Browse Source

Merge pull request #28 from getumbrel/new-pwd-patch

Improvements for compose-framework
patch-1
Mayank Chhabra 5 years ago
committed by GitHub
parent
commit
a4d28bdc6e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 17
      NETWORKING.md
  2. 16
      bitcoin/bitcoin.conf
  3. 10
      build/tor/Dockerfile
  4. 21
      build/volume-permissions/Dockerfile
  5. 56
      configure-box.sh
  6. 89
      docker-compose.yml
  7. 2
      install-box.sh
  8. 24
      lnd/lnd.conf
  9. 6
      nginx/conf.d/default.conf
  10. 11
      tor/torrc

17
NETWORKING.md

@ -0,0 +1,17 @@
# Docker network setup
This is the current network setup for docker-compose. You can also refer to them by name as well within the containers (eventually this will happen). An alternate mirror can be found [here](https://github.com/getumbrel/umbrel-compose/wiki/Docker-Compose-networking).
## Default configuration
**Subnet mask:** 10.11.0.0/16 (10.11.* range for those who don't speak CIDR)
Box | IP Address |
-----------| -----------|
tor | 10.11.5.1 |
nginx | 10.11.0.2 |
bitcoin | 10.11.1.1 |
lnd | 10.11.1.2 |
dashboard | 10.11.0.3 |
manager | 10.11.2.1 |
middleware | 10.11.2.2 |

16
bitcoin/bitcoin.conf

@ -1,12 +1,14 @@
# Have TOR commented for initial sync # Have TOR commented for initial sync
#onion=127.0.0.1:9050 onion=10.11.5.1:29050
#torcontrol=127.0.0.1:9051 torcontrol=10.11.5.1:29051
#torpassword=umbrelftw torpassword=umbrelftw
server=1 server=1
rest=1 rest=1
#uncomment this for testnet #uncomment this for testnet
#testnet=1 #testnet=1
#uncomment this for regtest
#regtest=1
# Low bandwidth/CPU optimizations # Low bandwidth/CPU optimizations
blocksonly=1 blocksonly=1
@ -17,8 +19,14 @@ maxuploadtarget=5000
# uncomment test if testnet=1 is activated # uncomment test if testnet=1 is activated
#[test] #[test]
# uncomment regtest if regtest=1 is activated
#[regtest]
port=8333 port=8333
rpcport=8332 rpcport=8332
rpcbind=10.11.1.1
rpcbind=127.0.0.1
rpcallowip=10.11.0.0/16
rpcallowip=127.0.0.1
# Prune it up first (We can uncomment this later or by script, should there be enough space) # Prune it up first (We can uncomment this later or by script, should there be enough space)
prune=550 prune=550
@ -33,5 +41,3 @@ logtimestamps=0
logthreadnames=1 logthreadnames=1
nodebuglogfile=1 nodebuglogfile=1
rpcbind=0.0.0.0

10
build/tor/Dockerfile

@ -1,10 +0,0 @@
FROM alpine:3.11
RUN apk add --no-cache tor
VOLUME /etc/tor/
VOLUME /var/lib/tor/
EXPOSE 9050 9051 29050 29051
ENTRYPOINT ["tor"]

21
build/volume-permissions/Dockerfile

@ -1,21 +0,0 @@
ARG IMG
ARG VER
FROM ${IMG}:${VER}
ARG ID=1000
ARG DIR=/data/
RUN addgroup --gid ${ID} lncm
RUN adduser --uid ${ID} \
--home ${DIR} \
--disabled-password \
--gecos "" \
--ingroup lncm \
lncm
USER lncm
VOLUME ${DIR}

