dappnode · dappnodedev · Aug 7, 2024 · Jul 5, 2024 · Jul 5, 2024 · Jul 5, 2024
diff --git a/beacon-chain/Dockerfile b/beacon-chain/Dockerfile
@@ -3,28 +3,29 @@ ARG UPSTREAM_VERSION
 FROM statusim/nimbus-eth2:multiarch-${UPSTREAM_VERSION}
 
 ARG NETWORK
-ARG P2P_PORT
 ARG STAKER_SCRIPTS_VERSION
-
-USER root
-
-RUN apt-get update && apt-get install -y curl && apt-get clean
-
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
-COPY jwtsecret.hex /jwtsecret
+ARG DATA_DIR
+ARG P2P_PORT
 
 ENV JWT_SECRET_FILE=/jwtsecret \
-    NETWORK=${NETWORK} \
     VALIDATOR_PORT=3500 \
+    DATA_DIR=${DATA_DIR} \
     P2P_PORT=${P2P_PORT} \
     NIMBUS_BIN="/home/user/nimbus_beacon_node" \
-    DATA_DIR="/home/user/nimbus-eth2/build/data" \
-    TOKEN_FILE="${DATA_DIR}/auth-token" \
-    AUTH_TOKEN_PATH=${AUTH_TOKEN_PATH} \
     STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION}
 
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY jwtsecret.hex ${JWT_SECRET_FILE}
+
 ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/
 
-RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
+USER root
+
+RUN apt-get update && apt-get --yes install curl && apt-get clean && \
+    chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
+
+# This env changes the variant
+# Placed at the end to regenerate the least amount of layers
+ENV NETWORK=${NETWORK}
 
 ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
diff --git a/beacon-chain/entrypoint.sh b/beacon-chain/entrypoint.sh
@@ -1,55 +1,46 @@
 #!/bin/sh
 
 SUPPORTED_NETWORKS="gnosis holesky mainnet"
-MEVBOOST_FLAGS="--payload-builder=true --payload-builder-url"
+MEVBOOST_FLAG_KEYS="--payload-builder=true --payload-builder-url"
 
 # shellcheck disable=SC1091 # Path is relative to the Dockerfile
 . /etc/profile
 
-handle_checkpoint() {
+ENGINE_URL=$(get_engine_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}")
+VALID_FEE_RECIPIENT=$(get_valid_fee_recipient "${FEE_RECIPIENT}")
+MEVBOOST_FLAG=$(get_mevboost_flag "${NETWORK}" "${MEVBOOST_FLAG_KEYS}")
 
-    if [ -n "$(ls -A "${DATA_DIR}/db")" ]; then
-        echo "[INFO - entrypoint] Data directory has already been initialized, skipping checkpoint sync."
-        return
-    fi
+if [ -n "$(ls -A "${DATA_DIR}/db" 2>/dev/null)" ]; then
+    echo "[INFO - entrypoint] Data directory has already been initialized, skipping checkpoint sync."
 
-    # Run checkpoint sync script if provided
-    if [ -n "${CHECKPOINT_SYNC_URL}" ]; then
-        echo "[INFO - entrypoint] Running checkpoint sync script"
+elif [ -n "${CHECKPOINT_SYNC_URL}" ]; then
+    echo "[INFO - entrypoint] Running checkpoint sync script"
 
-        ${NIMBUS_BIN} trustedNodeSync \
-            --network="${NETWORK}" \
-            --trusted-node-url="${CHECKPOINT_SYNC_URL}" \
-            --backfill=false \
-            --data-dir="${DATA_DIR}"
-    else
-        echo "[WARN - entrypoint] No checkpoint sync script provided. Syncing from genesis."
-    fi
-}
-
-run_beacon() {
-    echo "[INFO - entrypoint] Running beacon node service"
-
-    # shellcheck disable=SC2086
-    exec ${NIMBUS_BIN} \
+    ${NIMBUS_BIN} trustedNodeSync \
         --network="${NETWORK}" \
-        --data-dir="${DATA_DIR}" \
-        --tcp-port="${P2P_PORT}" \
-        --udp-port="${P2P_PORT}" \
-        --log-level="${LOG_TYPE}" \
-        --rest \
-        --rest-port=3500 \
-        --rest-address=0.0.0.0 \
-        --metrics \
-        --metrics-address=0.0.0.0 \
-        --metrics-port=8008 \
-        --jwt-secret=/jwtsecret \
-        --web3-url="${ENGINE_API_URL}" \
-        --suggested-fee-recipient="${FEE_RECIPIENT}" ${EXTRA_OPTS}
-}
-
-format_graffiti
-set_beacon_config_by_network "${NETWORK}" "${SUPPORTED_NETWORKS}"
-handle_checkpoint
-set_mevboost_flag "${MEVBOOST_FLAGS}" # MEV-Boost: https://chainsafe.github.io/lodestar/usage/mev-integration/
-run_beacon
+        --trusted-node-url="${CHECKPOINT_SYNC_URL}" \
+        --backfill=false \
+        --data-dir="${DATA_DIR}"
+
+else
+    echo "[WARN - entrypoint] No checkpoint sync script provided. Syncing from genesis."
+fi
+
+echo "[INFO - entrypoint] Running beacon node service"
+
+# shellcheck disable=SC2086
+exec ${NIMBUS_BIN} \
+    --network="${NETWORK}" \
+    --data-dir="${DATA_DIR}" \
+    --tcp-port="${P2P_PORT}" \
+    --udp-port="${P2P_PORT}" \
+    --log-level="${LOG_TYPE}" \
+    --rest \
+    --rest-port=3500 \
+    --rest-address=0.0.0.0 \
+    --metrics \
+    --metrics-address=0.0.0.0 \
+    --metrics-port=8008 \
+    --jwt-secret=/jwtsecret \
+    --web3-url="${ENGINE_URL}" \
+    --suggested-fee-recipient="${VALID_FEE_RECIPIENT}" ${MEVBOOST_FLAG} ${EXTRA_OPTS}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,12 +1,20 @@
 version: "3.6"
 services:
+  # Proxy to forward legacy requests to beacon-validator instead of beacon-chain or validator
+  beacon-validator:
+    build:
+      context: proxy
+    depends_on:
+      - beacon-chain
+      - validator
 
