RSK Node Setup Guide¶
Installing Firewall (Optional)¶
We usually need to use some kind of firewall to set some rules for the access to de node. In this case we decided to use UFW for simplicity.
Install UFW¶
Usually it came installed with most OS, but if it isn't, simply run sudo apt update && sudo apt install ufw
Configure UFW¶
Set default rules:¶
sudo ufw default deny incoming
sudo ufw default allow outgoing
Allow access through ssh:¶
sudo ufw allow ssh
Allow access through http (if using firewall):¶
sudo ufw allow in from ${allowed_ip} to any port 80 proto tcp
Usually allowed_ip is the server ip where the backend is running.
Allow access throw the 'inter-node communication' port:¶
For Mainnet:
sudo ufw allow 5050/tcp
For Testnet:
sudo ufw allow 50505/tcp
Enable ufw with sudo ufw enable¶
Installing Proxy (Optional)¶
Install haProxy with sudo apt install -y haproxy¶
Configure haProxy¶
For this case of use, we only use the proxy to redirect all the incoming requests from 80/tcp to the 4444 port.
Go to /etc/haproxy and modify haproxy.cfg in this way:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ${frontend_name}
bind *:80
mode http
default_backend ${backend_name}
backend ${backend_name}
balance roundrobin
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server node1 127.0.0.1:4444
replacing '${backend_name}' and '${frontend_name}'.
Restart haProxy with sudo systemctl restart haproxy¶
Installing RSK Node¶
Install RSK node¶
Follow the documentation of RSK and install, for simplicity we install it with DOCKER without executing the last docker run command (We use docker-compose).
Add docker-compose¶
Install docker-compose¶
Follow this documentation.
Add the docker-compose.yml file¶
Inside the node folder (where the DockerFile and supervisord file are), add the below file:
- For Mainnet:
version: '3'
services:
rsk-mainnet:
image: mainnet
ports:
- "127.0.0.1:4444:4444"
- "127.0.0.1:5050:5050"
container_name: rsk-mainnet
volumes:
- /opt/rsk/database:/var/lib/rsk/database
- For Testnet:
version: '3'
services:
rsk-testnet:
image: testnet
ports:
- "127.0.0.1:4444:4444"
- "127.0.0.1:50505:50505"
container_name: rsk-testnet
volumes:
- /opt/rsk/database:/var/lib/rsk/database
Add pre-synced databases:¶
Download (in the server) the pre-synced databases.¶
-
For Mainnet: https://rsk-db-snapshots.s3.eu-central-1.amazonaws.com/mainnet/1.0.0/2740000.tgz
-
For Testnet: https://rsk-db-snapshots.s3.eu-central-1.amazonaws.com/testnet/1.0.0/1370000.tgz
Extract the database¶
tar zxvf downloaded_file -C /opt/rsk
Run the container¶
Inside the node folder, run:
docker-compose up -d
Add the server ip to the node configuration.¶
Inside the container, modify /etc/rsk/node.conf and add the server ip to the host array like so:
rpc {
providers : {
web: {
cors: "localhost",
http: {
enabled: true,
bind_address = "0.0.0.0",
hosts = ["localhost", "${your_server_ip}"]
port: 4444,
}
ws: {
enabled: false,
bind_address: "0.0.0.0",
port: 4445,
}
}
}
...