Use a reverse proxy to do SSL termination and Request Management (Request queueing and/or Rate Limiting).
The only 2 ports that need to be exposed to the internet are the Pocket RPC port (defaults to 8081) and the Tendermint Peer-to-Peer port (defaults to 26656), both of which are configurable via the config.json file.
There’s a 3rd port 26657, which is the Tendermint RPC port, use this port to read information about the network and your node status, do NOT expose this port.
When running a Validator Node one of your options is to have it share a private network with your other blockchain nodes, that way you can avoid exposing those other blockchain nodes to the internet if you desire so.
Those nodes still have to connect to their respective Peer-To-Peer networks so in this case, they will have to be granted internet access respectively on those ports.
As with any internet-facing, production-level application, Pocket Core was designed to be run in a process managed environment, to handle restarts and other process-level configurations.
After you have successfully tested your environment to make sure it's properly set up, you can set up your desired node!
Devs can opt out of receiving service for nodes having self signed certificates. This could have an impact on the requested your node can receive for servicing. Which is why we recommend having a certified SSL certificate before servicing relays.
If you are a novice at setting up a node or setting up an environment for your node. We encourage you to look at one of our helpful guides to learn how to set up certain configurations for your node.
Updated about a month ago