Skip to content
Snippets Groups Projects
Commit c617c96d authored by Hugo Trentesaux's avatar Hugo Trentesaux
Browse files

refac docker documentation

parent f97f5c96
No related branches found
No related tags found
1 merge request!136Refactor docker documentation
Pipeline #18866 waiting for manual action
Stage: quality
    Stage: build
      Stage: tests
        Stage: deploy
          Hide whitespace changes
          Inline Side-by-side
          docker/README.md
          + 18
          10
          View file @ c617c96d
          ......@@ -4,13 +4,13 @@ Duniter is the software that supports the [Ğ1 libre-currency blockchain](https:
          [Duniter v2s](https://git.duniter.org/nodes/rust/duniter-v2s) is a complete rewrite of Duniter based on the Substrate / Polkadot framework. **This is alpha state work in progress.**
          # Minimal docker-compose file for an RPC (non validator) node
          ## Minimal docker-compose file for an mirror node
          ```
          version: "3.5"
          services:
          duniter-rpc:
          duniter-mirror:
          image: duniter/duniter-v2s:latest
          restart: unless-stopped
          ports:
          ......@@ -23,16 +23,16 @@ services:
          # p2p
          - 30333:30333
          volumes:
          - data-rpc:/var/lib/duniter/
          - data-mirror:/var/lib/duniter/
          environment:
          - DUNITER_CHAIN_NAME=gdev
          - DUNITER_NODE_NAME=<my-node-name>
          volumes:
          data-rpc:
          data-mirror:
          ```
          # Minimal docker-compose file for a validator node
          ## Minimal docker-compose file for a validator node
          ```
          version: "3.5"
          ......@@ -57,26 +57,34 @@ volumes:
          data-validator:
          ```
          # Environment variables
          ## Environment variables
          | Name | Description | Default |
          | ---- | ----------- | ------- |
          | `DUNITER_NODE_NAME` | The node name. This name will appear on the Substrate telemetry server when telemetry is enabled. | Random name |
          | `DUNITER_CHAIN_NAME` | The currency to process. "gdev" uses the embeded chainspec. A path allows to use a local json raw chainspec. | `dev` (development mode) |
          | `DUNITER_PUBLIC_ADDR` | The libp2p public address base. See [libp2p documentation](https://docs.libp2p.io/concepts/fundamentals/addressing/). This variable is useful when the node is behind a reverse-proxy with its ports not directly exposed.<br>Note: the `p2p/<peer_id>` part of the address shouldn't be set in this variable. It is automatically added by Duniter. | duniter-v2s guesses one from the node's IPv4 address. |
          | `DUNITER_PUBLIC_ADDR` | The libp2p public address base. See [libp2p documentation](https://docs.libp2p.io/concepts/fundamentals/addressing/). This variable is useful when the node is behind a reverse proxy with its ports not directly exposed.<br>Note: the `p2p/<peer_id>` part of the address shouldn't be set in this variable. It is automatically added by Duniter. | duniter-v2s guesses one from the node's IPv4 address. |
          | `DUNITER_LISTEN_ADDR` | The libp2p listen address. See [libp2p documentation](https://docs.libp2p.io/concepts/fundamentals/addressing/). This variable is useful when running a validator node behind a reverse proxy, to force the P2P end point in websocket mode with:<br> `DUNITER_LISTEN_ADDR=/ip4/0.0.0.0/tcp/30333/ws` | Non validator node: `/ip4/0.0.0.0/tcp/30333/ws`<br>Validator node: `/ip4/0.0.0.0/tcp/30333` |
          | `DUNITER_RPC_CORS` | Value of the polkadot `--rpc-cors` option. | `all` |
          | `DUNITER_VALIDATOR` | Boolean (`true` / `false`) to run the node in validator mode. Configure the polkadot options `--validator --rpc-methods Unsafe`. | `false` |
          | `DUNITER_DISABLE_PROMETHEUS` | Boolean to disable the Prometheus endpoint on port 9615. | `false` |
          | `DUNITER_DISABLE_TELEMETRY` | Boolean to disable connecting to the Substrate tememetry server. | `false` |
          | `DUNITER_DISABLE_TELEMETRY` | Boolean to disable connecting to the Substrate telemetry server. | `false` |
          | `DUNITER_PRUNING_PROFILE` | * `default`<br> * `archive`: keep all blocks and state blocks<br> * `light`: keep only last 256 state blocks and last 14400 blocks (one day duration) | `default` |
          # Other duniter options
          ## Other Duniter options
          You can pass any other option to duniter using the `command` docker-compose element:
          You can pass any other option to Duniter using the `command` docker-compose element:
