From 1be84cc912505902bd53017bb2ea5056f45d5d44 Mon Sep 17 00:00:00 2001 From: ehsan shariati Date: Thu, 11 Jun 2026 19:34:41 -0400 Subject: [PATCH 1/2] feat(docker): reproducible fula-gateway image for federated masters Multi-stage build of the fula-gateway bin (cargo build --release -p fula-cli) on rust:1-bookworm with a slim Debian runtime. Env-driven config only; /data volume for durable state (pin queue, registry CID). Consumed by the federated-master installer in functionland/pinning-service (gateway compose profile, auto-enabled when the image exists). Closes #29 Co-Authored-By: Claude Fable 5 --- docker/Dockerfile.gateway | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 docker/Dockerfile.gateway diff --git a/docker/Dockerfile.gateway b/docker/Dockerfile.gateway new file mode 100644 index 0000000..6147e88 --- /dev/null +++ b/docker/Dockerfile.gateway @@ -0,0 +1,30 @@ +# fula-gateway — S3-compatible gateway (federated-master image). +# +# Build (repo root): docker build -f docker/Dockerfile.gateway -t fula-gateway:latest . +# Used by the federated-master stack: functionland/pinning-service +# docker/master/docker-compose.master.yml ("gateway" profile, auto-enabled by +# update-scripts/join-as-master.sh when this image exists on the box). +# +# All configuration is env-driven (clap): FULA_HOST (0.0.0.0), FULA_PORT +# (9000), IPFS_API_URL, CLUSTER_API_URL, PINNING_SERVICE_ENDPOINT, +# STORAGE_API_URL, JWT_SECRET, ADMIN_JWT_SECRET, FULA_BLOCK_CACHE_MB, +# FULA_PIN_QUEUE_PATH (durable pin queue — production MUST set it to a +# persistent mount), rate limits, etc. See crates/fula-cli/src/main.rs. +FROM rust:1-bookworm AS build +WORKDIR /src +# Workspace build; fula-js (wasm) and fula-flutter are workspace members but +# building only -p fula-cli avoids their toolchains. +COPY . . +RUN cargo build --release -p fula-cli --bin fula-gateway + +FROM debian:bookworm-slim AS runtime +RUN apt-get update \ + && apt-get install -y --no-install-recommends ca-certificates netcat-openbsd \ + && rm -rf /var/lib/apt/lists/* +COPY --from=build /src/target/release/fula-gateway /usr/local/bin/fula-gateway +# Persistent state (pin queue, registry CID, block cache) belongs on a volume. +VOLUME ["/data"] +ENV FULA_HOST=0.0.0.0 \ + FULA_PORT=9000 +EXPOSE 9000 +ENTRYPOINT ["fula-gateway"] From ecb342abb8b1bd49bbb84cebf6516445c7839a0f Mon Sep 17 00:00:00 2001 From: ehsan shariati Date: Thu, 11 Jun 2026 20:51:02 -0400 Subject: [PATCH 2/2] fix(docker): volume at the gateway hardcoded state dir /var/lib/fula-gateway The pin queue, registry CID, and local-retain backlog default to /var/lib/fula-gateway (config.rs); the /data volume was wrong - without a mount there, pin retries/crash recovery silently degrade to fire-and-forget. Found by the federated-master e2e (startup WARNs). Co-Authored-By: Claude Fable 5 --- docker/Dockerfile.gateway | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile.gateway b/docker/Dockerfile.gateway index 6147e88..fabcb30 100644 --- a/docker/Dockerfile.gateway +++ b/docker/Dockerfile.gateway @@ -22,8 +22,12 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends ca-certificates netcat-openbsd \ && rm -rf /var/lib/apt/lists/* COPY --from=build /src/target/release/fula-gateway /usr/local/bin/fula-gateway -# Persistent state (pin queue, registry CID, block cache) belongs on a volume. -VOLUME ["/data"] +# Persistent state lives at HARDCODED /var/lib/fula-gateway (pin_queue.redb, +# registry.cid, local_retain.redb — see crates/fula-cli/src/config.rs defaults). +# Mount a volume here or pin retries/crash recovery silently degrade to +# fire-and-forget and the bucket registry resets on restart. +RUN mkdir -p /var/lib/fula-gateway +VOLUME ["/var/lib/fula-gateway"] ENV FULA_HOST=0.0.0.0 \ FULA_PORT=9000 EXPOSE 9000