56
configure-box.sh

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -e
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
@ -27,13 +27,61 @@ echo "Configuring LND rpc info"
sed -i "s/RPCPASS/${RPCPASS}/g; " lnd/lnd.conf sed -i "s/RPCPASS/${RPCPASS}/g; " lnd/lnd.conf
echo "Configuring docker-compose file" echo "Configuring docker-compose file"
sed -i "s/RPCPASS/${RPCPASS}/g; " docker-compose.yml sed -i "s/RPCPASS/${RPCPASS}/g; " docker-compose.yml
if [ ! -z $TESTNET ]; then # TESTNET set and REGTEST not
if [ ! -z $TESTNET ] && [ -z $REGTEST ]; then
echo "Enabling testnet mode if TESTNET variable is set" echo "Enabling testnet mode if TESTNET variable is set"
# Update bitcoin.conf # Update bitcoin.conf
sed -i '/[test]/s/^#//g' bitcoin/bitcoin.conf sed -i 's/\#\[test\]/\[test\]/g;' bitcoin/bitcoin.conf
sed -i '/testnet=1/s/^#//g' bitcoin/bitcoin.conf sed -i 's/\#testnet=1/testnet=1/g' bitcoin/bitcoin.conf
sed -i 's/rpcport=8332/rpcport=18332/g; ' bitcoin/bitcoin.conf
sed -i 's/port=8332/port=18333/g; ' bitcoin/bitcoin.conf
echo "Setting testnet port"
sed -i 's/RPCPORT/18332/g; ' docker-compose.yml
# Update docker-compose # Update docker-compose
sed -i 's/mainnet/testnet/g; ' docker-compose.yml sed -i 's/mainnet/testnet/g; ' docker-compose.yml
# lnd.conf
echo "Changing LND to testnet mode"
sed -i 's/bitcoin.mainnet=1/bitcoin.testnet=1/g; ' lnd/lnd.conf
echo "Updating LND neutrino peers"
sed -i 's/neutrino.addpeer=bb2.breez.technology/\;neutrino.addpeer=bb2.breez.technology/g; ' lnd/lnd.conf
sed -i 's/neutrino.addpeer=mainnet1-btcd.zaphq.io/\;neutrino.addpeer=mainnet1-btcd.zaphq.io/g; ' lnd/lnd.conf
sed -i 's/neutrino.addpeer=mainnet2-btcd.zaphq.io/\;neutrino.addpeer=mainnet2-btcd.zaphq.io/g;' lnd/lnd.conf
sed -i 's/\;neutrino.addpeer=testnet1-btcd.zaphq.io/neutrino.addpeer=testnet1-btcd.zaphq.io/g;' lnd/lnd.conf
sed -i 's/\;neutrino.addpeer=testnet2-btcd.zaphq.io/neutrino.addpeer=testnet2-btcd.zaphq.io/g; ' lnd/lnd.conf
fi fi
# REGTEST set and TESTNET not
if [ -z $TESTNET ] && [ ! -z $REGTEST ]; then
echo "Enabling regtest mode if REGTEST variable is set"
sed -i 's/\#\[regtest\]/\[regtest\]/g;' bitcoin/bitcoin.conf
sed -i 's/\#regtest=1/regtest=1/g' bitcoin/bitcoin.conf
sed -i 's/rpcport=8332/rpcport=18443/g; ' bitcoin/bitcoin.conf
sed -i 's/port=8333/port=18444/; ' bitcoin/bitcoin.conf
sed -i 's/mainnet/regtest/g; ' docker-compose.yml
echo "Setting regtest port"
sed -i 's/RPCPORT/18443/g; ' docker-compose.yml
# Update LND
echo "Changing LND to regtest mode"
sed -i 's/bitcoin.mainnet=1/bitcoin.regtest=1/g; ' lnd/lnd.conf
echo "Updating LND if regtest is set"
sed -i 's/bitcoin.node=neutrino/bitcoin.node=bitcoind/g; ' lnd/lnd.conf
fi
# if neither set
if [ -z $TESTNET ] && [ -z $REGTEST ]; then
echo "Setting mainnet RPC port in docker-compose"
sed -i 's/RPCPORT/18443/g; ' docker-compose.yml
fi
echo "Pulling Docker images"
docker-compose pull
echo "Adding tor password"
SAVE_PASSWORD=`docker run -it getumbrel/tor:v0.4.1.9 --quiet --hash-password "${RPCPASS}"`
echo "HashedControlPassword ${SAVE_PASSWORD}" >> tor/torrc
echo "Adding Tor password to bitcoind"
sed -i "s/torpassword=umbrelftw/torpassword=${RPCPASS}/g;" bitcoin/bitcoin.conf
echo "Adding Tor password to LND"
sed -i "s/tor.password=umbrelftw/tor.password=${RPCPASS}/g; " lnd/lnd.conf
rm configure-box.sh rm configure-box.sh
echo "Box Configuration complete" echo "Box Configuration complete"

