Add --fqdn-policy option to deploy-webapp-from-registry. #801

Closed
telackey wants to merge 19 commits from telackey/fqdn into main
12 changed files with 168 additions and 255 deletions
Showing only changes of commit d7f06ad51e - Show all commits

View File

@ -6,30 +6,19 @@ services:
hostname: go-nitro-alice
restart: on-failure
depends_on:
# Wait for Nitro contracts to be deployed
nitro-contracts:
condition: service_completed_successfully
- go-nitro-bootnode
environment:
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NITRO_PK: ${CERC_NITRO_PK_ALICE:-f36f6dd450892224ee113899195ef922a4795d41c32cafb386d9aab6e0b7b0c6}
CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_ALICE:-888814df89c4358d7ddb3fa4b0213e7331239a80e1f013eaa7b2deca2a41a218}
CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-false}
CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store}
CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_ALICE:-3006}
CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_ALICE:-5006}
CERC_NITRO_RPC_PORT: ${CERC_NITRO_RPC_PORT_ALICE:-4006}
CERC_NITRO_BOOT_PEERS: "/dns4/go-nitro-bob/tcp/3007/p2p/16Uiu2HAm7JBTpfJWoUh14ZC5MaCM6TujKp8P8ag4ULPiw6g9Xzba"
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NA_ADDRESS: ${CERC_NA_ADDRESS}
CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS}
CERC_CA_ADDRESS: ${CERC_CA_ADDRESS}
CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_ALICE:-4106}
CERC_NITRO_AUTH_UI_PORT: ${CERC_NITRO_AUTH_UI_PORT_ALICE:-4206}
CERC_NITRO_AUTH_ON: false
CERC_NITRO_AUTH_RPC_PORT: 4006
env_file:
- ../config/go-nitro-auth/alice.env
entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"]
volumes:
- go_nitro_data_alice:/app/data
- nitro_deployment:/app/deployment
- go_nitro_data_alice:/app/data
- ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh
healthcheck:
test: ["CMD", "nc", "-vz", "localhost", "4006"]
@ -38,42 +27,31 @@ services:
retries: 100
start_period: 100s
ports:
- "3006:3006"
- "4006:4006"
- "5006:5006"
- "4106:4106"
- "4206:4206"
- "4216:4216"
- "3006"
- "4006"
- "5006"
- "4106"
- "4206"
- "4216"
go-nitro-bob:
image: cerc/go-nitro:local
hostname: go-nitro-bob
restart: on-failure
depends_on:
# Wait for Nitro contracts to be deployed
nitro-contracts:
condition: service_completed_successfully
- go-nitro-bootnode
environment:
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NITRO_PK: ${CERC_NITRO_PK_BOB:-801c8f30853ed4cbfa130298def86c441c00f4a2eefc6e8fc835ae253ad91d7f}
CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_BOB:-570b909da9669b2f35a0b1ac70b8358516d55ae1b5b3710e95e9a94395090597}
CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-false}
CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store}
CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_BOB:-3007}
CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_BOB:-5007}
CERC_NITRO_RPC_PORT: ${CERC_NITRO_RPC_PORT_BOB:-4007}
CERC_NITRO_BOOT_PEERS: "/dns4/go-nitro-alice/tcp/3006/p2p/16Uiu2HAmNUiX7bpCpbo5JdqEebp85ptGU2Vk2AT9E3BykvbwQ3F9"
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NA_ADDRESS: ${CERC_NA_ADDRESS}
CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS}
CERC_CA_ADDRESS: ${CERC_CA_ADDRESS}
CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_BOB:-4107}
CERC_NITRO_AUTH_UI_PORT: ${CERC_NITRO_AUTH_UI_PORT_BOB:-4207}
CERC_NITRO_AUTH_ON: true
CERC_NITRO_AUTH_RPC_PORT: 4007
env_file:
- ../config/go-nitro-auth/bob.env
entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"]
volumes:
- go_nitro_data_bob:/app/data
- nitro_deployment:/app/deployment
- go_nitro_data_bob:/app/data
- ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh
healthcheck:
test: ["CMD", "nc", "-vz", "localhost", "4007"]
@ -82,38 +60,35 @@ services:
retries: 100
start_period: 100s
ports:
- "3007:3007"
- "4007:4007"
- "5007:5007"
- "4107:4107"
- "4207:4207"
- "4217:4217"
- "3007"
- "4007"
- "5007"
- "4107"
- "4207"
- "4217"
nitro-rpc-client:
image: cerc/nitro-rpc-client:local
hostname: nitro-rpc-client
restart: always
go-nitro-bootnode:
image: cerc/go-nitro:local
hostname: go-nitro-bootnode
restart: on-failure
environment:
CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-2000000}
CERC_NITRO_RPC_HOST_ALICE: ${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice}
CERC_NITRO_RPC_PORT_ALICE: ${CERC_NITRO_RPC_PORT_ALICE:-4006}
CERC_NITRO_USE_TLS: ${CERC_NITRO_USE_TLS:-false}
CERC_NITRO_ADDRESS_BOB: ${CERC_NITRO_ADDRESS_BOB:-0xe07e314501cc73b24cf45a6577486017300e153c}
CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546}
CERC_NA_ADDRESS: ${CERC_NA_ADDRESS}
CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS}
CERC_CA_ADDRESS: ${CERC_CA_ADDRESS}
env_file:
- ../config/go-nitro-auth/bootnode.env
entrypoint: [ "bash", "-c", "/app/run-nitro-node.sh" ]
volumes:
- nitro_deployment:/app/deployment
- ../config/nitro-rpc-client/start.sh:/app/start.sh
command: ["/app/start.sh"]
#nitro-nginx:
# image: nginx:1.23-alpine
# restart: always
# volumes:
# - ../config/go-nitro-auth/nginx:/etc/nginx/conf.d
# ports:
# - 5678:80
# depends_on:
# - go-nitro-alice
# - go-nitro-bob
- go_nitro_data_bootnode:/app/data
- ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh
healthcheck:
test: [ "CMD", "nc", "-vz", "localhost", "4008" ]
interval: 5s
timeout: 5s
retries: 100
start_period: 100s
nitro-caddy:
image: caddy:2-alpine
@ -121,7 +96,7 @@ services:
volumes:
- ../config/go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile
ports:
- "5678:80"
- "5678"
depends_on:
- go-nitro-alice
- go-nitro-bob
@ -129,4 +104,5 @@ services:
volumes:
go_nitro_data_alice:
go_nitro_data_bob:
nitro_deployment:
go_nitro_data_bootnode:
nitro_deployment:

