From d1527c0402f2c70bd35cf19ebaba1db06422470b Mon Sep 17 00:00:00 2001 From: ClaytonNorthey92 Date: Mon, 4 Nov 2024 14:45:36 -0500 Subject: [PATCH] added some comments on security, added exposing ports for op-geth and op-node to the docker host --- localnode/NODE_RUNNING.md | 17 +++++++++++++++-- localnode/docker-compose.yml | 16 ++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/localnode/NODE_RUNNING.md b/localnode/NODE_RUNNING.md index 19ed4d2f..e2fdb4e4 100644 --- a/localnode/NODE_RUNNING.md +++ b/localnode/NODE_RUNNING.md @@ -24,7 +24,7 @@ Currently, testnet needs a minimum of 3TB storage. docker -docker-compose +docker compose ### Get the hemi software @@ -47,6 +47,15 @@ The following daemons are needed as part of the hemi software. They are all con 8. bfgd 9. postgres +### Important Note on Security + +Many of the credentials are hard-coded in this directory, as this assumption is +that you're not exposing the associated services' ports to the outside world. +This allows communication between the services locally. +It is ok if you do expose the ports however; just ensure that you change the +values of the credentials to something that is not shared with others. +(ex. jwt token, cookie) + ## Running the network ```sh @@ -57,7 +66,11 @@ docker compose -f localnode/docker-compose.yml up --build To access the node, you can use rpc or websockets at the following ports: -XXX (clayton, please add in) +* op-node + * rpc `8547` +* op-geth + * rpc `18546` + * wsrpc `28546` ## p2p diff --git a/localnode/docker-compose.yml b/localnode/docker-compose.yml index e693347e..ae3c498a 100644 --- a/localnode/docker-compose.yml +++ b/localnode/docker-compose.yml @@ -34,8 +34,11 @@ services: - "bitcoind:18443" - --network - testnet + + # if you expose electrs ports, you may want to ensure that this is changed - --cookie - "user:password" + - "-vvv" - "--timestamp" - --utxos-limit @@ -132,6 +135,8 @@ services: - "--enable-experimental-backfill" volumes: - prysm_data:/data + # change this token value if you expose this service's ports for + # connection from other machines - "./jwt.txt:/tmp/jwt/jwt.hex:ro" ports: - 4000:4000 @@ -159,6 +164,8 @@ services: - "--gpo.percentile=0" volumes: - geth_data:/tmp/geth + # change this token value if you expose this service's ports for + # connection from other machines - "./jwt.txt:/tmp/jwt/jwt.hex" networks: localnode: @@ -204,6 +211,8 @@ services: - "/tmp/entrypointl2.sh" volumes: - "./testnet-genesis.json:/tmp/testnet-genesis.json" + # change this token value if you expose this service's ports for + # connection from other machines - "./jwt.txt:/tmp/jwt/jwt.hex:ro" - "./entrypointl2.sh:/tmp/entrypointl2.sh" - op-geth_data:/tmp/datadir @@ -212,6 +221,9 @@ services: - tbc_data:/tbcdata networks: localnode: + ports: + - "18546:18546" + - "28546:28546" op-node: image: "ghcr.io/hemilabs/op-node:6b46f50@sha256:8a190294b5ee6acc200e9cdfbef95143e604be2ba37b60e42e419118edc1f376" @@ -244,11 +256,15 @@ services: - "--log.level=trace" - "--syncmode=execution-layer" volumes: + # change this token value if you expose this service's ports for + # connection from other machines - "./jwt.txt:/tmp/jwt/jwt.txt" - "./op-node-priv-key.txt:/tmp/op-node-priv-key.txt" - "./rollup.json:/tmp/rollup.json" networks: localnode: + ports: + - "8547:8547" networks: localnode: