hyperliquid-node/Dockerfile at master · katanacap/hyperliquid-node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# docker build --load -t localhost/buckshotcapital/hl-node:latest .
ARG mold_version="2.40.2"
ARG rust_version="1.91.1"

FROM rust:${rust_version} AS rust-base

FROM rust:${rust_version} AS hl-bootstrap-builder
RUN    apt-get update \
    && apt-get install -y curl ca-certificates protobuf-compiler \
    && rm -rf /var/lib/apt/lists/*

ARG mold_version
RUN curl -L -o /mold.tar.gz https://github.com/rui314/mold/releases/download/v${mold_version}/mold-${mold_version}-$(uname -m)-linux.tar.gz \
    && mkdir -p /opt/mold \
    && tar -C /opt/mold --strip-components=1 -xzf /mold.tar.gz \
    && rm /mold.tar.gz
ENV PATH="/opt/mold/bin:${PATH}"

WORKDIR /build

ENV CARGO_INCREMENTAL="0"
ENV CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER="gcc"
ENV CFLAGS="-fuse-ld=mold"
ENV RUSTFLAGS="-C link-arg=-fuse-ld=mold"

RUN --mount=source=hl-bootstrap,target=. \
    --mount=type=cache,sharing=locked,target=/usr/local/cargo/registry \
    --mount=type=cache,sharing=locked,from=rust-base,source=/usr/local/rustup,target=/usr/local/rustup \
    cargo fetch --locked

RUN --mount=source=hl-bootstrap,target=. \
    --mount=type=cache,sharing=locked,target=/usr/local/cargo/registry \
    --mount=type=cache,sharing=locked,from=rust-base,source=/usr/local/rustup,target=/usr/local/rustup \
    --mount=type=cache,sharing=locked,target=/target \
    --network=none <<-EOF
CARGO_BUILD_TARGET=""
RUSTFLAGS="${RUSTFLAGS}"

arch="$(uname -m)"
case "${arch}" in
    x86_64)
        CARGO_BUILD_TARGET="x86_64-unknown-linux-gnu"
        ;;
    aarch64)
        CARGO_BUILD_TARGET="aarch64-unknown-linux-gnu"
        ;;
    *) echo "Unsupported architecture: ${arch}" >&2; exit 1 ;;
esac

export CARGO_BUILD_TARGET
export RUSTFLAGS
cargo build --release --locked --target-dir=/target
EOF

RUN --mount=type=cache,sharing=locked,target=/target,ro \
    mkdir -p /build/$(uname -m) && \
    cp /target/$(uname -m)-*/release/hl-bootstrap /build/hl-bootstrap

FROM ubuntu:24.04

SHELL ["/bin/bash", "-euo", "pipefail", "-c"]

RUN <<-EOF
groupadd -r hyperliquid -g 10001
useradd -r -g hyperliquid -u 10001 -d /home/hyperliquid -s /bin/bash hyperliquid
EOF

RUN <<-EOF
# Create base directory structure
install -d -m 755 -o root -g root /opt/hl /opt/hl/lib
install -d -m 755 -o hyperliquid -g hyperliquid /home/hyperliquid /data /opt/hl/bin
EOF

RUN <<-EOF
apt-get update
apt-get install -y curl ca-certificates catatonit gnupg2
EOF

# Copy Hyperliquid public key & import it. This is also required by hl-visor to verify downloaded binaries
COPY ./etc/hl-pubkey.asc /root/hl-pubkey.asc
RUN <<-EOF
gpg --import /root/hl-pubkey.asc
rm /root/hl-pubkey.asc
EOF

ARG NETWORK="Mainnet"

RUN <<-EOF
binary_url=""
sig_url=""
case "${NETWORK}" in
	Mainnet)
		binary_url="https://binaries.hyperliquid.xyz/Mainnet/hl-visor"
		sig_url="${binary_url}.asc"
		;;
	Testnet)
		binary_url="https://binaries.hyperliquid-testnet.xyz/Testnet/hl-visor"
		sig_url="${binary_url}.asc"
		;;
	*)
		echo >&2 "Unsupported network ${NETWORK}"
		exit 1
		;;
esac

echo '{"chain": "'"${NETWORK}"'"}' > /opt/hl/lib/visor.json
ln -svf ../lib/visor.json /opt/hl/bin/visor.json

curl -o /opt/hl/bin/hl-visor "${binary_url}"
curl -o /tmp/hl-visor.asc "${sig_url}"

gpg --verify /tmp/hl-visor.asc /opt/hl/bin/hl-visor
chmod 755 /opt/hl/bin/hl-visor
rm /tmp/hl-visor.asc
EOF

RUN <<-EOF
cp -rv /root/.gnupg /home/hyperliquid/.gnupg
chown -R hyperliquid:hyperliquid /home/hyperliquid/.gnupg
EOF

COPY --from=hl-bootstrap-builder /build/hl-bootstrap /usr/local/bin/hl-bootstrap

USER hyperliquid:hyperliquid

VOLUME /opt/hl/bin
VOLUME /data
WORKDIR /data

RUN <<-EOF
mkdir -p /data/hl/data
ln -s /data/hl /home/hyperliquid/hl
chown -R hyperliquid:hyperliquid /data
EOF

ENV PATH=/opt/hl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

ENV HL_BOOTSTRAP_OVERRIDE_GOSSIP_CONFIG_MAX_AGE=15m
ENV HL_BOOTSTRAP_SEED_PEERS_AMOUNT=5
ENV HL_BOOTSTRAP_SEED_PEERS_MAX_LATENCY=80ms
ENV HL_BOOTSTRAP_NETWORK=${NETWORK}

# RPC
EXPOSE 3001/tcp
# P2P
EXPOSE 4000-4010/tcp
# Metrics
EXPOSE 2112/tcp
ENTRYPOINT ["/usr/bin/catatonit", "--", "hl-bootstrap", "--override-gossip-config-path=/data/override_gossip_config.json", "--"]
CMD ["run-non-validator", "--write-trades", "--write-fills", "--write-order-statuses", "--serve-eth-rpc", "--serve-info", "--disable-output-file-buffering"]