gitlab.com/aquachain/aquachain@v1.17.16-rc3.0.20221018032414-e3ddf1e1c055/Documentation/node-operator-guide/how-to-public-rpc.md (about) 1 # How to Host a Public RPC 2 3 To set up a private RPC, run with `-rpc` flag. 4 5 To set up a public RPC, follow this guide. 6 7 ### About Public RPC Nodes 8 9 The network is able to function without any public RPC nodes, but they add convenience to end-users. 10 11 What they do is provide a JSON RPC over HTTP(s). Applications such as explorers and wallets can use public RPCs to fetch data and submit transactions. 12 13 Public RPC Nodes do not need any private keys. They should not be on the same machine as private keys. 14 15 Currently, the aquachain command doesn't use TLS/HTTPS to provide a secure RPC. For now, it is necessary to use a reverse proxy for this purpose. 16 17 ### The setup 18 19 Here is *one of many* setups that can provide a public https endpoint, offering a public RPC for the world to use. 20 21 * For SSL (recommended), setup your subdomain DNS to your IP, before this. 22 * It is recommended to use a machine with 2GB or more RAM. 23 * Need at least 50GB disk space, recommended SSD but not necessary. 24 * Preferably a dedicated machine, such as a VPS with no other uses. 25 * A newer version of `caddy` or `go` may have arrived since this was published. 26 27 You can follow this guide which uses a fresh VPS. The OS is Ubuntu. 28 29 All commands as root user... lets go! 30 31 ``` 32 # add users 33 adduser --system aqua 34 adduser --system caddy 35 36 # install go (can skip if download aquachain binary) 37 mkdir -p /root/dl 38 cd /root/dl 39 wget -4 'https://golang.org/dl/go1.15.6.linux-amd64.tar.gz' 40 tar xvf go1.15.6*.tar.gz -C /usr/local/ 41 ln -s /usr/local/go/bin/* /usr/local/bin/ 42 43 # install caddy (reverse proxy, ssl, web server) 44 cd /root/dl 45 wget -4 -O /usr/local/bin/caddy 'https://caddyserver.com/api/download?os=linux&arch=amd64' 46 chmod +x /usr/local/bin/caddy 47 setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/caddy 48 49 # setup clean reboots for database health 50 wget -4 -O /etc/rc0.d/K01aquachain https://github.com/aquachain/aquachain/raw/master/contrib/K01aquachain 51 chmod +x /etc/rc0.d/K01aquachain 52 53 # setup aquachain rpc 54 cd /home/aqua 55 sudo -u aqua git clone https://gitlab.com/aquachain/aquachain src/aquachain 56 cd src/aquachain 57 sudo -u aqua make 58 mv /home/aqua/src/aquachain/bin/aquachain /usr/local/bin/aquachain 59 60 # setup aqua reboot 61 cat <<EOF >/home/aqua/reboot.bash 62 #!/bin/bash 63 TERM=xterm 64 # can modify these for example --config or something 65 AQUAFLAGS="-nokeys -gcmode archive -rpc -rpccorsdomain='*' -rpcvhosts='*'" 66 tmux new-session -n aqua -d /usr/local/bin/aquachain $AQUAFLAGS 67 EOF 68 69 chmod +x /home/aqua/reboot.bash 70 echo '@reboot bash /home/aqua/reboot.bash' | crontab -u aqua 71 72 # setup caddy reverse proxy 73 cd /home/caddy 74 wget -4 https://github.com/aquachain/aquachain/raw/master/contrib/Caddyfile 75 echo "/usr/local/bin/caddy start" >> /home/caddy/reboot.bash 76 chmod +x /home/caddy/reboot.bash 77 echo '@reboot bash /home/caddy/reboot.bash' | crontab -u caddy 78 ``` 79 80 ### Now customize the Caddyfile with your domain name 81 82 Don't forget to edit /home/caddy/Caddyfile and replace the dummy domain name. 83 84 ### Putting it all together 85 86 Now you have a machine that will automatically launch caddy and aquachain, accepting secure requests from anyone on the internet. The machine has no keys, never uses keys, never signs anything. 87 88 If this is all you are using the server for, you are probably done with your setup. 89 90 Restart the VPS machine. (as root, `reboot`) 91 92 Open up a terminal and run: `aquachain attach https://mydomain.examplename` 93 94 Use your domain name instead of the dummy name. 95 96 If you get an AQUA console, you have achieved your goal, a public https rpc server.. 97