mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6bd56a30c960f22eeaefdadbc85d1c10adec84e9
next.orly.dev/cmd/benchmark/Dockerfile.next-orly
mleku fad39ec201
Some checks failed
Go / build-and-release (push) Has been cancelled
Details
Add serve mode, fix binary tags, document CLI tools, improve Docker 
- Add 'serve' subcommand for ephemeral RAM-based relay at /dev/shm with
  open ACL mode for testing and benchmarking
- Fix e-tag and p-tag decoding to use ValueHex()/ValueBinary() methods
  instead of Value() which returns raw bytes for binary-optimized storage
- Document all command-line tools in readme.adoc (relay-tester, benchmark,
  stresstest, blossomtest, aggregator, convert, FIND, policytest, etc.)
- Switch Docker images from Alpine to Debian for proper libsecp256k1
  Schnorr signature and ECDH support required by Nostr
- Upgrade Docker Go version from 1.21 to 1.25
- Add ramdisk mode (--ramdisk) to benchmark script for eliminating disk
  I/O bottlenecks in performance measurements
- Add docker-compose.ramdisk.yml for tmpfs-based benchmark volumes
- Add test coverage for privileged policy with binary-encoded p-tags
- Fix blossom test to expect 200 OK for anonymous uploads when auth is
  not required (RequireAuth=false with ACL mode 'none')
- Update follows ACL to handle both binary and hex p-tag formats
- Grant owner access to all users in serve mode via None ACL
- Add benchmark reports from multi-relay comparison run
- Update CLAUDE.md with binary tag handling documentation
- Bump version to v0.30.2
2025-11-26 09:52:29 +00:00

76 lines
2.3 KiB
Docker
Raw Blame History

# Dockerfile for next.orly.dev relay (benchmark version)
# Uses pure Go build with purego for dynamic libsecp256k1 loading
# Stage 1: Build stage
# Use Debian-based Go image to match runtime stage (avoids musl/glibc linker mismatch)
FROM golang:1.25-bookworm AS builder
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends git make && rm -rf /var/lib/apt/lists/*
# Set working directory
WORKDIR /build
# Copy go mod files first for better layer caching
COPY go.mod go.sum ./
RUN go mod download
# Copy source code
COPY . .
# Build the relay with CGO disabled (uses purego for crypto)
# Include debug symbols for profiling
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -gcflags "all=-N -l" -o relay .
# Create non-root user (uid 1000) for runtime in builder stage (used by analyzer)
RUN useradd -m -u 1000 appuser && \
chown -R 1000:1000 /build
# Switch to uid 1000 for any subsequent runtime use of this stage
USER 1000:1000
# Final stage
# Use Debian slim instead of Alpine because Debian's libsecp256k1 includes
# Schnorr signatures (secp256k1_schnorrsig_*) and ECDH which Nostr requires.
# Alpine's libsecp256k1 is built without these modules.
FROM debian:bookworm-slim
# Install runtime dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends ca-certificates curl libsecp256k1-1 && \
rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy binary (libsecp256k1.so.1 is already installed via apt)
COPY --from=builder /build/relay /app/relay
# Create runtime user and writable directories
RUN useradd -m -u 1000 appuser && \
mkdir -p /data /profiles /app && \
chown -R 1000:1000 /data /profiles /app
# Expose port
EXPOSE 8080
# Set environment variables
ENV ORLY_DATA_DIR=/data
ENV ORLY_LISTEN=0.0.0.0
ENV ORLY_PORT=8080
ENV ORLY_LOG_LEVEL=off
# Aggressive cache settings to match Badger's cost metric
# Badger tracks ~52MB cost per key, need massive cache for good hit ratio
# Block cache: 16GB to hold ~300 keys in cache
# Index cache: 4GB for index lookups
ENV ORLY_DB_BLOCK_CACHE_MB=16384
ENV ORLY_DB_INDEX_CACHE_MB=4096
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD curl -f http://localhost:8080/ || exit 1
# Drop privileges: run as uid 1000
USER 1000:1000
# Run the relay
CMD ["/app/relay"]
Reference in New Issue View Git Blame Copy Permalink