Run a OpenEthereum node in Docker

Prerequisites

Hardware

  • Minimum requirements
CPU with 2+ cores
4 GB RAM minimum with an SSD, 8 GB+ if you have an HDD
8 MBit/s bandwidth
  • Recommended specifications
Fast CPU with 4+ cores
16 GB+ RAM
Fast SSD with at least 500 GB free space
25+ MBit/s bandwidth

Software

  • docker & docker-compose
  • nodejs & npm
  • ufw

Get Started

Download OpenEthereum image

$ docker pull openethereum/openethereum:v3.1.1

Create local folder to mount and use as base path

$ mkdir -p ~/.local/share/openethereum/docker/

Give it owner permissions

$ chmod -R o+rwx ~/.local/share/openethereum/

Setting up Firewall using UFW

UFW, or Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.

Install UFW

$ sudo apt-get install ufw

Set Up Default Policies $ sudo ufw default deny incoming $ sudo ufw default allow outgoing

Allow Ethereum network port

We would also enable ethereum network so that our nodes can be able to communicate and sync with the public blockchain network.

The Ethereum network port is 30303, $ sudo ufw allow 30303

Enable RPC port

We would be only allowing connection to our ethereum client from our trusted servers. The default RPC ports for Ethereum ports are 8545 for HTTP and 8546 for WS. $ sudo ufw allow from <IP addr> to any port 8545 $ sudo ufw allow from <IP addr> to any port 8546

For example if external server IP addr is 192.148.16.1 $ sudo ufw allow from 192.148.16.1 to any port 8545 $ sudo ufw allow from 192.148.16.1 to any port 8546

If you are using a different a different RPC port from 8545 then it should be specified.

Enable UFW

To enable UFW

$ sudo ufw enable

Allow Other Connections

You can also enable other ports as neccessary e.g.

HTTP — port 80

HTTP connections, which is what unencrypted web servers use, can be allowed with this command:

$ sudo ufw allow http

Your firewall should now be configured to allow connections to Ethereum RPC and network port. Be sure to allow any other incoming connections that your server would need, while limiting any unnecessary connections, so your server will be functional and secure.

Docker Compose

To create a docker-compose file, consider the following points:

  • In case you need to persist the blockchain files, keys etc., you should run the image with the --base-path option and then mount it.

  • Also it is a very good practice to store the actual blockchain data outside of the docker container. This let’s you easily upgrade the version at a later stage. This can be done by mapping a host directory to the directory inside the docker container using volumes.

  • To publish OpenEthereum’s ports to the host machine, use the -p option.

  • To expose the HTTP and WebSockets JSONRPC APIs use --jsonrpc-interface all.

For example:

version: "3"
services:
  eth:
    image: openethereum/openethereum:v3.1.1
    ports:
      - "3000:3000"
      - "8545:8545"
      - "8546:8546"
      - "30303:30303"
    volumes:
      - "~/.local/share/openethereum/docker/:/home/openethereum/.local/share/openethereum/"
    command: --base-path /home/openethereum/.local/share/openethereum/ --jsonrpc-interface all --chain kovan

Default Ports

  • Networking Options: Node listens on port 30303
  • API and Console Options – HTTP JSON-RPC: Listens on port 8545
  • API and Console Options – WebSockets: Listens on port 8546
  • IPC Socket: Listens on $BASE/jsonrpc.ipc (defaults to ~/.local/share/openethereum/jsonrpc.ipc on Linux)
  • Metrics: Listens on 3000

Chains

In this case we are using kovan chain, but any would be specified under '--chain' parameter.

See chain presets available here.

Run

To run a detached OpenEthereum instance:

$ docker-compose up -d

It will run OpenEthereum in background. docker ps shows the instance.

You will then be able to see the logs by running:

$ docker-compose logs -f

In these logs you should see a token being generated to login to OpenEthereum. Alternatively you can run the command:

$ docker-compose logs | grep token

Try

You can use web3-repl cli to connect to the instance:

web3-repl -p http://localhost:8545

And check block number:

> web3.eth.blockNumber
5587

OpenEthereum Documentation

How to include ethstats monitoring and more information about OpenEthereum and docker can be found here.