logos-delivery-compose/run_node.sh at master · logos-messaging/logos-delivery-compose · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/sh

echo "I am a Logos Messaging node"

if [ -n "${ETH_CLIENT_ADDRESS}" ] ; then
    echo "ETH_CLIENT_ADDRESS variable was renamed to RLN_RELAY_ETH_CLIENT_ADDRESS"
    echo "Please update your .env file"
    exit 1
fi

if [ -z "${RLN_RELAY_ETH_CLIENT_ADDRESS}" ]; then
    echo "Missing Eth client address, please refer to README.md for detailed instructions"
    exit 1
fi

MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
DNS_WSS_CMD=

if [ -z "${DOMAIN}" ]; then
    echo "auto-domain: DOMAIN is unset, trying to guess it"

    # Check if we have an IP
    IPCHECK=$(echo "${MY_EXT_IP}" | grep -c '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$')

    if [ "${IPCHECK}" -ne 1 ]; then
        echo "Failed to get ip, received: '${MY_EXT_IP}'"
    else
        echo "auto-domain: ip is '${MY_EXT_IP}'"

        # Get reverse DNS
        DNS=$(dig +short -x "${MY_EXT_IP}")

        # Check if looks like a DNS
        DNSCHECK=$(echo "${DNS}" | grep -c '^\([a-zA-Z0-9_\-]\+\.\)\+$')

        if [ "${DNSCHECK}" -ne 1 ]; then
            echo "Failed to get DNS, received: '${DNS}'"
        else
            DOMAIN=$(echo "${DNS}" | sed s/\.$//)
            echo "auto-domain: DOMAIN deduced and set to ${DOMAIN}"

           # Double check the domain is setup to return right IP
           # OpenDNS servers are used to bypass /etc/hosts as it may return loopback address
           DNS_IP=$(dig +short @208.67.222.222 "${DNS}")

           if [ "${DNS_IP}" != "${MY_EXT_IP}"  ]; then
               echo "auto-domain: DNS queried returned a different ip: '${DNS_IP}', unsetting DOMAIN"
               unset DOMAIN
           else
               echo "auto-domain: last verification successful, DOMAIN=${DOMAIN}"
           fi
        fi
    fi
fi

if [ -n "${DOMAIN}" ]; then
    ## A domain has been either set or inferred. Let's try to use it for websocket secure support.

    apk add --no-cache openssl

    LETSENCRYPT_PATH="/etc/letsencrypt/live/${DOMAIN}"
    CERT="${LETSENCRYPT_PATH}/fullchain.pem"
    KEY="${LETSENCRYPT_PATH}/privkey.pem"

    echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Waiting for a valid TLS certificate for ${DOMAIN}..."

    while true; do
        if [ ! -f "${CERT}" ] || [ ! -f "${KEY}" ]; then
            echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Certificate files not found yet. Waiting..."
        elif ! openssl x509 -checkend 0 -noout -in "${CERT}" >/dev/null 2>&1; then
            echo "$(date '+%Y-%m-%d %H:%M:%S') [WARN] Certificate exists but is expired. Waiting for renewal..."
            echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] If that takes more than 15 minutes, please remove --quiet attr in run_certbot.sh so that you can see the reason why renewal is not working."
        else
            echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] Valid TLS certificate detected."
            break
        fi

        sleep 60
    done

    WS_SUPPORT="--websocket-support=true"
    WSS_SUPPORT="--websocket-secure-support=true"
    WSS_KEY="--websocket-secure-key-path=${KEY}"
    WSS_CERT="--websocket-secure-cert-path=${CERT}"
    DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"

    DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"
fi


if [ -n "${NODEKEY}" ]; then
    NODEKEY=--nodekey=${NODEKEY}
fi

if [ -n "${RLN_RELAY_CRED_PASSWORD}" ]; then
    RLN_RELAY_CRED_PASSWORD=--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}"
    ## Enable Light Push (RLNaaS) if RLN credentials are used
    LIGHTPUSH=--lightpush=true
    ## Pass default value for credentials path if not set
    RLN_RELAY_CRED_PATH=--rln-relay-cred-path=${RLN_RELAY_CRED_PATH:-/keystore/keystore.json}
    echo "Using RLN credentials from ${RLN_RELAY_CRED_PATH}"
else
    LIGHTPUSH=--lightpush=false
    # Ensure no empty values are passed
    RLN_RELAY_CRED_PATH=""
    RLN_RELAY_CRED_PASSWORD=""
fi


STORE_RETENTION_POLICY=--store-message-retention-policy=size:1GB

if [ -n "${STORAGE_SIZE}" ]; then
    STORE_RETENTION_POLICY=--store-message-retention-policy=size:"${STORAGE_SIZE}"
fi

exec /usr/bin/wakunode\
    --relay=true\
    --filter=true\
    --peer-exchange=true\
    ${LIGHTPUSH}\
    --keep-alive=true\
    --max-connections=150\
    --cluster-id=1\
    --discv5-discovery=true\
    --discv5-udp-port=9005\
    --discv5-enr-auto-update=True\
    --log-level=DEBUG\
    --tcp-port=30304\
    --metrics-server=True\
    --metrics-server-port=8003\
    --metrics-server-address=0.0.0.0\
    --rest=true\
    --rest-admin=true\
    --rest-address=0.0.0.0\
    --rest-port=8645\
    --rest-allow-origin="logos-messaging.github.io"\
    --rest-allow-origin="localhost:*"\
    --nat=extip:"${MY_EXT_IP}"\
    --store=true\
    --store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
    --rln-relay-eth-client-address="${RLN_RELAY_ETH_CLIENT_ADDRESS}"\
    ${RLN_RELAY_CRED_PATH}\
    ${RLN_RELAY_CRED_PASSWORD}\
    ${DNS_WSS_CMD}\
    ${NODEKEY}\
    ${STORE_RETENTION_POLICY}\
    ${EXTRA_ARGS}