Update for leap + certbot

.gitignore

@@ -4,3 +4,4 @@ configs/nginx.conf
 downloads
 shared/nginx/*.conf
 shared/nodeos/*.sock
+certbot/*

Dockerfile-minimal-api

@@ -1,7 +1,7 @@
 FROM ubuntu:18.04
 
 # install required software
-RUN apt-get update --fix-missing && apt-get install -y curl git dnsutils net-tools
+RUN apt-get update --fix-missing && apt-get install -y curl git dnsutils net-tools wget
 
 # setup folder structure
 RUN mkdir /eosio
@@ -15,12 +15,13 @@ ARG NODEOS_VERSION
 ENV NODEOS_VERSION $NODEOS_VERSION
 
 # build nodeos
-RUN git clone $NODEOS_REPOSITORY /eosio/build
 WORKDIR /eosio/build
-RUN git checkout $NODEOS_VERSION
+RUN git clone -b $NODEOS_VERSION $NODEOS_REPOSITORY /eosio/build
 RUN git submodule update --init --recursive
-RUN apt-get update --fix-missing && ./scripts/eosio_build.sh -y
+RUN apt-get update --fix-missing
+RUN ./scripts/install_deps.sh && ./scripts/pinned_build.sh /eosio/deps /eosio/build/build $(nproc)
 RUN cp /eosio/build/build/programs/nodeos/nodeos /eosio/nodeos
+RUN rm -rf /eosio/build/build /eosio/build/deps
 
 # configure nodeos
 COPY configs/config.ini /eosio/base.ini

README.md

@@ -24,17 +24,28 @@ cp configs/docker/default.env .env
 This file contains the following parameters:
 
 ```
+# The name of the network this environment is for (must be unique on the host machine)
+NETWORK_NAME=EOS
+
+# The port to expose the nodeos api(s) on the host machine
+NETWORK_PORT_API=8888
+
+# The port to expose the nodeos p2p procotol on the host machine
+NETWORK_PORT_P2P=9876
+
 # The git repository of the nodeos (EOSIO) repository to use
-NODEOS_REPOSITORY=https://github.com/EOSIO/eos.git
+NODEOS_REPOSITORY=https://github.com/AntelopeIO/leap.git
 
 # The branch/tag of nodeos to checkout during the build process
-NODEOS_VERSION=v2.1.0
+NODEOS_VERSION=v3.1.0
 
 # A snapshot (compressed as tar.gz) to use during the startup of this node
-NODEOS_SNAPSHOT=https://snapshots.greymass.network/jungle/latest.tar.gz
+#NODEOS_SNAPSHOT=https://snapshots.greymass.network/jungle/latest.tar.gz
+NODEOS_SNAPSHOT=https://snapshots.greymass.network/eos/latest.tar.gz
 
 # Peers to inject into the nodeos configuration 
-NODEOS_PEERS=peer.jungle3.alohaeos.com:9876 jungle.eosn.io:9876 jungle3.eosrio.io:58012
+#NODEOS_PEERS=peer.jungle3.alohaeos.com:9876 jungle.eosn.io:9876 jungle3.eosrio.io:58012
+NODEOS_PEERS=seed.greymass.com:9876 p2p.mainnet.eosrio.io:9876 p2p.donates2eden.io:9876 p2p.eoscafeblock.com:9000 p2p.eosdetroit.io:3018 peer.main.alohaeos.com:9876 p2p.eos42.io:9876 eos.seed.eosnation.io:9876
 ```
 
 The second thing you'll need to configure is the nodeos configuration file itself. Create a copy of this configuration file as outlined below, and it'll be passed to the container for use.

configs/docker/nginx.yaml

@@ -7,6 +7,17 @@ services:
         ports:
             - "${NETWORK_PORT_API}:8888"
             - "${NETWORK_PORT_P2P}:9876"
+            - 80:80
+            - 443:443
+        restart: always
         volumes:
             - ../nginx.conf:/etc/nginx/nginx.conf:ro
-            - ../../shared:/eosio/shared
+            - ../../shared:/eosio/shared
+            - /opt/eosio/src/docker-nodeos/certbot/www/:/var/www/certbot/:rw
+            - /opt/eosio/src/docker-nodeos/certbot/conf/:/etc/nginx/ssl/:rw
+            - /opt/eosio/src/docker-nodeos/certbot/letsencrypt/:/etc/letsencrypt/:rw
+        logging:
+            options:
+                max-size: "10m"
+                max-file: "3"
+

configs/nginx/nginx.conf

@@ -31,7 +31,7 @@ http {
 
     upstream nodes {
         include /eosio/shared/nginx/*.conf;
-        server nodeos:8888 weight=1;
+        server nodeos:8881 weight=1;
     }
 
     server {

configs/nodeos/example-minimal-api.config.ini

@@ -17,7 +17,7 @@ http-validate-host = false
 # state
 read-mode = head
 validation-mode = full
-chain-state-db-size-mb = 131070
+chain-state-db-size-mb = 16384
 reversible-blocks-db-size-mb = 2048
 
