From c617c96d2d9db1c1bc4e51bfd4fb0d7161fe1a2f Mon Sep 17 00:00:00 2001
From: Hugo Trentesaux <hugo@trentesaux.fr>
Date: Wed, 1 Mar 2023 15:25:34 +0100
Subject: [PATCH] refac docker documentation
---
docker/README.md | 28 +++++---
docker/compose/gdev-mirror.docker-compose.yml | 27 --------
.../compose/gdev-validator.docker-compose.yml | 45 ------------
.../compose/live-template.docker-compose.yml | 2 +
docs/user/nginx_reverse_proxy.md | 52 ++++++++++++++
docs/user/rpc.md | 63 +----------------
docs/user/smith.md | 68 ++-----------------
7 files changed, 81 insertions(+), 204 deletions(-)
delete mode 100644 docker/compose/gdev-mirror.docker-compose.yml
delete mode 100644 docker/compose/gdev-validator.docker-compose.yml
create mode 100644 docs/user/nginx_reverse_proxy.md
diff --git a/docker/README.md b/docker/README.md
index e93db2e0f..c9f30b43e 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -4,13 +4,13 @@ Duniter is the software that supports the [Äž1 libre-currency blockchain](https:
[Duniter v2s](https://git.duniter.org/nodes/rust/duniter-v2s) is a complete rewrite of Duniter based on the Substrate / Polkadot framework. **This is alpha state work in progress.**
-# Minimal docker-compose file for an RPC (non validator) node
+## Minimal docker-compose file for an mirror node
```
version: "3.5"
services:
- duniter-rpc:
+ duniter-mirror:
image: duniter/duniter-v2s:latest
restart: unless-stopped
ports:
@@ -23,16 +23,16 @@ services:
# p2p
- 30333:30333
volumes:
- - data-rpc:/var/lib/duniter/
+ - data-mirror:/var/lib/duniter/
environment:
- DUNITER_CHAIN_NAME=gdev
- DUNITER_NODE_NAME=<my-node-name>
volumes:
- data-rpc:
+ data-mirror:
```
-# Minimal docker-compose file for a validator node
+## Minimal docker-compose file for a validator node
```
version: "3.5"
@@ -57,26 +57,34 @@ volumes:
data-validator:
```
-# Environment variables
+## Environment variables
| Name | Description | Default |
| ---- | ----------- | ------- |
| `DUNITER_NODE_NAME` | The node name. This name will appear on the Substrate telemetry server when telemetry is enabled. | Random name |
| `DUNITER_CHAIN_NAME` | The currency to process. "gdev" uses the embeded chainspec. A path allows to use a local json raw chainspec. | `dev` (development mode) |
-| `DUNITER_PUBLIC_ADDR` | The libp2p public address base. See [libp2p documentation](https://docs.libp2p.io/concepts/fundamentals/addressing/). This variable is useful when the node is behind a reverse-proxy with its ports not directly exposed.<br>Note: the `p2p/<peer_id>` part of the address shouldn't be set in this variable. It is automatically added by Duniter. | duniter-v2s guesses one from the node's IPv4 address. |
+| `DUNITER_PUBLIC_ADDR` | The libp2p public address base. See [libp2p documentation](https://docs.libp2p.io/concepts/fundamentals/addressing/). This variable is useful when the node is behind a reverse proxy with its ports not directly exposed.<br>Note: the `p2p/<peer_id>` part of the address shouldn't be set in this variable. It is automatically added by Duniter. | duniter-v2s guesses one from the node's IPv4 address. |
| `DUNITER_LISTEN_ADDR` | The libp2p listen address. See [libp2p documentation](https://docs.libp2p.io/concepts/fundamentals/addressing/). This variable is useful when running a validator node behind a reverse proxy, to force the P2P end point in websocket mode with:<br> `DUNITER_LISTEN_ADDR=/ip4/0.0.0.0/tcp/30333/ws` | Non validator node: `/ip4/0.0.0.0/tcp/30333/ws`<br>Validator node: `/ip4/0.0.0.0/tcp/30333` |
| `DUNITER_RPC_CORS` | Value of the polkadot `--rpc-cors` option. | `all` |
| `DUNITER_VALIDATOR` | Boolean (`true` / `false`) to run the node in validator mode. Configure the polkadot options `--validator --rpc-methods Unsafe`. | `false` |
| `DUNITER_DISABLE_PROMETHEUS` | Boolean to disable the Prometheus endpoint on port 9615. | `false` |
-| `DUNITER_DISABLE_TELEMETRY` | Boolean to disable connecting to the Substrate tememetry server. | `false` |
+| `DUNITER_DISABLE_TELEMETRY` | Boolean to disable connecting to the Substrate telemetry server. | `false` |
| `DUNITER_PRUNING_PROFILE` | * `default`<br> * `archive`: keep all blocks and state blocks<br> * `light`: keep only last 256 state blocks and last 14400 blocks (one day duration) | `default` |
-# Other duniter options
+## Other Duniter options
-You can pass any other option to duniter using the `command` docker-compose element:
+You can pass any other option to Duniter using the `command` docker-compose element:
```
command:
# workaround for substrate issue #12073
# https://github.com/paritytech/substrate/issues/12073
- "--wasm-execution=interpreted-i-know-what-i-do"
```
+
+## Start Duniter
+
+Once you are happy with your `docker-compose.yml` file, run in the same folder:
+
+```bash
+docker compose up -d
+```
\ No newline at end of file
diff --git a/docker/compose/gdev-mirror.docker-compose.yml b/docker/compose/gdev-mirror.docker-compose.yml
deleted file mode 100644
index 039ab56b7..000000000
--- a/docker/compose/gdev-mirror.docker-compose.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This is a docker template for running a gdev mirror
-
-version: "3.5"
-
-services:
- duniter-rpc:
- image: duniter/duniter-v2s:latest
- restart: unless-stopped
- ports:
- # telemetry
- - 127.0.0.1:9615:9615
- # rpc
- - 127.0.0.1:9933:9933
- # rpc-ws
- - 127.0.0.1:9944:9944
- # p2p
- - 30333:30333
- volumes:
- - ./node.key:/etc/duniter/node.key
- - duniter-rpc-data:/var/lib/duniter/
- environment:
- - DUNITER_CHAIN_NAME=gdev
- # SERVER_DOMAIN should be replaced by a domain name that point on your server
- - DUNITER_PUBLIC_ADDR=/dns/${SERVER_DOMAIN?SERVER_DOMAIN should be set}/tcp/30333/ws
-
-volumes:
- duniter-rpc-data:
diff --git a/docker/compose/gdev-validator.docker-compose.yml b/docker/compose/gdev-validator.docker-compose.yml
deleted file mode 100644
index 655dd1a20..000000000
--- a/docker/compose/gdev-validator.docker-compose.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-version: "3.5"
-
-services:
- duniter-rpc:
- image: duniter/duniter-v2s:latest
- restart: unless-stopped
- ports:
- # telemetry
- - 127.0.0.1:9615:9615
- # rpc
- - 127.0.0.1:9933:9933
- # rpc-ws
- - 127.0.0.1:9944:9944
- # p2p
- - 30333:30333
- volumes:
- - ./node.key:/etc/duniter/validator-node.key
- - duniter-rpc-data:/var/lib/duniter/
- environment:
- - DUNITER_CHAIN_NAME=gdev
- # RPC_SERVER_DOMAIN should be replaced by a domain name that point on your server
- - DUNITER_PUBLIC_ADDR=/dns/${RPC_SERVER_DOMAIN?RPC_SERVER_DOMAIN should be set}/tcp/30333/ws
-
- duniter-validator:
- image: duniter/duniter-v2s:latest
- restart: unless-stopped
- ports:
- # telemetry
- - 127.0.0.1:9616:9615
- # rpc
- - 127.0.0.1:9934:9933
- # rpc-ws
- - 127.0.0.1:9945:9944
- # p2p
- - 30334:30333
- volumes:
- - ./node.key:/etc/duniter/validator-node.key
- - duniter-validator-data:/var/lib/duniter/
- environment:
- - DUNITER_CHAIN_NAME=gdev
- # VALIDATOR_SERVER_DOMAIN should be replaced by a domain name that point on your server
- - DUNITER_PUBLIC_ADDR=/dns/${VALIDATOR_SERVER_DOMAIN?VALIDATOR_SERVER_DOMAIN should be set}/tcp/30333
- - DUNITER_VALIDATOR=true
- command:
- - "--pruning=14400"
diff --git a/docker/compose/live-template.docker-compose.yml b/docker/compose/live-template.docker-compose.yml
index 643ae8c4e..8c2aba285 100644
--- a/docker/compose/live-template.docker-compose.yml
+++ b/docker/compose/live-template.docker-compose.yml
@@ -1,3 +1,5 @@
+# this template is used in /scripts/create-live-network.sh script
+
version: "3.5"
services:
diff --git a/docs/user/nginx_reverse_proxy.md b/docs/user/nginx_reverse_proxy.md
new file mode 100644
index 000000000..b315cea8e
--- /dev/null
+++ b/docs/user/nginx_reverse_proxy.md
@@ -0,0 +1,52 @@
+
+# Nginx reverse proxy example
+
+In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler):
+
+```nginx
+server {
+ server_name gdev.YOUR_DOMAIN.fr;
+
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
+ ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
+
+ root /nowhere;
+
+ add_header X-Frame-Options SAMEORIGIN;
+ add_header X-XSS-Protection "1; mode=block";
+ proxy_redirect off;
+ proxy_buffering off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Port $server_port;
+ proxy_read_timeout 90;
+
+ location /http {
+ proxy_pass http://localhost:9933;
+ proxy_http_version 1.1;
+ }
+ location /ws {
+ proxy_pass http://localhost:9944;
+
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_http_version 1.1;
+
+ proxy_read_timeout 1200s;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ }
+}
+```
+
+and replace `YOUR_DOMAIN` by your domain each time.
+
+- [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
+ if you don't already have a wildcard certificate.
