Hosting the Pathfinder (stack)

# Hosting the Pathfinder (stack) > 2023-04-20 > Jacque, Jon ## Hosting ownership - Indonesia is paying for their services (bare metal, cloud), ergo we have to pay for ours ^^ ## Machine specs From Daniel: Here the specs of the server we're using at Hetzner right now: - Processor: AMD Ryzen 9 3900 - Number of cores: 12 - Storage: two 1.92 TB Datacenter NVMe SSDs (base model) in RAID 1 - RAM: 128 GB ECC RAM - Price: €99.96 (plus a one-time setup fee of €105.91) To be sure we'd need two similar sized servers. We could get along with 64GB Ram but the disks are filling quickly due to the ever growing chain and DB (we're alredy at 41% used disk). ## Topology - rpc.circlesubi.id DNS round robin load balancing - rpc.helsinki.circlesubi.id - Traefik - Pathfinder Proxy - Pathfinder2 - Blockchain Indexer - Pathfinder2 Updater - rpc.falkenstein.circlesubi.id - Traefik - Pathfinder Proxy - Pathfinder2 - Blockchain Indexer - Pathfinder2 Updater - uses DNS-01 challenge for Let's Encrypt to create certificates for a shared domain on different machines https://github.com/CirclesUBI/circles-platform 1. setup partisttions and distribution from /installimage 2. add the keys to the robot and the provider ed25599 3. ubuntu vs debian --> debian is too old. basically is easier everything with ubuntu 4. edit the inventory to add our machine 5. docker, posix, general and crypto needed 6. (note for Jacque -> look at tailscale/headscale) 7. edit the playbook not needed monitoring and headscale 8. this is configured for googlecloud dns -> we need to use our netlify 9. roles 10. dynamc traefik configuration - it doesnt use the docker traefic provides. Any exploit in the reverse proxy cca give you root --- Ansible Suggestion - rpc.circles.garden - rpc.falkenstein.circles.garden Proposal: Shared load balancer to move away from DNS round robin? https://github.com/CirclesUBI/shared-development-organizing/blob/main/out/technical-documentation/deployment/Circles.land%20Deployment%20Diagram.svg - rpc.circles* on Kubernetes - Traefik - Pathfinder Proxy - use the VPN / mesh to decouple cloud and bare metal billing accounts - rpc.falkenstein.circlesubi.id - rpc.helsinki.circlesubi.id - rpc.falkenstein.circles.garden - **Decouple**: Nethermind + Lighthouse for HA and apply load balancing to them, so we can share the Nodes, and use smaller RPC machines - falkenstein - helsinki - … ## Walkthrough in the installation - https://github.com/CirclesUBI/circles-platform/tree/main/installimage - https://github.com/CirclesUBI/circles-platform/tree/main/ansible ## Follow up - https://github.com/CirclesUBI/circles-iac/tree/main/ansible - Hosting the Pathfinder platform in the cloud, to allow for auto-scaling - Get a db dump from CiGno to get started and make a decision on how to proceed - Talk with Daniel/Lluna about the suggested new topology -> do we need a new appointment or in two weeks is fine?