 # blocks - Retain 24 hours worth of blocks (2 * 60 * 60 * 24 = 172800)
@@ -27,4 +27,4 @@ max-retained-block-files = 1728
 
 # plugins
 plugin = eosio::chain_plugin eosio::chain_api_plugin
-plugin = eosio::http_plugin
+plugin = eosio::http_plugin

docker-compose.yaml

@@ -7,9 +7,16 @@ services:
             file: ./configs/docker/nodeos-minimal-api.yaml
             service: nodeos
     nginx:
-        depends_on:
-            - nodeos
+#        depends_on:
+#            - nodeos
         extends:
             file: ./configs/docker/nginx.yaml
             service: nginx
         profiles: ["nginx"]
+    certbot:
+        image: certbot/certbot:latest
+        volumes:
+            - ./certbot/www/:/var/www/certbot/:rw
+            - ./certbot/logs:/var/log/letsencrypt/:rw
+            - ./certbot/letsencrypt/:/etc/letsencrypt/:rw
+

init-letsencrypt.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+if ! [ -x "$(command -v docker-compose)" ]; then
+  echo 'Error: docker-compose is not installed.' >&2
+  exit 1
+fi
+
+domains=(api.eos.heliosrising.com)
+rsa_key_size=4096
+data_path="./certbot"
+email="[email protected]" # Adding a valid address is strongly recommended
+staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+
+if [ -d "$data_path" ]; then
+  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
+  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
+    exit
+  fi
+fi
+
+
+if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
+  echo "### Downloading recommended TLS parameters ..."
+  mkdir -p "$data_path/conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  echo
+fi
+
+echo "### Creating dummy certificate for $domains ..."
+path="/etc/letsencrypt/live/$domains"
+mkdir -p "$data_path/conf/live/$domains"
+docker-compose run --rm --entrypoint "\
+  openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
+    -keyout '$path/privkey.pem' \
+    -out '$path/fullchain.pem' \
+    -subj '/CN=localhost'" certbot
+echo
+
+
+echo "### Starting nginx ..."
+docker-compose up --force-recreate -d nginx
+echo
+
+echo "### Deleting dummy certificate for $domains ..."
+docker-compose run --rm --entrypoint "\
+  rm -Rf /etc/letsencrypt/live/$domains && \
+  rm -Rf /etc/letsencrypt/archive/$domains && \
+  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
+echo
+
+
+echo "### Requesting Let's Encrypt certificate for $domains ..."
+#Join $domains to -d args
+domain_args=""
+for domain in "${domains[@]}"; do
+  domain_args="$domain_args -d $domain"
+done
+
+# Select appropriate email arg
+case "$email" in
+  "") email_arg="--register-unsafely-without-email" ;;
+  *) email_arg="--email $email" ;;
+esac
+
+# Enable staging mode if needed
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
+
+docker-compose run --rm --entrypoint "\
+  certbot certonly --webroot -w /var/www/certbot \
+    $staging_arg \
+    $email_arg \
+    $domain_args \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal" certbot
+echo
+
+echo "### Reloading nginx ..."
+docker-compose exec nginx nginx -s reload

peers.ini

@@ -0,0 +1,9 @@
+p2p-peer-address = eos.seed.eosnation.io:9876
+p2p-peer-address = seed.greymass.com:9876
+p2p-peer-address = p2p.mainnet.eosrio.io:9876
+p2p-peer-address = p2p.donates2eden.io:9876
+p2p-peer-address = p2p.eoscafeblock.com:9000
+p2p-peer-address = p2p.eosdetroit.io:3018
+p2p-peer-address = peer.main.alohaeos.com:9876
+p2p-peer-address = p2p.eos42.io:9876
+p2p-peer-address = eos.seed.eosnation.io:9876

scripts/entrypoint-minimal-api.sh

@@ -21,18 +21,19 @@ IP=`ifconfig eth0 | grep 'inet ' | awk '{print $2}'`
 INDEX=`dig -x $IP +short | sed 's/.*_\([0-9]*\)\..*/\1/'`
 NODEOS_SOCK=/eosio/shared/nodeos/$NETWORK_NAME$INDEX.sock
 echo "generating unique unix sock file name ($NODEOS_SOCK)"
-echo unix-socket-path = $NODEOS_SOCK >> /eosio/sock.ini
+rm /eosio/sock.ini
+echo unix-socket-path = $NODEOS_SOCK > /eosio/sock.ini
 touch $NODEOS_SOCK
 chmod 777 $NODEOS_SOCK
 
 # Create nginx upstream entry for this server
 echo "server unix:$NODEOS_SOCK fail_timeout=1 max_fails=3 weight=65535;" > /eosio/shared/nginx/$NETWORK_NAME$INDEX.conf
 
 # Combine all configs to final version
-cat /eosio/peers.ini /eosio/sock.ini /eosio/base.ini >> /eosio/config.ini
+cat /eosio/peers.ini /eosio/sock.ini /eosio/base.ini > /eosio/config.ini
 echo "config.ini generation complete!"
 
 # Start based on snapshot
 echo "starting nodeos..."
 cd /eosio
-/eosio/nodeos --data-dir=/ramdisk --config-dir=. --snapshot=/eosio/downloads/snapshot.bin
+/eosio/nodeos --data-dir=/ramdisk --config-dir=. --snapshot=/eosio/downloads/snapshot.bin