypoint: choose-config.sh command: ["/bin/prometheus", "--storage.tsdb.path=/prometheus", "--web.console.libraries=/usr/share/prometheus/console_libraries", "--web.console.templates=/usr/share/prometheus/consoles"] <<: *logging + labels: + - traefik.enable=true + - traefik.http.routers.prom.entrypoints=web,websecure + - traefik.http.routers.prom.rule=Host(`${PROM_HOST}.${DOMAIN}`) + - traefik.http.routers.prom.tls.certresolver=letsencrypt + - traefik.http.services.prom.loadbalancer.server.port=9090 ethereum-metrics-exporter: restart: "unless-stopped" diff --git a/lighthouse-vc-only.yml b/lighthouse-vc-only.yml index 9dbeeb7d..09e75489 100644 --- a/lighthouse-vc-only.yml +++ b/lighthouse-vc-only.yml @@ -63,6 +63,13 @@ services: - --unencrypted-http-transport - --suggested-fee-recipient - ${FEE_RECIPIENT} + labels: + - traefik.enable=true + - traefik.http.routers.${VC_HOST:-vc}.service=${VC_HOST:-vc} + - traefik.http.routers.${VC_HOST:-vc}.entrypoints=websecure + - traefik.http.routers.${VC_HOST:-vc}.rule=Host(`${VC_HOST:-vc}.${DOMAIN}`) + - traefik.http.routers.${VC_HOST:-vc}.tls.certresolver=letsencrypt + - traefik.http.services.${VC_HOST:-vc}.loadbalancer.server.port=${KEY_API_PORT:-7500} validator-exit: profiles: ["tools"] diff --git a/lighthouse.yml b/lighthouse.yml index 05f8c60a..3d388d60 100644 --- a/lighthouse.yml +++ b/lighthouse.yml @@ -61,6 +61,7 @@ services: - 0.0.0.0 - --http-port - ${CL_REST_PORT:-5052} + - --http-allow-origin=* - --listen-address - 0.0.0.0 - --port @@ -80,6 +81,17 @@ services: - --validator-monitor-auto - --suggested-fee-recipient - ${FEE_RECIPIENT} + labels: + - traefik.enable=true + - traefik.http.routers.${CL_HOST:-cl}.service=${CL_HOST:-cl} + - traefik.http.routers.${CL_HOST:-cl}.entrypoints=websecure + - traefik.http.routers.${CL_HOST:-cl}.rule=Host(`${CL_HOST:-cl}.${DOMAIN}`) + - traefik.http.routers.${CL_HOST:-cl}.tls.certresolver=letsencrypt + - traefik.http.routers.${CL_HOST:-cl}lb.service=${CL_HOST:-cl} + - traefik.http.routers.${CL_HOST:-cl}lb.entrypoints=websecure + - traefik.http.routers.${CL_HOST:-cl}lb.rule=Host(`${CL_LB:-cl-lb}.${DOMAIN}`) + - traefik.http.routers.${CL_HOST:-cl}lb.tls.certresolver=letsencrypt + - traefik.http.services.${CL_HOST:-cl}.loadbalancer.server.port=${CL_REST_PORT:-5052} validator: restart: "unless-stopped" @@ -129,6 +141,13 @@ services: - ${FEE_RECIPIENT} depends_on: - consensus + labels: + - traefik.enable=true + - traefik.http.routers.${VC_HOST:-vc}.service=${VC_HOST:-vc} + - traefik.http.routers.${VC_HOST:-vc}.entrypoints=websecure + - traefik.http.routers.${VC_HOST:-vc}.rule=Host(`${VC_HOST:-vc}.${DOMAIN}`) + - traefik.http.routers.${VC_HOST:-vc}.tls.certresolver=letsencrypt + - traefik.http.services.${VC_HOST:-vc}.loadbalancer.server.port=${KEY_API_PORT:-7500} validator-exit: profiles: ["tools"] diff --git a/nethermind.yml b/nethermind.yml index 6d2bcfa0..3db6027d 100644 --- a/nethermind.yml +++ b/nethermind.yml @@ -82,6 +82,31 @@ services: - AlwaysShutdown - --log - ${LOG_LEVEL} + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} volumes: nm-eth1-data: jwtsecret: diff --git a/nimbus-el.yml b/nimbus-el.yml index f047f9ac..efa99740 100644 --- a/nimbus-el.yml +++ b/nimbus-el.yml @@ -65,6 +65,31 @@ services: - --engine-api-ws-address=0.0.0.0 - --max-peers=${EL_MAX_PEER_COUNT:-25} - --log-level=${LOG_LEVEL} + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} volumes: nimbus-el-data: jwtsecret: diff --git a/prometheus-shared.yml b/prometheus-shared.yml index 71078860..a422dc5f 100644 --- a/prometheus-shared.yml +++ b/prometheus-shared.yml @@ -3,4 +3,4 @@ version: "3.9" services: prometheus: ports: - - ${HOST_IP:-}${PROMETHEUS_PORT:-9090}:9090/tcp + - ${SHARE_IP:-}${PROMETHEUS_PORT:-9090}:9090/tcp diff --git a/prometheus-traefik.yml b/prometheus-traefik.yml deleted file mode 100644 index 9efc292f..00000000 --- a/prometheus-traefik.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Prometheus federation, or other reasons to have prometheus through traefik -version: "3.9" -services: - prometheus: - labels: - - traefik.enable=true - - traefik.http.routers.prom.entrypoints=web,websecure - - traefik.http.routers.prom.rule=Host(`${PROM_HOST}.