          ```
          command:
          # workaround for substrate issue #12073
          # https://github.com/paritytech/substrate/issues/12073
          - "--wasm-execution=interpreted-i-know-what-i-do"
          ```
          ## Start Duniter
          Once you are happy with your `docker-compose.yml` file, run in the same folder:
          ```bash
          docker compose up -d
          ```
          \ No newline at end of file
          docker/compose/gdev-mirror.docker-compose.yml deleted 100644 → 0
          + 0
          27
          View file @ f97f5c96
          # This is a docker template for running a gdev mirror
          version: "3.5"
          services:
          duniter-rpc:
          image: duniter/duniter-v2s:latest
          restart: unless-stopped
          ports:
          # telemetry
          - 127.0.0.1:9615:9615
          # rpc
          - 127.0.0.1:9933:9933
          # rpc-ws
          - 127.0.0.1:9944:9944
          # p2p
          - 30333:30333
          volumes:
          - ./node.key:/etc/duniter/node.key
          - duniter-rpc-data:/var/lib/duniter/
          environment:
          - DUNITER_CHAIN_NAME=gdev
          # SERVER_DOMAIN should be replaced by a domain name that point on your server
          - DUNITER_PUBLIC_ADDR=/dns/${SERVER_DOMAIN?SERVER_DOMAIN should be set}/tcp/30333/ws
          volumes:
          duniter-rpc-data:
          docker/compose/gdev-validator.docker-compose.yml deleted 100644 → 0
          + 0
          45
          View file @ f97f5c96
          version: "3.5"
          services:
          duniter-rpc:
          image: duniter/duniter-v2s:latest
          restart: unless-stopped
          ports:
          # telemetry
          - 127.0.0.1:9615:9615
          # rpc
          - 127.0.0.1:9933:9933
          # rpc-ws
          - 127.0.0.1:9944:9944
          # p2p
          - 30333:30333
          volumes:
          - ./node.key:/etc/duniter/validator-node.key
          - duniter-rpc-data:/var/lib/duniter/
          environment:
          - DUNITER_CHAIN_NAME=gdev
          # RPC_SERVER_DOMAIN should be replaced by a domain name that point on your server
          - DUNITER_PUBLIC_ADDR=/dns/${RPC_SERVER_DOMAIN?RPC_SERVER_DOMAIN should be set}/tcp/30333/ws
          duniter-validator:
          image: duniter/duniter-v2s:latest
          restart: unless-stopped
          ports:
          # telemetry
          - 127.0.0.1:9616:9615
          # rpc
          - 127.0.0.1:9934:9933
          # rpc-ws
          - 127.0.0.1:9945:9944
          # p2p
          - 30334:30333
          volumes:
          - ./node.key:/etc/duniter/validator-node.key
          - duniter-validator-data:/var/lib/duniter/
          environment:
          - DUNITER_CHAIN_NAME=gdev
          # VALIDATOR_SERVER_DOMAIN should be replaced by a domain name that point on your server
          - DUNITER_PUBLIC_ADDR=/dns/${VALIDATOR_SERVER_DOMAIN?VALIDATOR_SERVER_DOMAIN should be set}/tcp/30333
          - DUNITER_VALIDATOR=true
          command:
          - "--pruning=14400"
          docker/compose/live-template.docker-compose.yml
          + 2
          0
          View file @ c617c96d
          # this template is used in /scripts/create-live-network.sh script
          version: "3.5"
          services:
          ......
          docs/user/nginx_reverse_proxy.md 0 → 100644
          + 52
          0
          View file @ c617c96d
          # Nginx reverse proxy example
          In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler):
          ```nginx
          server {
          server_name gdev.YOUR_DOMAIN.fr;
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
          ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
          root /nowhere;
          add_header X-Frame-Options SAMEORIGIN;
          add_header X-XSS-Protection "1; mode=block";
          proxy_redirect off;
          proxy_buffering off;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Port $server_port;
          proxy_read_timeout 90;
          location /http {
          proxy_pass http://localhost:9933;
          proxy_http_version 1.1;
          }
          location /ws {
          proxy_pass http://localhost:9944;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_http_version 1.1;
          proxy_read_timeout 1200s;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          }
          }
          ```
          and replace `YOUR_DOMAIN` by your domain each time.
          - [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
          if you don't already have a wildcard certificate.
