Running a Parity Ethereum node in Docker and connect safely
Parity is an Ethereum client written in Rust by the good people of Ethcore. It syncs up way faster than the Go client and somehow takes a lot less disk space. You can get it running in a Docker container, and connect to it, taking the following steps:
Step 1 — Download and play
First download the Parity Docker image, the latest version.
docker pull ethcore/parity:beta-release
Check the Dockerfile of this image here if you like. To get an idea of all the options, you can run:
docker run -ti ethcore/parity:beta-release --help
Step 2 — Start it up
To just start it, using the defaults, run:
docker run -it --name=my-parity ethcore/parity:beta-release
You will see the parity node booting up and start syncing. If you have worked with the Ethereum Go client before, you will appreciate the speed. By default, parity will start syncing the Homestead chain. You can specify a different chain like Ropsten Testnet or Ethereum Classis using the chain flag:
docker run -it --name=my-parity ethcore/parity:beta-release \
--chain ropsten|classic
Leaving the docker session with CTRL-c will stop the attached container. Use CTRL-p CTRL-q to gracefully detach and keep parity syncing. You can reattach using:
docker attach my-parity
No problem if you accidentily stop it. You can just restart the docker container again by issuing:
docker start my-parity
If you want to restart your parity container with new settings, you should first remove the old
docker rm my-parity
Step 3— Store the blocks on host machine
It is a very good practice to store the actual blockchain data outside of the docker container. This let’s you easily upgrade the Parity at a later stage.
This can be done by mapping a host directory to the directory inside the docker container using the -v flag.
docker run -ti \
-v /var/parity/testnet:/root/.parity \
--name my-parity \
ethcore/parity:beta-release
In the above example we map the host directory /var/parity/testnet to the directory inside the Docker container where Parity stores the blocks /root/.parity .
To see if it is up-to-date, attach using docker attach, check the latest block number on etherchain and compare it to the block number in the parity output
[ #1449908 f3a0…6179 ] — -[ 0 blk/s | 0 tx/s | 0 gas/s //··· 0/17 peers, #1449908, 0+0 queued ···// mem: 28 MiB db, 127 KiB chain, 2 KiB queue, 24 KiB sync ]
Marvel at the moderate disk consumption of the Parity client.
Step 4— Expose it to the outside world
To be able to connect to the Ethereum node using web3 from outside the container, we need to run some extra flags on the Parity client, and on the Docker container.
docker run -ti -d -p 8545:8545
--name my-parity ethcore/parity --jsonrpc-interface '0.0.0.0'
The -p option of docker exposes the default JSON RPC port 8545 to the world outside docker.
For me, to get a connection from a remote host I needed to add the jsonrpc-interface flag and the jsonrpc-interface flag set to all:
docker run -ti -d -p 0.0.0.0:8545:8545 --name my-parity ethcore/parity --jsonrpc-interface all --jsonrpc-hosts all
Step 5— Connect with Web3
To connect using web3 you need Node and NPM installed. Install web3 with
npm install web3
From the node console, or using a node script you can run
Web3 = require(“web3”);
web3 = new Web3(new Web3.providers.HttpProvider(“http://[hostname]:8545"));
web3.eth.blockNumber;
If the setup is correct, this will return the most recently mined block number and proof you are connected.
Now you are ready to start developing against the Ethereum node.
Step 6— restricting access
If you, like me, like your laptop cool and quiet, you better run the Ethereum node on a separate machine. When you run it on a public Cloud Server, I strongly recommend restricting access to the JSON RPC interface. I got robbed of one 1Ξ after naively unlocking an account on my public node and learned this the hard way.
I am running on Ubuntu and first tried restricting access using UFW. It seems UFW and Docker are not the best friends, to say the least. (See here and here). So I did it with iptables directly blocking the forward to port 8545 on the parity container. Bash script below does it, first finding the IP of the parity container. Run sudo -i first.
parity_ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' my-parity)remote_ip=[your remote ip]iptables -I FORWARD 1 -d $parity_ip -p tcp --dport 8545 ! -s $remote_ip -j DROP
If you want to delete the iptables rule, first find it’s number on the FORWARD chain:
iptables -L FORWARD --line-numbers
and then drop it by number
iptables -D FORWARD 1 #or any other number
If this works for you (assert that access is blocked from another IP!) you can make the iptables settings persistent with
apt-get update
apt-get install iptables-persistent
If you have this package already installed, or to save any further iptables configuration, use
invoke-rc.d iptables-persistent save
Step 7— docker compose
Finally, in a docker-compose.yml format.
ethereum-node:
image: ethcore/parity:1.1.0
container_name: my-parity
working_dir: /parity/
command: target/release/parity -j --jsonrpc-interface ‘0.0.0.0’
ports:
- “8545:8545”
Get it up and running with
docker-compose up -d
I wrote another article on How to quickly upgrade an Ethereum Parity node using Docker.