View File

@ -1,7 +1,3 @@
CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24"
CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636"
CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
# SET ME! Your on-chain private key.
#CERC_NITRO_CHAIN_PK=<MY_PK_GOES_HERE>
@ -11,8 +7,6 @@ CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
# SET ME! The WebSocket to connect to.
#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_GOES_HERE>
CERC_GO_NITRO_WAIT_FOR_CHAIN=false
CERC_NITRO_AUTH_ON=false
CERC_NITRO_AUTH_RPC_PORT=4006
CERC_NITRO_AUTH_UI_PORT=4206
@ -22,4 +16,4 @@ CERC_NITRO_MSG_PORT=3006
CERC_NITRO_RPC_PORT=4006
CERC_NITRO_UI_PORT=4106
CERC_NITRO_USE_DURABLE_STORE=true
CERC_NITRO_WS_MSG_PORT=5006
CERC_NITRO_WS_MSG_PORT=5006

View File

@ -1,7 +1,3 @@
CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24"
CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636"
CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
# SET ME! Your on-chain private key.
#CERC_NITRO_CHAIN_PK=<MY_PK_GOES_HERE>
@ -11,8 +7,6 @@ CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
# SET ME! The WebSocket to connect to.
#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_GOES_HERE>
CERC_GO_NITRO_WAIT_FOR_CHAIN=false
CERC_NITRO_AUTH_ON=true
CERC_NITRO_AUTH_RPC_PORT=4007
CERC_NITRO_AUTH_UI_PORT=4207

View File

@ -1,15 +1,9 @@
CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24"
CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636"
CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
CERC_NITRO_CHAIN_PK=596db2ac27479cfdf60f708bf64ae44a1c5090e9446cca011d72bc9a59b47d3d
CERC_NITRO_PK=f41086394674cf00a66448c6688295d7330af39f6f38fed89ea023e39382d6a0
# The WebSocket to connect to.
#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_GOES_HERE>
CERC_GO_NITRO_WAIT_FOR_CHAIN=false
CERC_NITRO_AUTH_ON=false
CERC_NITRO_AUTH_RPC_PORT=4008
CERC_NITRO_AUTH_UI_PORT=4208

