Skip to content

Latest commit

 

History

History
227 lines (159 loc) · 8.39 KB

setup-nodes-docker.md

File metadata and controls

227 lines (159 loc) · 8.39 KB

defi/defichain

Quick reference

The DeFi Blockchain docker image, currently supports the following platforms:

  • amd64 (x86_64)

What is DeFi Blockchain?

DeFi Blockchain's primary vision is to enable decentralized finance with Bitcoin-grade security, strength and immutability. It's a blockchain dedicated to fast, intelligent and transparent financial services, accessible by everyone.

Read more at: https://defichain.io

Tags and respective Dockerfile links

  • latest (Dockerfile)
  • Dockerfiles for each tag can be found in the defichain repo similar to the latest.

Picking the right tag

  • defi/defichain:latest: points to the latest stable release available of DeFi Blockchain. Use this only if you know what you're doing as upgrading DeFi Blockchain blindly can be risky in odd cases, though it usually shouldn't be.
  • defi/defichain:<version>: based on a slim Debian image, points to a specific version branch or release of DeFi Blockchain. Uses the pre-compiled binaries which are fully tested by the DeFi Blockchain Team.

Usage

Quick usage

Service

❯ docker run -d defi/defichain

Interactive

❯ docker run -it defi/defichain

Image details

  • This image contains the main distribution package as downloaded, with the main binaries - defid, defi-cli and defi-tx.
  • The package is at /app.
  • All the binaries from the package are also in the PATH for convenience.
  • Process run unprivileged inside the container as user defi and group defi
  • Data volume is at /data, (The default data dir /home/defi/.defi is symlinked to it). /data is used for convenience to change volumes with docker. (For instance docker run -it -v "defi-data:/data" defi/defichain)
  • Default conf, if found is picked up from /data/defi.conf
  • Use docker logs for default logging from stdout
  • For custom commands, just use defid/defi-cli similar to how bitcoind/bitcoin-cli works.

Default ports

  • Mainnet: P2P - 8555, JSON-RPC - 8554
  • Testnet: P2P - 18555, JSON-RPC - 18554
  • Regtest: P2P - 19555, JSON-RPC - 19554

Customization

Example:

❯ docker run --rm -it defi/defichain \
  defid \
  -printtoconsole \
  -regtest=1 \
  -rpcallowip=172.17.0.0/16 \
  -rpcauth='foo:7d9ba5ae63c3d4dc30583ff4fe65a67e$9e3634e81c11659e3de036d0bf88f89cd169c1039e6e09607562d54765c649cc'

Note: More about how -rpcauth works for remote authentication are explained below.

You can also mount a directory in a volume under /data in case you want to access it on the host:

❯ docker run -v ${PWD}/data-dir:/data -it --rm defi/defichain \
  defid \
  -printtoconsole \
  -regtest=1

You can optionally create a service using docker-compose:

defichain:
  image: defi/defichain
  command: >
    defid
    -printtoconsole
    -regtest=1

Using RPC to interact with the daemon

There are two communications methods to interact with a running DeFi Blockchain daemon.

The first one is using a cookie-based local authentication. It doesn't require any special authentication information as running a process locally under the same user that was used to launch the DeFi Blockchain daemon allows it to read the cookie file previously generated by the daemon for clients. The downside of this method is that it requires local machine access.

The second option is making a remote procedure call using a username and password combination. This has the advantage of not requiring local machine access, but in order to keep your credentials safe you should use the newer rpcauth authentication mechanism.

Using cookie-based local authentication

Start by launching the DeFi Blockchain daemon:

❯ docker run --rm --name defi-node -it defi/defichain \
  defid \
  -printtoconsole \
  -regtest=1

Then, inside the running defi-node container, locally execute the query to the daemon using defi-cli:

❯ docker exec defi-node defi-cli -regtest getmintinginfo

{
  "blocks": 0,
  "currentblocksize": 0,
  "currentblockweight": 0,
  "currentblocktx": 0,
  "difficulty": 4.656542373906925e-10,
  "errors": "",
  "networkhashps": 0,
  "pooledtx": 0,
  "chain": "regtest"
}

In the background, defi-cli read the information automatically from /data/regtest/.cookie. In production, the path would not contain the regtest part.