89
docker-compose.yml

@ -10,78 +10,117 @@ x-utility: &default-utility
network_mode: host network_mode: host
services: services:
tor:
image: getumbrel/tor:v0.4.1.9
restart: on-failure
logging: *default-logging
volumes:
- "${PWD}/tor/torrc:/etc/tor/torrc"
- "${PWD}/tor/data:/var/lib/tor/"
- "${PWD}/tor/run:/var/run/tor/"
networks:
net:
ipv4_address: 10.11.5.1
nginx: nginx:
image: nginx:1.17.8 image: nginx:1.17.8
depends_on: [ tor ]
logging: *default-logging logging: *default-logging
volumes: volumes:
- ${HOME}/nginx:/etc/nginx - ${PWD}/nginx:/etc/nginx
restart: on-failure restart: on-failure
network_mode: host
stop_grace_period: 30s stop_grace_period: 30s
ports:
- "80:80"
networks:
net:
ipv4_address: 10.11.0.2
bitcoin: bitcoin:
image: lncm/bitcoind:v0.20.0 image: lncm/bitcoind:v0.20.0
depends_on: [ tor ]
logging: *default-logging logging: *default-logging
command: "-zmqpubrawblock=tcp://0.0.0.0:28332 -zmqpubrawtx=tcp://0.0.0.0:28333"
volumes: volumes:
- ${HOME}/bitcoin:/root/.bitcoin - ${PWD}/bitcoin:/root/.bitcoin
- ${HOME}/bitcoin:/data/.bitcoin - ${PWD}/bitcoin:/data/.bitcoin
- ${HOME}/bitcoin:/data/bitcoin - ${PWD}/bitcoin:/data/bitcoin
restart: on-failure restart: on-failure
network_mode: host
stop_grace_period: 15m30s stop_grace_period: 15m30s
ports:
- "127.0.0.1:8333:8333"
networks:
net:
ipv4_address: 10.11.1.1
lnd: lnd:
image: lncm/lnd:v0.9.2-root-experimental image: lncm/lnd:v0.10.1-experimental
depends_on: [ tor ]
logging: *default-logging logging: *default-logging
volumes: volumes:
- ${HOME}/lnd:/data/.lnd - ${PWD}/lnd:/data/.lnd
- ${HOME}/lnd:/root/.lnd - ${PWD}/lnd:/root/.lnd
- ${HOME}/bitcoin:/root/.bitcoin - ${PWD}/bitcoin:/root/.bitcoin
- /var/lib/tor:/var/lib/tor
- /run/tor:/run/tor/
restart: on-failure restart: on-failure
network_mode: host
stop_grace_period: 5m30s stop_grace_period: 5m30s
networks:
net:
ipv4_address: 10.11.1.2
dashboard: dashboard:
image: getumbrel/dashboard:v0.2.1 image: getumbrel/dashboard:v0.2.1
depends_on: [ bitcoin, lnd, nginx ]
logging: *default-logging logging: *default-logging
restart: always restart: always
network_mode: host
stop_grace_period: 1m30s stop_grace_period: 1m30s
networks:
net:
ipv4_address: 10.11.0.3
manager: manager:
image: getumbrel/manager:v0.1.1 image: getumbrel/manager:v0.1.1
depends_on: [ bitcoin, lnd, nginx ]
logging: *default-logging logging: *default-logging
restart: unless-stopped restart: unless-stopped
network_mode: host
stop_grace_period: 5m30s stop_grace_period: 5m30s
volumes: volumes:
- ${HOME}/db:/db - ${PWD}/db:/db
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker - /usr/bin/docker:/usr/bin/docker
- ${HOME}:${HOME} - ${PWD}:${PWD}
environment: environment:
PORT: "3006" PORT: "3006"
USER_PASSWORD_FILE: "/db/user.json" USER_PASSWORD_FILE: "/db/user.json"
JWT_PUBLIC_KEY_FILE: "/db/jwt-public-key/jwt.pem" JWT_PUBLIC_KEY_FILE: "/db/jwt-public-key/jwt.pem"
JWT_PRIVATE_KEY_FILE: "/db/jwt-private-key/jwt.key" JWT_PRIVATE_KEY_FILE: "/db/jwt-private-key/jwt.key"
JWT_EXPIRATION: "3600" JWT_EXPIRATION: "3600"
DOCKER_COMPOSE_DIRECTORY: $HOME DOCKER_COMPOSE_DIRECTORY: $PWD
DEVICE_HOST: "http://umbrel.local" DEVICE_HOST: "http://umbrel.local"
MIDDLEWARE_API_URL: "http://10.11.2.2"
networks:
net:
ipv4_address: 10.11.2.1
middleware: middleware:
image: getumbrel/middleware:v0.1.1 image: getumbrel/middleware:v0.1.1
command: ["./wait-for-node-manager.sh", "localhost", "npm", "start"] depends_on: [ bitcoin, lnd, nginx ]
command: ["./wait-for-node-manager.sh", "10.11.2.1", "npm", "start"]
logging: *default-logging logging: *default-logging
restart: unless-stopped restart: unless-stopped
network_mode: host
depends_on: [ manager ] depends_on: [ manager ]
volumes: volumes:
- ${HOME}/lnd:/lnd - ${PWD}/lnd:/lnd
- ${HOME}/db/jwt-public-key:/jwt-public-key - ${PWD}/db/jwt-public-key:/jwt-public-key
environment: environment:
PORT: "3005" PORT: "3005"
BITCOIN_HOST: "0.0.0.0" BITCOIN_HOST: "10.11.1.1"
RPC_PORT: "8332" RPC_PORT: "RPCPORT"
RPC_USER: "lncm" RPC_USER: "lncm"
RPC_PASSWORD: "RPCPASS" RPC_PASSWORD: "RPCPASS"
LND_NETWORK: "mainnet" LND_NETWORK: "mainnet"
LND_HOST: "127.0.0.1" LND_HOST: "10.11.1.2"
JWT_PUBLIC_KEY_FILE: "/jwt-public-key/jwt.pem" JWT_PUBLIC_KEY_FILE: "/jwt-public-key/jwt.pem"
DEVICE_HOST: "http://umbrel.local" DEVICE_HOST: "http://umbrel.local"
networks:
net:
ipv4_address: 10.11.2.2
networks:
net:
ipam:
driver: default
config:
- subnet: 10.11.0.0/16