          - `service nginx reload`
          Your node is now online as a rpc node. It's fully capable for wallet use.
          docs/user/rpc.md
          + 3
          60
          View file @ c617c96d
          ......@@ -4,68 +4,11 @@
          ### Duniter part
          - Add this docker-compose template on your server:
          [docker/compose/gdev-rpc.docker-compose.yml](https://git.duniter.org/nodes/rust/duniter-v2s/-/blob/master/docker/compose/gdev-mirror.docker-compose.yml)
          - Rename the file : `mv gdev-mirror.docker-compose.yml docker-compose.yml`
          - In the same folder, create a `.env` file that defime environment variables `SERVER_DOMAIN`:
          See [docker documentation](../../docker/README.md) to install, configure, and start a node.
          ```bash
          SERVER_DOMAIN=YOUR_DOMAIN
          ```
          ### Reverse proxy part
          - Do `docker compose up -d` to start your node
          ### Reverse-proxy part (with Nginx)
          In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler):
          ```nginx
          server {
          server_name gdev.YOUR_DOMAIN.fr;
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
          ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
          root /nowhere;
          add_header X-Frame-Options SAMEORIGIN;
          add_header X-XSS-Protection "1; mode=block";
          proxy_redirect off;
          proxy_buffering off;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Port $server_port;
          proxy_read_timeout 90;
          location /http {
          proxy_pass http://localhost:9933;
          proxy_http_version 1.1;
          }
          location /ws {
          proxy_pass http://localhost:9944;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_http_version 1.1;
          proxy_read_timeout 1200s;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          }
          }
          ```
          and replace `YOUR_DOMAIN` by your domain each time.
          - [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
          if you don't already have a wildcard certificate.
          - `service nginx reload`
          Your node is now online as a rpc node. It's fully capable for wallet use.
          See [nginx reverse proxy](./nginx_reverse_proxy.md).
          To go further, read [How to become a (black)smith](./smith.md)
          ......
          docs/user/smith.md
          + 6
          62
          View file @ c617c96d
          ......@@ -4,67 +4,11 @@
          ### Duniter part
          - Add this docker-compose on your server :
          [docker/compose/gdev-validator.docker-compose.yml](https://git.duniter.org/nodes/rust/duniter-v2s/-/blob/master/docker/compose/gdev-validator.docker-compose.yml)
          - Create a `.env` file that define environment variable `SERVER_DOMAIN`:
          See [docker documentation](../../docker/README.md) to install, configure, and start a node. For a smith node, you want to set `DUNITER_VALIDATOR` to `true`.
          ```bash
          SERVER_DOMAIN=YOUR_DOMAIN
          ```
          ### Reverse proxy part
          - `docker compose up -d` to start your node
          ### Reverse-proxy part (with Nginx)
          In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler):
          ```nginx
          server {
          server_name gdev.YOUR_DOMAIN.fr;
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
          ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
          root /nowhere;
          add_header X-Frame-Options SAMEORIGIN;
          add_header X-XSS-Protection "1; mode=block";
          proxy_redirect off;
          proxy_buffering off;
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Forwarded-Port $server_port;
          proxy_read_timeout 90;
          location /http {
          proxy_pass http://localhost:9933;
          proxy_http_version 1.1;
          }
          location /ws {
          proxy_pass http://localhost:9944;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_http_version 1.1;
          proxy_read_timeout 1200s;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          }
          }
          ```
          and replace `YOUR_DOMAIN` by your domain each time.
          - [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
          if you don't already have a wildcard certificate.
          - `service nginx reload`
          Your node is now online as a rpc node. It's fully capable for wallet use.
          See [nginx reverse proxy](./nginx_reverse_proxy.md).
          ## Join the Smith WoT
          ......@@ -84,9 +28,9 @@ When you have at least 3 certifications, your'in!
          - Generate and publish your session keys
          1. create an ssh bridge from your desktop/laptop to your server : `ssh -L 9945:localhost:9945 SSH_USER@YOUR_SERVER`
          2. In your browser go to [polkadotjs : ws://localhost:9945](https://polkadot.js.org/apps/?rpc=ws%3A%2F%2Flocalhost%3A9945#/explorer)
          3. In the UI : developer > appel RPC > author > rotateKey() and run
          4. copy the result in clipboard
          5. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > setSessionKeys(keys) then copy your session keys and run the query.
          3. In the UI : developer > appel RPC > author > rotateKey() and copy the result in clipboard
          4. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > setSessionKeys(keys) then paste your session keys and run the query.
          5. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > claimMembership(keys)
          6. **wait 48h to verify you keep sync**
          - Join
          - In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > goOnline()
          ......
          0% or .
          You are about to add 0 people to the discussion. Proceed with caution.
          Finish editing this message first!
          Please register or to comment