Running a Parity Ethereum node in Docker and connect safely

Parity is an Ethereum client written in Rust by the good people of Ethcore. It syncs up way faster than the Go client and somehow takes a lot less disk space. You can get it running in a Docker container, and connect to it, taking the following steps:

Step 1 — Download and play

First download the Parity Docker image, the latest version.

docker pull ethcore/parity:beta-release

Check the Dockerfile of this image here if you like. To get an idea of all the options, you can run:

docker run -ti ethcore/parity:beta-release --help

Step 2 — Start it up

To just start it, using the defaults, run:

docker run -it --name=my-parity ethcore/parity:beta-release

You will see the parity node booting up and start syncing. If you have worked with the Ethereum Go client before, you will appreciate the speed. By default, parity will start syncing the Homestead chain. You can specify a different chain like Ropsten Testnet or Ethereum Classis using the chain flag:

docker run -it --name=my-parity ethcore/parity:beta-release \ 
--chain ropsten|classic

Leaving the docker session with CTRL-c will stop the attached container. Use CTRL-p CTRL-q to gracefully detach and keep parity syncing. You can reattach using:

docker attach my-parity

No problem if you accidentily stop it. You can just restart the docker container again by issuing:

docker start my-parity

If you want to restart your parity container with new settings, you should first remove the old

docker rm my-parity

Step 3— Store the blocks on host machine

It is a very good practice to store the actual blockchain data outside of the docker container. This let’s you easily upgrade the Parity at a later stage. 
This can be done by mapping a host directory to the directory inside the docker container using the -v flag.

docker run -ti \ 
-v /var/parity/testnet:/root/.parity \
--name my-parity \
ethcore/parity:beta-release

In the above example we map the host directory /var/parity/testnet to the directory inside the Docker container where Parity stores the blocks /root/.parity .

To see if it is up-to-date, attach using docker attach, check the latest block number on etherchain and compare it to the block number in the parity output

[ #1449908 f3a0…6179 ] — -[ 0 blk/s | 0 tx/s | 0 gas/s //··· 0/17 peers, #1449908, 0+0 queued ···// mem: 28 MiB db, 127 KiB chain, 2 KiB queue, 24 KiB sync ]

Marvel at the moderate disk consumption of the Parity client.

Step 4— Expose it to the outside world

To be able to connect to the Ethereum node using web3 from outside the container, we need to run some extra flags on the Parity client, and on the Docker container.

docker run -ti -d -p 8545:8545
--name my-parity ethcore/parity --jsonrpc-interface '0.0.0.0'

The -p option of docker exposes the default JSON RPC port 8545 to the world outside docker.

For me, to get a connection from a remote host I needed to add the jsonrpc-interface flag and the jsonrpc-interface flag set to all:

docker run -ti -d -p 0.0.0.0:8545:8545 --name my-parity ethcore/parity --jsonrpc-interface all --jsonrpc-hosts all

Step 5— Connect with Web3

To connect using web3 you need Node and NPM installed. Install web3 with

npm install web3

From the node console, or using a node script you can run

Web3 = require(“web3”);
web3 = new Web3(new Web3.providers.HttpProvider(“http://[hostname]:8545"));
web3.eth.blockNumber;

If the setup is correct, this will return the most recently mined block number and proof you are connected.

Now you are ready to start developing against the Ethereum node.

Step 6— restricting access

If you, like me, like your laptop cool and quiet, you better run the Ethereum node on a separate machine. When you run it on a public Cloud Server, I strongly recommend restricting access to the JSON RPC interface. I got robbed of one 1Ξ after naively unlocking an account on my public node and learned this the hard way.

I am running on Ubuntu and first tried restricting access using UFW. It seems UFW and Docker are not the best friends, to say the least. (See here and here). So I did it with iptables directly blocking the forward to port 8545 on the parity container. Bash script below does it, first finding the IP of the parity container. Run sudo -i first.

parity_ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' my-parity)
remote_ip=[your remote ip]
iptables -I FORWARD 1 -d $parity_ip -p tcp --dport 8545 ! -s $remote_ip -j DROP

If you want to delete the iptables rule, first find it’s number on the FORWARD chain:

iptables -L FORWARD --line-numbers

and then drop it by number

iptables -D FORWARD 1 #or any other number

If this works for you (assert that access is blocked from another IP!) you can make the iptables settings persistent with

apt-get update
apt-get install iptables-persistent

If you have this package already installed, or to save any further iptables configuration, use

invoke-rc.d iptables-persistent save

Step 7— docker compose

Finally, in a docker-compose.yml format.

ethereum-node:
image: ethcore/parity:1.1.0
container_name: my-parity
working_dir: /parity/
command: target/release/parity -j --jsonrpc-interface ‘0.0.0.0’
ports:
- “8545:8545”

Get it up and running with

docker-compose up -d

I wrote another article on How to quickly upgrade an Ethereum Parity node using Docker.