# ggxchain validator ### build ggxchain-node ```bash= rustup update rustup target add wasm32-unknown-unknown rustup component add rust-src git clone https://github.com/ggxchain/ggxnode.git ~/git/ggxchain/ggxnode cd ~/git/ggxchain/ggxnode cargo build --release --no-default-features --features="sydney" cargo run --release -p ggxchain-node --no-default-features --features "sydney" ``` ### create sydney user on node ```bash= sudo groupadd --system sydney sudo useradd \ --system \ --gid sydney \ --home-dir /var/lib/sydney \ --create-home \ --shell /sbin/nologin \ --comment 'ggxchain sydney daemon service account' \ sydney ``` ### open firewall ```bash= default_zone=$(sudo firewall-cmd --get-default-zone) for port_proto in {80,30335,9625,9935}/tcp; do sudo firewall-cmd \ --zone=${default_zone} \ --add-port=${port_proto} \ --permanent done sudo firewall-cmd --reload sudo firewall-cmd --list-all ``` ### copy node binary to node #### bob ```bash= rsync \ --rsync-path 'sudo rsync' \ --perms \ --chown root:root \ -avz \ ${HOME}/git/ggxchain/ggxnode/target/release/ggxchain-node \ bob:/usr/local/bin/ggxchain-node ``` #### poweredge-1 ```bash= rsync \ --rsync-path 'sudo rsync' \ --perms \ --chown root:root \ -avz \ ${HOME}/git/ggxchain/ggxnode/target/release/ggxchain-node \ poweredge-1:/usr/local/bin/ggxchain-node ``` ### option 1: maintain node key on dev machine #### create node key ```bash= mkdir -p ${HOME}/ggxchain/sydney ${HOME}/git/ggxchain/ggxnode/target/release/ggxchain-node \ key \ generate-node-key \ --file ${HOME}/ggxchain/sydney/node.key ``` #### copy node key to node ```bash= node_public_key=$(${HOME}/git/ggxchain/ggxnode/target/release/ggxchain-node \ key \ inspect-node-key \ --file ${HOME}/ggxchain/sydney/node.key) rsync \ --rsync-path 'sudo rsync' \ --perms \ --chown sydney:sydney \ --chmod 0400 \ -avz \ ${HOME}/ggxchain/sydney/node.key \ bob:/var/lib/sydney/${node_public_key} ``` ### option 2: maintain node key on node #### create node key ```bash= sudo -u sydney /usr/local/bin/ggxchain-node \ key \ generate-node-key \ --file /var/lib/sydney/node.key ``` ### create `/etc/systemd/system/sydney.service` ```systemd= [Unit] Description=ggxchain sydney validator Wants=network-online.target After=network-online.target [Service] User=sydney Group=sydney ExecStart=/usr/local/bin/ggxchain-node \ --chain sydney \ --name 'черно море' \ --validator \ --base-path /var/lib/sydney \ --port 30335 \ --rpc-port 9935 \ --rpc-cors all \ --rpc-methods safe \ --database rocksdb \ --state-pruning 256 \ --blocks-pruning 256 \ --node-key-type ed25519 \ --node-key-file /var/lib/sydney/12D3KooWMyq3atSLsxRLigdLoGemXqqErDr8ezFPZ64sGCYEgGdr \ --log info \ --prometheus-port 9625 \ --prometheus-external \ --public-addr /dns/sydney.ggx.systems/tcp/30335/p2p/12D3KooWNmnpLLVzsoXgRGSKH91BurSwcDuhEo6hm35ixJogAk5o \ --bootnodes \ /dns/sun.sydney.ggxchain.io/tcp/30333/p2p/12D3KooWGmopnFNtQb2bo1irpjPLJUnmt9K4opTSHTMhYYobB8pC \ -- \ --chain sydney \ --name 'черно море' \ --telemetry-url 'wss://telemetry.sydney.ggxchain.io/submit 0' Restart=always RestartSec=120 [Install] WantedBy=multi-user.target ``` ### create `/etc/nginx/default.d/proxy-9935.conf` on node ```nginx= location / { proxy_pass http://127.0.0.1:9935; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ``` ### create `/etc/nginx/sites-available/sydney.ggx.systems.conf` on reverse proxy ```nginx= server { server_name sydney.ggx.systems; listen 443 ssl; gzip off; location / { proxy_pass http://192.168.0.179:9935; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # chain metrics location /metrics { proxy_pass http://192.168.0.179:9625/metrics; proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_certificate /etc/letsencrypt/live/sydney.ggx.systems/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/sydney.ggx.systems/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; } ``` ### create cert on reverse proxy ```bash= sudo certbot certonly \ -m ops@ggx.systems \ --agree-tos \ --no-eff-email \ --noninteractive \ --cert-name sydney.ggx.systems \ --expand \ --allow-subset-of-names \ --key-type ecdsa \ --dns-cloudflare \ --dns-cloudflare-credentials /root/.cloudflare-ggx.systems \ --dns-cloudflare-propagation-seconds 60 \ -d sydney.ggx.systems ``` ### enable reverse proxy ```bash= sudo ln -sfr /etc/nginx/sites-available/sydney.ggx.systems.conf /etc/nginx/sites-enabled/sydney.ggx.systems.conf sudo systemctl restart nginx.service ``` ### upgrade node binary ```bash= rustup update cd ~/git/ggxchain/ggxnode git pull cargo build --release --no-default-features --features="sydney" cargo run --release -p ggxchain-node --no-default-features --features "sydney" # ctrl+c ssh bob sudo systemctl stop sydney.service rsync \ --rsync-path 'sudo rsync' \ --perms \ --chown root:root \ -avz \ ${HOME}/git/ggxchain/ggxnode/target/release/ggxchain-node \ bob:/usr/local/bin/ggxchain-node ssh bob sudo systemctl start sydney.service ``` ``` grenade@bob:~$ sudo sed -i 's/rpc-methods safe/rpc-methods unsafe/' /etc/systemd/system/sydney.service grenade@bob:~$ sudo systemctl daemon-reload grenade@bob:~$ sudo systemctl start sydney.service grenade@bob:~$ curl -H "Content-Type: application/json" -d '{"id":1, "jsonrpc":"2.0", "method": "author_rotateKeys", "params":[]}' http://127.0.0.1:9935 curl: (7) Failed to connect to 127.0.0.1 port 9935 after 0 ms: Couldn't connect to server grenade@bob:~$ curl -H "Content-Type: application/json" -d '{"id":1, "jsonrpc":"2.0", "method": "author_rotateKeys", "params":[]}' http://127.0.0.1:9935 grenade@bob:~$ curl -H "Content-Type: application/json" -d '{"id":1, "jsonrpc":"2.0", "method": "author_rotateKeys", "params":[]}' http://127.0.0.1:9935 sudo systemctl stop sydney.service grenade@bob:~$ sudo sed -i 's/rpc-methods unsafe/rpc-methods safe/' /etc/systemd/system/sydney.service grenade@bob:~$ sudo systemctl daemon-reload grenade@bob:~$ sudo systemctl start sydney.service ```