+- `service nginx reload`
+
+Your node is now online as a rpc node. It's fully capable for wallet use.
diff --git a/docs/user/rpc.md b/docs/user/rpc.md
index cf43bd114..907ef1c70 100644
--- a/docs/user/rpc.md
+++ b/docs/user/rpc.md
@@ -4,68 +4,11 @@
### Duniter part
-- Add this docker-compose template on your server:
- [docker/compose/gdev-rpc.docker-compose.yml](https://git.duniter.org/nodes/rust/duniter-v2s/-/blob/master/docker/compose/gdev-mirror.docker-compose.yml)
-- Rename the file : `mv gdev-mirror.docker-compose.yml docker-compose.yml`
-- In the same folder, create a `.env` file that defime environment variables `SERVER_DOMAIN`:
+See [docker documentation](../../docker/README.md) to install, configure, and start a node.
-```bash
-SERVER_DOMAIN=YOUR_DOMAIN
-```
+### Reverse proxy part
-- Do `docker compose up -d` to start your node
-
-### Reverse-proxy part (with Nginx)
-
-In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler):
-
-```nginx
-server {
- server_name gdev.YOUR_DOMAIN.fr;
-
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
- ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
-
- root /nowhere;
-
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-XSS-Protection "1; mode=block";
- proxy_redirect off;
- proxy_buffering off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_read_timeout 90;
-
- location /http {
- proxy_pass http://localhost:9933;
- proxy_http_version 1.1;
- }
- location /ws {
- proxy_pass http://localhost:9944;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_http_version 1.1;
-
- proxy_read_timeout 1200s;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host;
- }
-}
-```
-
-and replace `YOUR_DOMAIN` by your domain each time.
-
-- [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
- if you don't already have a wildcard certificate.
-- `service nginx reload`
-
-Your node is now online as a rpc node. It's fully capable for wallet use.
+See [nginx reverse proxy](./nginx_reverse_proxy.md).
To go further, read [How to become a (black)smith](./smith.md)
diff --git a/docs/user/smith.md b/docs/user/smith.md
index e0fa28c4f..588d3d28b 100644
--- a/docs/user/smith.md
+++ b/docs/user/smith.md
@@ -4,67 +4,11 @@
### Duniter part
-- Add this docker-compose on your server :
- [docker/compose/gdev-validator.docker-compose.yml](https://git.duniter.org/nodes/rust/duniter-v2s/-/blob/master/docker/compose/gdev-validator.docker-compose.yml)
-- Create a `.env` file that define environment variable `SERVER_DOMAIN`:
+See [docker documentation](../../docker/README.md) to install, configure, and start a node. For a smith node, you want to set `DUNITER_VALIDATOR` to `true`.
-```bash
-SERVER_DOMAIN=YOUR_DOMAIN
-```
+### Reverse proxy part
-- `docker compose up -d` to start your node
-
-### Reverse-proxy part (with Nginx)
-
-In `/etc/nginx/sites-enabled/gdev.YOUR_DOMAIN` put (you can probably do simpler):
-
-```nginx
-server {
- server_name gdev.YOUR_DOMAIN.fr;
-
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- ssl_certificate /etc/nginx/ssl/YOUR_DOMAIN.cert;
- ssl_certificate_key /etc/nginx/ssl/YOUR_DOMAIN.key;
-
- root /nowhere;
-
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-XSS-Protection "1; mode=block";
- proxy_redirect off;
- proxy_buffering off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_read_timeout 90;
-
- location /http {
- proxy_pass http://localhost:9933;
- proxy_http_version 1.1;
- }
- location /ws {
- proxy_pass http://localhost:9944;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_http_version 1.1;
-
- proxy_read_timeout 1200s;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host;
- }
-}
-```
-
-and replace `YOUR_DOMAIN` by your domain each time.
-
-- [generate your ssl certificates](https://github.com/acmesh-official/acme.sh) with let's encrypt
- if you don't already have a wildcard certificate.
-- `service nginx reload`
-
-Your node is now online as a rpc node. It's fully capable for wallet use.
+See [nginx reverse proxy](./nginx_reverse_proxy.md).
## Join the Smith WoT
@@ -84,9 +28,9 @@ When you have at least 3 certifications, your'in!
- Generate and publish your session keys
1. create an ssh bridge from your desktop/laptop to your server : `ssh -L 9945:localhost:9945 SSH_USER@YOUR_SERVER`
2. In your browser go to [polkadotjs : ws://localhost:9945](https://polkadot.js.org/apps/?rpc=ws%3A%2F%2Flocalhost%3A9945#/explorer)
- 3. In the UI : developer > appel RPC > author > rotateKey() and run
- 4. copy the result in clipboard
- 5. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > setSessionKeys(keys) then copy your session keys and run the query.
+ 3. In the UI : developer > appel RPC > author > rotateKey() and copy the result in clipboard
+ 4. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > setSessionKeys(keys) then paste your session keys and run the query.
+ 5. In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > claimMembership(keys)
6. **wait 48h to verify you keep sync**
- Join
- In the UI : developer > extrinsics > YOUR_SMITH_ACCOUNT > authorityMembers > goOnline()
--
GitLab