View File

@ -1,4 +1,4 @@
:80 {
:5678 {
handle /pay* {
reverse_proxy http://go-nitro-bob:8547
}
@ -13,7 +13,9 @@
uri /auth/{header.x-api-key}
}
rewrite * /
reverse_proxy http://fixturenet-eth-geth-1:8545
reverse_proxy https://rpc.sepolia.linea.build:443 {
header_up Host {upstream_hostport}
}
}
@eth-key-in-path {
@ -25,7 +27,9 @@
uri /auth/{re.apikey.1}
}
rewrite * /
reverse_proxy http://fixturenet-eth-geth-1:8545
reverse_proxy https://rpc.sepolia.linea.build:443 {
header_up Host {upstream_hostport}
}
}
handle /eth* {

View File

@ -1,57 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
proxy_buffering off;
proxy_pass http://go-nitro-alice:4206;
}
### geth
location ~ ^/eth/?([^/]*)$ {
set $apiKey $1;
if ($apiKey = '') {
set $apiKey $http_X_API_KEY;
}
auth_request /auth;
proxy_buffering off;
rewrite /.*$ / break;
proxy_pass http://fixturenet-eth-geth-1:8545;
}
## lighthouse
location /beacon/ {
set $apiKey $http_X_API_KEY;
auth_request /auth;
proxy_buffering off;
proxy_pass http://fixturenet-eth-lighthouse-1:8001/;
}
## payments
location /pay {
proxy_buffering off;
proxy_pass http://go-nitro-bob:8547/pay;
}
location = /auth {
internal;
proxy_buffering off;
resolver 127.0.0.11 ipv6=off;
proxy_pass http://go-nitro-bob:8547/auth/$apiKey;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Original-Remote-Addr $remote_addr;
proxy_set_header X-Original-Host $host;
}
location = /stub_status {
stub_status;
}
}

View File

@ -35,14 +35,17 @@ fi
echo "Running Nitro node"
if [[ "${CERC_GO_NITRO_WAIT_FOR_CHAIN:-true}" == "true" ]]; then
# Assuming CERC_NITRO_CHAIN_URL is of format <ws|http>://host:port
ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 1 | cut -d'/' -f 1)
ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 2)
# Assuming CERC_NITRO_CHAIN_URL is of format <ws|http>://host[:port][/foo]
ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d'/' -f 1 | cut -d ':' -f 1)
ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d'/' -f 1 | cut -d ':' -f 2)
if [[ "$ws_port" == "$ws_host" ]]; then
ws_port=""
fi
# Wait till chain endpoint is available
retry_interval=5
while true; do
nc -z -w 1 "$ws_host" "$ws_port"
nc -z -w 1 "$ws_host" "${ws_port:-443}"
if [ $? -eq 0 ]; then
echo "Chain endpoint is available"

View File

@ -1,42 +0,0 @@
:80 {
handle /pay* {
reverse_proxy http://go-nitro-bob:8547
}
@eth-key-in-header {
path_regexp /eth/?$
header X-Api-Key *
}
handle @eth-key-in-header {
forward_auth go-nitro-bob:8547 {
uri /auth/{header.x-api-key}
}
rewrite * /
reverse_proxy https://rpc.sepolia.linea.build:443 {
header_up Host {upstream_hostport}
}
}
@eth-key-in-path {
path_regexp apikey eth/(.+)$
}
handle @eth-key-in-path {
forward_auth go-nitro-bob:8547 {
uri /auth/{re.apikey.1}
}
rewrite * /
reverse_proxy https://rpc.sepolia.linea.build:443 {
header_up Host {upstream_hostport}
}
}
handle /eth* {
respond "401 Unauthorized" 401
}
handle {
reverse_proxy http://go-nitro-alice:4206
}
}

View File

@ -1,5 +0,0 @@
{
"nitroAdjudicatorAddress": "0xc453C5E3f304bb545A3Df7bBa02fe6274A056636",
"virtualPaymentAppAddress": "0xA11af80D75b1150631FA78178c94fa451c7172a8",
"consensusAppAddress": "0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24"
}

