Skip to content

Commit 46a4bc3

Browse files
serkanmaxserkanmax
authored
Update docker-compose.yml
chore(docker-compose): improve node service security & reliability - Added `restart: unless-stopped` for automatic recovery - Clarified volume mount permissions (:rw specified) - Documented that RPC, WebSocket, metrics, and pprof ports should NOT be publicly exposed - Kept environment variable fallbacks for flexibility (.env.mainnet / .env.sepolia)
1 parent b284f35 commit 46a4bc3

1 file changed

Lines changed: 15 additions & 12 deletions

File tree

docker-compose.yml

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -4,30 +4,33 @@ services:
44
context: .
55
dockerfile: ${CLIENT:-geth}/Dockerfile
66
ports:
7-
- "8545:8545" # RPC
8-
- "8546:8546" # websocket
9-
- "7301:6060" # metrics
10-
- "30303:30303" # P2P TCP
7+
- "8545:8545" # RPC (should be restricted, not exposed to 0.0.0.0 in production)
8+
- "8546:8546" # WebSocket (same caution as RPC)
9+
- "7301:6060" # Metrics (better to bind only on localhost)
10+
- "30303:30303" # P2P TCP
1111
- "30303:30303/udp" # P2P UDP
1212
command: ["bash", "./execution-entrypoint"]
1313
volumes:
14-
- ${HOST_DATA_DIR}:/data
14+
- ${HOST_DATA_DIR}:/data:rw
1515
environment:
1616
- NODE_TYPE=${NODE_TYPE:-vanilla}
1717
env_file:
18-
- ${NETWORK_ENV:-.env.mainnet} # Use .env.mainnet by default, override with .env.sepolia for testnet
18+
- ${NETWORK_ENV:-.env.mainnet} # Default mainnet, override with .env.sepolia
19+
restart: unless-stopped # Ensures container restarts on failure
20+
1921
node:
2022
build:
2123
context: .
2224
dockerfile: ${CLIENT:-geth}/Dockerfile
2325
depends_on:
2426
- execution
2527
ports:
26-
- "7545:8545" # RPC
27-
- "9222:9222" # P2P TCP
28-
- "9222:9222/udp" # P2P UDP
29-
- "7300:7300" # metrics
30-
- "6060:6060" # pprof
28+
- "7545:8545" # RPC (should be restricted in production)
29+
- "9222:9222" # P2P TCP
30+
- "9222:9222/udp" # P2P UDP
31+
- "7300:7300" # Metrics (limit exposure)
32+
- "6060:6060" # pprof (limit exposure)
3133
command: ["bash", "./op-node-entrypoint"]
3234
env_file:
33-
- ${NETWORK_ENV:-.env.mainnet} # Use .env.mainnet by default, override with .env.sepolia for testnet
35+
- ${NETWORK_ENV:-.env.mainnet}
36+
restart: unless-stopped

0 commit comments

Comments
 (0)