${DOMAIN}`) - - traefik.http.routers.prom.tls.certresolver=letsencrypt - - traefik.http.services.prom.loadbalancer.server.port=9090 diff --git a/prysm-web-shared.yml b/prysm-web-shared.yml index b2e068a0..e1dffc4c 100644 --- a/prysm-web-shared.yml +++ b/prysm-web-shared.yml @@ -2,4 +2,4 @@ version: "3.9" services: validator: ports: - - ${HOST_IP:-}${KEY_API_PORT:-7500}:${KEY_API_PORT:-7500}/tcp + - ${SHARE_IP:-}${KEY_API_PORT:-7500}:${KEY_API_PORT:-7500}/tcp diff --git a/reth.yml b/reth.yml index cab888e4..56767a02 100644 --- a/reth.yml +++ b/reth.yml @@ -79,6 +79,31 @@ services: - ${EE_PORT:-8551} - --authrpc.jwtsecret - /var/lib/reth/ee-secret/jwtsecret + labels: + - traefik.enable=true + - traefik.http.routers.${EL_HOST:-el}.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}.rule=Host(`${EL_HOST:-el}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_HOST:-el}lb.service=${EL_HOST:-el} + - traefik.http.routers.${EL_HOST:-el}lb.entrypoints=websecure + - traefik.http.routers.${EL_HOST:-el}lb.rule=Host(`${EL_LB:-el-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_HOST:-el}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_HOST:-el}.loadbalancer.server.port=${EL_RPC_PORT:-8545} + - traefik.http.routers.${EL_WS_HOST:-elws}.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}.rule=Host(`${EL_WS_HOST:-elws}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}.tls.certresolver=letsencrypt + - traefik.http.routers.${EL_WS_HOST:-elws}lb.service=${EL_WS_HOST:-elws} + - traefik.http.routers.${EL_WS_HOST:-elws}lb.entrypoints=websecure + - traefik.http.routers.${EL_WS_HOST:-elws}lb.rule=Host(`${EL_WS_LB:-elws-lb}.${DOMAIN}`) + - traefik.http.routers.${EL_WS_HOST:-elws}lb.tls.certresolver=letsencrypt + - traefik.http.services.${EL_WS_HOST:-elws}.loadbalancer.server.port=${EL_WS_PORT:-8546} + - traefik.http.routers.${EE_HOST:-ee}.service=${EE_HOST:-ee} + - traefik.http.routers.${EE_HOST:-ee}.entrypoints=websecure + - traefik.http.routers.${EE_HOST:-ee}.rule=Host(`${EE_HOST:-ee}.${DOMAIN}`) + - traefik.http.routers.${EE_HOST:-ee}.tls.certresolver=letsencrypt + - traefik.http.services.${EE_HOST:-ee}.loadbalancer.server.port=${EE_PORT:-8551} volumes: reth-el-data: jwtsecret: diff --git a/siren-shared.yml b/siren-shared.yml new file mode 100644 index 00000000..acbb0a9e --- /dev/null +++ b/siren-shared.yml @@ -0,0 +1,6 @@ +# To be used in conjunction with siren.yml +version: "3.9" +services: + siren: + ports: + - ${SHARE_IP:-}${SIREN_PORT}:80/tcp diff --git a/siren.yml b/siren.yml new file mode 100644 index 00000000..6852a2cd --- /dev/null +++ b/siren.yml @@ -0,0 +1,24 @@ +# Sigma Prime Siren, for use with Lighthouse +version: "3.9" +x-logging: &logging + logging: + driver: json-file + options: + max-size: 100m + max-file: "3" + tag: '{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}' + +services: + siren: + restart: "unless-stopped" + image: ${SIREN_DOCKER_REPO}:${SIREN_DOCKER_TAG} + volumes: + - /etc/localtime:/etc/localtime:ro + <<: *logging + labels: + - traefik.enable=true + - traefik.http.routers.$(SIREN_HOST:-siren}.service=${SIREN_HOST:-siren} + - traefik.http.routers.${SIREN_HOST:-siren}.entrypoints=websecure + - traefik.http.routers.${SIREN_HOST:-siren}.rule=Host(`${SIREN_HOST:-siren}.${DOMAIN}`) + - traefik.http.routers.${SIREN_HOST:-siren}.tls.certresolver=letsencrypt + - traefik.http.services.${SIREN_HOST:-siren}.loadbalancer.server.port=80 diff --git a/validator-keyapi-localport.yml b/validator-keyapi-localport.yml deleted file mode 100644 index 2d5fef79..00000000 --- a/validator-keyapi-localport.yml +++ /dev/null @@ -1,5 +0,0 @@ -version: "3.9" -services: - validator: - ports: - - 127.0.0.1:${KEY_API_PORT:-7500}:${KEY_API_PORT:-7500}/tcp diff --git a/validator-keyapi-shared.yml b/validator-keyapi-shared.yml new file mode 100644 index 00000000..e1dffc4c --- /dev/null +++ b/validator-keyapi-shared.yml @@ -0,0 +1,5 @@ +version: "3.9" +services: + validator: + ports: + - ${SHARE_IP:-}${KEY_API_PORT:-7500}:${KEY_API_PORT:-7500}/tcp