   beacon-chain:
     build:
       context: beacon-chain
       args:
         UPSTREAM_VERSION: v24.6.0
         STAKER_SCRIPTS_VERSION: v0.1.0
+        DATA_DIR: /home/user/nimbus-eth2/build/data
     environment:
       LOG_TYPE: INFO
       FEE_RECIPIENT: ""
@@ -23,14 +31,18 @@ services:
       args:
         UPSTREAM_VERSION: v24.6.0
         STAKER_SCRIPTS_VERSION: v0.1.0
+        DATA_DIR: /home/user/nimbus-eth2/build/data
     environment:
       LOG_TYPE: INFO
       GRAFFITI: validating_from_DAppNode
       FEE_RECIPIENT: ""
-      ENABLE_DOPPELGANGER: true
+      ENABLE_DOPPELGANGER: "true"
       EXTRA_OPTS: ""
+    volumes:
+      - nimbus-validators-data:/home/user/nimbus-eth2/build/data
 
     restart: unless-stopped
     stop_grace_period: 1m
 volumes:
   nimbus-data: {}
+  nimbus-validators-data: {}
diff --git a/package_variants/gnosis/docker-compose.yml b/package_variants/gnosis/docker-compose.yml
@@ -1,5 +1,10 @@
 version: "3.5"
 services:
+  beacon-validator:
+    build:
+      args:
+        NETWORK: gnosis
+
   beacon-chain:
     build:
       args:

diff --git a/package_variants/holesky/docker-compose.yml b/package_variants/holesky/docker-compose.yml
@@ -1,5 +1,10 @@
 version: "3.5"
 services:
+  beacon-validator:
+    build:
+      args:
+        NETWORK: holesky
+
   beacon-chain:
     build:
       args:

diff --git a/package_variants/mainnet/docker-compose.yml b/package_variants/mainnet/docker-compose.yml
@@ -1,5 +1,10 @@
 version: "3.5"
 services:
+  beacon-validator:
+    build:
+      args:
+        NETWORK: mainnet
+
   beacon-chain:
     build:
       args:

diff --git a/proxy/Dockerfile b/proxy/Dockerfile
@@ -0,0 +1,15 @@
+FROM nginx:1.27.0-alpine
+
+ARG NETWORK
+
+ENV NETWORK=${NETWORK}
+
+COPY nginx.conf /etc/nginx/nginx.conf.template
+
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+
+RUN chmod +x /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/proxy/entrypoint.sh b/proxy/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ -z "${NETWORK}" ]; then
+    echo "NETWORK is not defined. Exiting."
+    exit 1
+fi
+
+if [ "${NETWORK}" = "mainnet" ]; then
+    BEACON_CHAIN_URL="http://beacon-chain.nimbus.dappnode:3500"
+    VALIDATOR_URL="http://validator.nimbus.dappnode:3500"
+else
+    BEACON_CHAIN_URL="http://beacon-chain.nimbus-${NETWORK}.dappnode:3500"
+    VALIDATOR_URL="http://validator.nimbus-${NETWORK}.dappnode:3500"
+fi
+
+# Replace variables in nginx.conf
+sed -e "s|\${VALIDATOR_URL}|${VALIDATOR_URL}|g" -e "s|\${BEACON_CHAIN_URL}|${BEACON_CHAIN_URL}|g" /etc/nginx/nginx.conf.template >/etc/nginx/nginx.conf
+
+# Start nginx
+exec "$@"
diff --git a/proxy/nginx.conf b/proxy/nginx.conf
@@ -0,0 +1,27 @@
+events {}
+
+http {
+    server {
+        listen 3500;
+
+        location / {
+            proxy_pass ${VALIDATOR_URL};
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+
+    server {
+        listen 4500;
+
+        location / {
+            proxy_pass ${BEACON_CHAIN_URL};
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}
diff --git a/validator/Dockerfile b/validator/Dockerfile
@@ -4,20 +4,25 @@ FROM statusim/nimbus-validator-client:multiarch-${UPSTREAM_VERSION}
 
