Implementing Reverse Proxy

Your node needs to have proper network parameters and proxy configuration to ensure your node not giving away free infra or be exposed to attacks as well as, have full scaling capabilities.

Configure Your Reverse Proxy:

For Pocket Validator Nodes and Seed Nodes, they will need to be equipped with a reverse proxy, as well as the required SSL certificates.
You can use any web server tool to configure your reverse proxy like whether it's:

  • Ngnix
  • Apache

In this section, we will give you basic examples highlighting how you can configure your webserver to support your desired node(Pocket Node, Pocket Validator node, Pocket Seed Node) using Ngnix.

❗️

Disclaimer:

This is only a template to help you understand how to set up a proxy and not to be used for real implementation. We are not liable for any potential slashing which will result in loss of funds.

To properly configure your webserver to be a Pocket Node or any of its child nodes, you need to have the base configuration and features enabled:

  • SSL enabled:
    • ssl_certificate
    • ssl_certificate_key
  • CORS(POST & OPTIONS)- enabled
  • Rate Limit - enabled
  • Request Que
  • Port 8081 forward to your desired port
  • Max Connections needs to be set to your node limit

Pocket Full Node

upstream 127.0.0.1 {

   server 127.0.0.1:8082 max_conns=<your node limit>;
   
}

server {

   listen 8081 ssl;
   listen [::]:8081 ssl;

   ssl on;
   ssl_certificate /etc/.../fullchain.pem;
   ssl_certificate_key /etc/.../privkey.pem;

   access_log /var/log/nginx/reverse-access.log;
   error_log /var/log/nginx/reverse-error.log;

   location = / {
     proxy_pass http://127.0.0.1;
     allow all;

   }
}

Pocket Validator Node:

upstream 127.0.0.1 {

      server 127.0.0.1:8082 max_conns=<your node limit>;


   }

server {
   add_header Access-Control-Allow-Origin "*";

   listen 8081 ssl;
   listen [::]:8081 ssl;

   ssl on;
   ssl_certificate /etc/.../fullchain.pem;
   ssl_certificate_key /etc/.../privkey.pem;

   access_log /var/log/nginx/reverse-access.log;
   error_log /var/log/nginx/reverse-error.log;


    location ~* ^/v1/client/(dispatch|relay|challenge|sim) {

     proxy_pass http://127.0.0.1;
     add_header Access-Control-Allow-Methods "POST, OPTIONS";
     allow all;
   }

   location = /v1 {
     add_header Access-Control-Allow-Methods "GET";
     proxy_pass http://127.0.0.1;
     allow all;

   }
}

Note: The sim allows you to test your node chains configuration and it is optional to have. You can add or remove it at any time.

Pocket Seed node

upstream 127.0.0.1 {

   server 127.0.0.1:8082 max_conns=<your node limit>;

}

server {
   add_header Access-Control-Allow-Origin "*";

   listen 8081 ssl;
   listen [::]:8081 ssl;

   ssl on;
   ssl_certificate /etc/.../fullchain.pem;
   ssl_certificate_key /etc/.../privkey.pem;

   access_log /var/log/nginx/reverse-access.log;
   error_log /var/log/nginx/reverse-error.log;


   location = /v1/client/dispatch {

     proxy_pass http://127.0.0.1;
     add_header Access-Control-Allow-Methods "POST, OPTIONS";
     allow all;
   }
   
    
}

Updated 2 months ago



Implementing Reverse Proxy


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.