Hi !
I installed a mirror node using the Debian package. I have some questions.
I intend to write a tutorial on “howto setup a public mirror node” and “howto setup a smith node”, so I would like to understand these points before.
- I could not guess which value to set for
DUNITER_LISTEN_ADDR. The comments states :
If SMITH NODE: `/ip4/0.0.0.0/tcp/<port>` and `/ip6/[::]/tcp/<port>`. Otherwise: `/ip4/0.0.0.0/tcp/<port>/ws` and `/ip6/[::]/tcp/<port>/ws`.
but I have no idea if <port> should remain 30333 or if it should be 9944 for non-smith (since there is the path /ws), or if it can be any port I like. Maybe there should be two example lines in the config files, if they should be different for smith or mirror nodes ?
-
I could access the RPC endpoint after setting
DUNITER_RPC_CORStoall. Is it the right way to go for a public mirror node ? Should a smith node keep the default value ? -
I understood that smith nodes should not expose an RPC endpoint, right ?
- So, for smith nodes, all the communication is p2p ?
- Maintainers of a smith node should not setup any reverse proxy ?
- Should the smith node be associated (in any way) with a unique mirror node that would be its exposure to RPC requests ? (I think the answer is ‘no’, but I want a confirmation)
-
I let the ORACLE default values… I even don’t know if I launched an oracle node or not (I know it would not work anyway). If some conf values are only useful for specific cases, it may be nice to separate the conf file in parts, like
################
## Oracle part
## All following values can remain commented if you don't run an oracle
################
I join the conf files for the node and for the reverse-proxy, for more context.
env_file
# Sets the name of the node.
# This should be a unique identifier for your node within the network.
DUNITER_NODE_NAME=Matograine
# Specifies the blockchain network to connect to.
DUNITER_CHAIN_NAME=gdev
# Defines the address and port for node communication.
# The format is /ip4/[IP address]/tcp/[port]/[protocol].
# If SMITH NODE: `/ip4/0.0.0.0/tcp/<port>` and `/ip6/[::]/tcp/<port>`. Otherwise: `/ip4/0.0.0.0/tcp/<port>/ws` and `/ip6/[::]/tcp/<port>/ws`.
# ICI il faudrait des exemples commentés, je ne sais pas quelle est la valeur de <port>.
DUNITER_LISTEN_ADDR=/ip4/0.0.0.0/tcp/30333/ws
#DUNITER_LISTEN_ADDR=/ip4/0.0.0.0/tcp/9944/ws
# Specify browser origins allowed to access the HTTP & WS RPC servers.
# A comma-separated list with no space of origins.
# Value of `all` will disable origin validation. Default is to allow localhost and
#<https://polkadot.js.org> origins.
# Default: "http://localhost:*,http://127.0.0.1:*,https://localhost:*,https://127.0.0.1:*,https://polkadot.js.org"
#DUNITER_RPC_CORS=http://localhost:*,http://127.0.0.1:*,https://localhost:*,https://127.0.0.1:*,https://polkadot.js.org
DUNITER_RPC_CORS=all
# Configures the pruning profile to manage how old blockchain data is stored.
# This setting can only be set on the first creation of the database.
# Options:
# - 'archive': Keep the state of all blocks.
# - 'archive-canonical': Keep only the state of finalized blocks.
# - [number]: Keep the state of the last specified number of finalized blocks.
# Default: 256 for a balanced pruning strategy.
DUNITER_PRUNING_PROFILE=256
# Sets the directory for storing Duniter data.
# This should be a writable path on your system by the duniter user where the node can store its data.
# Default: /home/duniter/.local/share/duniter
BASE_PATH=/home/duniter/.local/share/duniter
# URL for the Oracle RPC server.
# This should point to the RPC endpoint that the oracle will use to communicate with the blockchain.
# Default: ws://127.0.0.1:9944 for a local WebSocket RPC server.
ORACLE_RPC_URL=ws://127.0.0.1:9944
# Determines the log level for the Oracle.
# Options include 'error', 'warn', 'info', 'debug', 'trace'.
# 'info' is a good default that provides useful runtime information without too much detail.
# Default: info
ORACLE_LOG_LEVEL=info
nginx config
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name gdev.matograine.fr;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /PATH/TO/fullchain.pem;
ssl_certificate_key /PATH/TO/privkey.pem;
root /nowhere;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_read_timeout 90;
location / {
proxy_pass http://localhost:9944;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_read_timeout 1200s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
)