2
install-box.sh

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash -e
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

24
lnd/lnd.conf

@ -15,25 +15,33 @@ accept-keysend=true
; Makes routing faster but have to use images built with experimental tag ; Makes routing faster but have to use images built with experimental tag
[Routing] [Routing]
routing.assumechanvalid=1 routing.assumechanvalid=1
; Extra TLS
tlsextradomain=lnd
tlsextraip=10.11.1.2
; Unsure if this is a 0.10.0 command (make mental note to test this)
tlsautorefresh=1
; Add external address for TLS
;externalip=externaladdress
; This needed to be enabled by setting bitcoin.node=bitcoind ; This needed to be enabled by setting bitcoin.node=bitcoind
; Default setting currently is neutrino ; Default setting currently is neutrino
[Bitcoind] [Bitcoind]
bitcoind.rpchost=localhost bitcoind.rpchost=10.11.1.1
bitcoind.rpcuser=lncm bitcoind.rpcuser=lncm
bitcoind.rpcpass=RPCPASS bitcoind.rpcpass=RPCPASS
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 bitcoind.zmqpubrawblock=tcp://10.11.1.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 bitcoind.zmqpubrawtx=tcp://10.11.1.1:28333
bitcoind.estimatemode=ECONOMICAL
[Bitcoin] [Bitcoin]
; If the Bitcoin chain should be active. Atm, only a single chain can be ; If the Bitcoin chain should be active. Atm, only a single chain can be
; active. ; active.
bitcoin.active=1 bitcoin.active=1
; Change 'bitcoin.mainnet=1' to 'bitcoin.testnet=1' if TESTNET ; Change 'bitcoin.mainnet=1' to 'bitcoin.testnet=1' if TESTNET or bitcoin.regtest=1 if REGTEST
bitcoin.mainnet=1 bitcoin.mainnet=1
; Use neutrino for now, but maybe it could be permanent and then switch ; Use neutrino for now, but maybe it could be permanent and then switch
; to a full node if theres enough space ; to a full node if theres enough space
; Also use bitcoind if REGTEST is set
bitcoin.node=neutrino bitcoin.node=neutrino
bitcoin.defaultchanconfs=2 bitcoin.defaultchanconfs=2
@ -51,9 +59,9 @@ neutrino.addpeer=mainnet2-btcd.zaphq.io
[tor] [tor]
tor.active=1 tor.active=1
tor.control=9051 tor.control=10.11.5.1:29051
tor.socks=9050 tor.socks=10.11.5.1:29050
; TOR Password placeholder for v0.10.0 ; TOR Password placeholder for v0.10.0
; tor.password=umbrelftw tor.password=umbrelftw
tor.v3=1 tor.v3=1
tor.dns=soa.nodes.lightning.directory:53 tor.dns=soa.nodes.lightning.directory:53

6
nginx/conf.d/default.conf

@ -5,16 +5,16 @@ server {
location /api/ { location /api/ {
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
proxy_pass http://localhost:3005/; proxy_pass http://10.11.2.2:3005/;
} }
location /manager-api/ { location /manager-api/ {
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
proxy_pass http://localhost:3006/; proxy_pass http://10.11.2.1:3006/;
} }
location / { location / {
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
proxy_pass http://localhost:3004/; proxy_pass http://10.11.0.3:3004/;
} }
} }

11
tor/torrc

@ -1,7 +1,6 @@
SocksPort 29050 # Bind only to "10.11.5.1" which is the tor IP within the container
ControlPort 29051 SocksPort 10.11.5.1:29050
ControlPort 10.11.5.1:29051
# Cookie Authentication
CookieAuthentication 1
# Tor Passwords
HashedControlPassword 16:50A873DF18C00F4A6048BF1CEF7E7AA66478F0B5134DA4369D80657F26
Loading…
Cancel
Save