View File

@ -0,0 +1,104 @@
# go-nitro-auth
Deploy a stack for demoing Nitro-based auth, using either a local fixturenet (fully self-contained) or remote testnet.
## Local Fixturenet (Self-Contained)
### Clone required repositories
```
$ laconic-so --stack fixturenet-eth setup-repositories
$ laconic-so --stack go-nitro-auth setup-repositories
```
### Build containers
```
$ laconic-so --stack fixturenet-eth build-containers
$ laconic-so --stack go-nitro-auth build-containers
```
### Create a deployment
```
$ laconic-so --stack fixturenet-eth deploy init --output nitro-net.yml
$ laconic-so --stack fixturenet-eth deploy create --spec-file nitro-net.yml --deployment-dir /srv/nitro-net
$ laconic-so --stack go-nitro-auth deploy init --map-ports-to-host any-same --output nitro-auth.yml
$ laconic-so --stack go-nitro-auth deploy create --spec-file nitro-auth.yml --deployment-dir /srv/nitro-auth
# Place them both in the same namespace (TODO: support setting the deployment name via --cluster).
$ cp /srv/nitro-net/deployment.yml /srv/nitro-auth/deployment.yml
```
### Start the containers
```
$ laconic-so deployment --dir /srv/nitro-net up
$ laconic-so deployment --dir /srv/nitro-auth up
```
### Open the webapp
Visit http://localhost:5678
## Remote Testnet
This example will use the Linea Sepolia testnet.
### Clone required repositories
```
$ laconic-so --stack go-nitro-auth setup-repositories
```
### Build containers
```
$ laconic-so --stack go-nitro-auth build-containers
```
### Create a deployment
```
$ laconic-so --stack go-nitro-auth deploy init --map-ports-to-host any-same --output nitro-auth.yml
$ laconic-so --stack go-nitro-auth deploy create --spec-file nitro-auth.yml --deployment-dir /srv/nitro-auth
```
### Set your keys, contract addresses, etc.
You must set the private keys for two accounts with funds on the target network, as well as the contract addresses
(if they already exist) or else an account to create them. You must also set the URL to use for WebSocket connections,
eg, `wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY>`
#### Config
```
$ vim /srv/nitro-auth/config.env
# Addresses of existing contracts.
CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24"
CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636"
CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8"
# Else the private key of an account and RPC URL to use create them.
CERC_PRIVATE_KEY_DEPLOYER=<PRIV_KEY_HERE>
CERC_ETH_RPC_ENDPOINT=https://rpc.sepolia.linea.build
# The WebSocket chain URL.
CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY_HERE>
# Private key for "Alice" account (payer)
CERC_NITRO_CHAIN_PK_ALICE=<ALICE_PRIVATE_KEY_HERE>
j
# Private key for "Bob" account (payee)
CERC_NITRO_CHAIN_PK_BOB=<BOB_PRIVATE_KEY_HERE>
```
### Start the stack
```
$ laconic-so deployment --dir /srv/nitro-auth up
```
### Open the webapp
Visit http://localhost:5678

View File

@ -1,11 +1,14 @@
version: "1.0"
name: linea-testnet-nitro-auth
name: go-nitro-auth
description: "Stack to demonstrate payments between various services"
repos:
# nitro repo
- github.com/cerc-io/go-nitro@telackey/update
containers:
# nitro
- cerc/nitro-contracts
- cerc/go-nitro
- cerc/nitro-rpc-client
pods:
- linea-testnet-go-nitro-auth
- nitro-contracts
- go-nitro-auth

View File

@ -1,55 +0,0 @@
# linea-testnet-nitro-auth
Deployes a demo stack for Nitro-based auth using the Linea Sepolia testnet.
## Clone required repositories
```
$ laconic-so --stack linea-testnet-nitro-auth setup-repositories
```
## Build containers
```
$ laconic-so --stack linea-testnet-nitro-auth build-containers
```
## Create a deployment
```
$ laconic-so --stack linea-testnet-nitro-auth deploy init --map-ports-to-host any-same --output linea-testnet-nitro-auth-spec.yml
$ laconic-so --stack linea-testnet-nitro-auth deploy create --spec-file linea-testnet-nitro-auth-spec.yml --deployment-dir linea-testnet-nitro-auth-deployment
```
## Set your keys
You must set the private keys for two accounts with funds on the target network. You must also set the URL to use
for a WebSocket connection, eg, `wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY>`
```
# For the first account (payer).
$ vim linea-testnet-nitro-auth-deployment/config/alice.env
CERC_NITRO_CHAIN_PK=<MY_PRIVATE_KEY>
CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY>
# For the second account (payee).
$ vim linea-testnet-nitro-auth-deployment/config/bob.env
CERC_NITRO_CHAIN_PK=<MY_PRIVATE_KEY>
CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY>
# For the bootnode, just set the URL.
$ vim linea-testnet-nitro-auth-deployment/config/bootnode.env
CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/<MY_API_KEY>
```
## Start the stack
```
$ laconic-so deployment --dir linea-testnet-nitro-auth-deployment start
```
## Open the webapp
Visit http://localhost:5678