 ARG NETWORK
 ARG STAKER_SCRIPTS_VERSION
-ARG AUTH_TOKEN_PATH=/security/auth-token
+ARG DATA_DIR
 
-USER root
-
-COPY entrypoint.sh /usr/local/bin/entrypoint.sh
-COPY auth-token ${AUTH_TOKEN_PATH}
-
-ENV NETWORK=${NETWORK} \
-    AUTH_TOKEN_PATH=${AUTH_TOKEN_PATH} \
+ENV DATA_DIR=${DATA_DIR} \
+    VALIDATOR_API_TOKEN_PATH=/security/auth-token \
     NIMBUS_BIN="/home/user/nimbus_validator_client" \
     STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION}
 
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY auth-token ${VALIDATOR_API_TOKEN_PATH}
+
 ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/
 
-RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
+USER root
+
+RUN apt-get update && apt-get --yes install curl && apt-get clean && \
+    chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh
+
+# This env changes the variant
+# Placed at the end to regenerate the least amount of layers
+ENV NETWORK=${NETWORK}
 
 ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
diff --git a/validator/entrypoint.sh b/validator/entrypoint.sh
@@ -8,29 +8,29 @@ CLIENT="nimbus"
 # shellcheck disable=SC1091
 . /etc/profile
 
-run_validator() {
-    echo "[INFO - entrypoint] Running validator service"
+VALID_GRAFFITI=$(get_valid_graffiti "${GRAFFITI}")
+VALID_FEE_RECIPIENT=$(get_valid_fee_recipient "${FEE_RECIPIENT}")
+SIGNER_API_URL=$(get_signer_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}")
+BEACON_API_URL=$(get_beacon_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}" "${CLIENT}")
+MEVBOOST_FLAG=$(get_mevboost_flag "${MEVBOOST_FLAG_KEY}" "${SKIP_MEVBOOST_URL}")
 
-    # shellcheck disable=SC2086
-    exec ${NIMBUS_BIN} \
-        --log-level="${LOG_TYPE}" \
-        --doppelganger-detection="${ENABLE_DOPPELGANGER}" \
-        --non-interactive=true \
-        --web3-signer-url="${WEB3SIGNER_API_URL}" \
-        --suggested-fee-recipient="${FEE_RECIPIENT}" \
-        --keymanager=true \
-        --keymanager-port=3500 \
-        --keymanager-address=0.0.0.0 \
-        --keymanager-allow-origin=* \
-        --keymanager-token-file="${AUTH_TOKEN_PATH}" \
-        --metrics=true \
-        --metrics-address=0.0.0.0 \
-        --metrics-port=8008 \
-        --graffiti="${GRAFFITI}" \
-        --beacon-node="${BEACON_API_URL}" ${EXTRA_OPTS}
-}
+echo "[INFO - entrypoint] Running validator service"
 
-format_graffiti
-set_validator_config_by_network "${NETWORK}" "${SUPPORTED_NETWORKS}" "${CLIENT}"
-set_mevboost_flag "${MEVBOOST_FLAG}" "${SKIP_MEVBOOST_URL}" # MEV-Boost: https://chainsafe.github.io/lodestar/usage/mev-integration/
-run_validator
+# shellcheck disable=SC2086
+exec ${NIMBUS_BIN} \
+    --log-level="${LOG_TYPE}" \
+    --data-dir="${DATA_DIR}" \
+    --doppelganger-detection="${ENABLE_DOPPELGANGER}" \
+    --non-interactive \
+    --web3-signer-url="${SIGNER_API_URL}" \
+    --suggested-fee-recipient="${VALID_FEE_RECIPIENT}" \
+    --keymanager=true \
+    --keymanager-port=3500 \
+    --keymanager-address=0.0.0.0 \
+    --keymanager-allow-origin=* \
+    --keymanager-token-file="${VALIDATOR_API_TOKEN_PATH}" \
+    --metrics=true \
+    --metrics-address=0.0.0.0 \
+    --metrics-port=8008 \
+    --graffiti="${VALID_GRAFFITI}" \
+    --beacon-node="${BEACON_API_URL}" ${MEVBOOST_FLAG} ${EXTRA_OPTS}