Using rpcauth for remote authentication

Before setting up remote authentication, you will need to generate the rpcauth line that will hold the credentials for the DeFi Blockchain daemon. You can either do this yourself by constructing the line with the format <user>:<salt>$<hash> or use the official rpcauth.py script to generate this line for you, including a random password that is printed to the console.

Note: This is a Python 3 script. use [...] | python3 - <username> when executing on macOS.

Example:

❯ curl -sSL https://raw.githubusercontent.com/DeFiCh/ain/master/contrib/rpcauth/rpcauth.py | python - <username>

String to be appended to defi.conf:
rpcauth=foo:7d9ba5ae63c3d4dc30583ff4fe65a67e$9e3634e81c11659e3de036d0bf88f89cd169c1039e6e09607562d54765c649cc
Your password:
qDDZdeQ5vw9XXFeVnXT4PZ--tGN2xNjjR4nrtyszZx0=

Note that for each run, even if the username remains the same, the output will be always different as a new salt and password are generated.

Now that you have your credentials, you need to start the DeFi Blockchain daemon with the -rpcauth option. Alternatively, you could append the line to a defi.conf file and mount it on the container.

❯ docker run --rm --name defi-node -it defi/defichain \
  defid \
  -printtoconsole \
  -regtest=1 \
  -rpcallowip=172.17.0.0/16 \
  -rpcauth='foo:7d9ba5ae63c3d4dc30583ff4fe65a67e$9e3634e81c11659e3de036d0bf88f89cd169c1039e6e09607562d54765c649cc'

Two important notes:

  1. Some shells require escaping the rpcauth line (e.g. zsh), as shown above.
  2. It is now perfectly fine to pass the rpcauth line as a command line argument. Unlike -rpcpassword, the content is hashed so even if the arguments would be exposed, they would not allow the attacker to get the actual password.

You can now connect via defi-cli. You will still have to define a username and password when connecting to the DeFi Blockchain RPC server.

To avoid any confusion about whether or not a remote call is being made, let's spin up another container to execute defi-cli and connect it via the Docker network using the password generated above:

❯ docker run -it --link defi-node --rm defi/defichain \
  defi-cli \
  -rpcconnect=defi-node \
  -regtest \
  -rpcuser=foo\
  -stdinrpcpass \
  getbalance

Enter the password qDDZdeQ5vw9XXFeVnXT4PZ--tGN2xNjjR4nrtyszZx0= and hit enter:

0.00000000

Done!

Exposing Ports

Depending on the network mode and the runtime flags, several default ports may be available for mapping.

Ports can be exposed by mapping all of the available ones (using -P and based on what EXPOSE documents) or individually by adding -p. This mode allows assigning a dynamic port on the host (-p <port>) or assigning a fixed port -p <hostPort>:<containerPort>.

For example,

docker run --rm -it \
  -p 19554:19554 \
  -p 19555:19555 \
  defi/defichain \
  defid \
  -printtoconsole \
  -regtest=1 \
  -rpcallowip=172.17.0.0/16 \
  -rpcbind=0.0.0.0 \
  -rpcauth='foo:7d9ba5ae63c3d4dc30583ff4fe65a67e$9e3634e81c11659e3de036d0bf88f89cd169c1039e6e09607562d54765c649cc'

To test that mapping worked, you can send a JSON-RPC curl request to the host port:

curl --data-binary '{"jsonrpc":"1.0","id":"1","method":"getnetworkinfo","params":[]}' http://foo:[email protected]:19554/

License

License information for the software contained in this image.