Node Tutorials
This section contains tutorials for various actions a typical node user may wish to undertake.
The following tutorial, Zero To Node, wlil show you a step-by-step way to set up a Pocket Node on hosted hardware.
This section contains tutorials for various actions a typical node user may wish to undertake.
The following tutorial, Zero To Node, wlil show you a step-by-step way to set up a Pocket Node on hosted hardware.
Welcome to Zero To Node! This is a step-by-step guide for setting up a Pocket node. While there are many different ways to set up a node, the focus of this tutorial is on keeping things simple and with the minimum of steps, while still focusing on security and stability.
This guide is broken down into five parts:
The main utility of a Pocket node is to relay transactions to other blockchains. So, Pocket nodes need access to other nodes for the blockchains they’ll be relaying to. However, the focus of this guide is just on setting up a Pocket node that will relay to the Pocket network, essentially, through itself. Setting up nodes for other blockchains such as Harmony, Ethereum, or any of the other supported blockchains is beyond the scope of this guide.
After completing the steps outlined here, you’ll have a fully functional Pocket node up and running. If you choose, you can also opt to stake your node and earn rewards. We’ll cover that here, but staking is not required unless you want to earn rewards.
This guide is for anyone interested in running Pocket nodes. While the goal is to keep things simple, the assumption is that you have some general blockchain and computer networking knowledge, and some Linux terminal experience.
In order to complete this guide, you’ll need:
This section will help you set up and configure a server to prepare it for being a Pocket node.
The first thing you’ll need to run a Pocket node is a server. For this guide, we’ll be using a virtual machine on the Linode cloud service, but you can use any cloud service you like, or run a server of your own.
Pocket has no affiliation with Linode and does not recommend any one provider over another. The general steps outlined here should work for most cloud providers.
Let’s start by creating a Linode instance (a virtual machine).
To create a Linode instance, do the following:
Sign up for a Linode account and login.
Create a new Linode with the following specifications:
Ubuntu 20.04 LTS
Atlanta, GA
Dedicated 16 GB - 8 CPU, 320 GB Storage, 16 GB RAM
pokt001
Wait for the Linode to be created and show up as running in the web interface.
For a more detailed guide on setting up a Linode instance, see the Linode docs. Also, note that the Atlanta, GA
region was selected for this guide because it supports NVMe storage which is preferable for running nodes. Check to see which other regions support NVMe storage.
The Pocket blockchain is very large and growing all the time, and the snapshot we’ll be downloading in a later step is too large to fit on this Linode instance.
Because of this, we’ll need to create a secondary storage volume. We recommend a size of at least 500GB, but as this requirement will keep growing, a larger volume size (or a dynamically adjustable disk size) will be important.
In your Linode account, click Volumes and then Create Volume.
Create a volume with the following specifications:
poktuserdir
pokt001
Now that the Linode instance is created and running, you’ll need to set up a DNS record that points to the IP address of the Linode instance.
Pocket nodes require a DNS name. DNS (Domain Name Service) names are used to map an IP address to more human-friendly names. So rather than referencing a server with an address like 134.23.153.21
we can use a name like pokt001.pokt.run
.
Most domain registrars allow you to add DNS records. Please refer to the DNS setup documentation for your provider.
Specifically, you’ll need to add an A
record for the domain name. For the exact steps, consult the DNS documentation for your provider. Then create a record with the following information:
pokt001
A
[Linode_IP_Address]
300
After setting up your DNS record, wait a few minutes for the DNS to propagate. Then use the following command to check that the DNS record is working:
The examples in this tutorial will use pokt001
as the server on the pokt.run
domain, so pokt001.pokt.run
will be used as the DNS name. Please replace this throughout with your own server and domain name.
ping -c 3 pokt001.pokt.run
You should see a response that looks something like this:
64 bytes from 134.23.153.21: icmp_seq=0 ttl=47 time=92.403 ms
64 bytes from 134.23.153.21: icmp_seq=1 ttl=47 time=142.828 ms
64 bytes from 134.23.153.21: icmp_seq=2 ttl=47 time=182.456 ms
If the IP address matches the IP address of your Linode instance, you’re all set!
It can sometimes take longer than a minute for the DNS to propagate. So, be patient if things don’t seem to work right away.
Now that we have a DNS record setup, we will look at using SSH to log in and continue the setup process.
The Secure Shell Protocol (SSH) is a secure way to connect to your Linode instance from a remote machine, like your local computer. We’ll be using SSH to complete the remainder of the setup process.
If you’re using a Mac, or Linux, on your local computer, you can SSH into your node by doing the following:
Open a terminal
SSH into your node using the following command:
ssh root@pokt001.pokt.run
Don’t forget to replace pokt001.pokt.run
with your DNS name.
You’ll be prompted for your password. This is the root password that you set when you created your Linode.
Windows 10 and later have a built-in SSH client. You can use SSH on Windows by doing the following:
Open the Windows terminal
SSH into your node using the following command:
ssh root@pokt001.pokt.run
Don’t forget to replace pokt001.pokt.run
with your DNS name.
If you’re using an older version of Windows, you might need to install PuTTY or some other SSH client.
At this point you should be logged into your node as the root
user.
In a previous step, we set the DNS name for the node. Now we’ll use the same name for the hostname on the server.
To set the server hostname use the following steps:
Open the /etc/hostname
file with the following command:
nano /etc/hostname
Change the localhost
value to the fully qualified hostname of your node (for example, pokt001.pokt.run
).
Save the file with Ctrl+O
and then Enter
.
Exit nano with Ctrl+X
.
Reboot the server with the following command:
reboot
Wait for the server to reboot then ssh back in as the root
user before continuing on.
For security reasons it’s best not to use the root
user. Instead, it’s better to create a new user and add the user to the sudo
group.
To create a new user, enter the following commands:
Create a new user named pocket
, add it to the sudo
group, and set the default shell to bash
. If you want to specify the location of the home directory, you can use the -d
option followed by the path to the home directory:
useradd -m -g sudo -s /bin/bash pocket && passwd pocket
For the rest of this guide, we’ll be using the pocket
user. So now that the pocket
user is created, you can switch from using root
to the pocket
user with the following command:
su - pocket
Next we want to mount the secondary storage volume that we created in a previous step.
Verify that the volume is attached to your instance.
sudo fdisk -l
Disk /dev/sdc: 800 GiB, 858993459200 bytes, 1677721600 sectors
Disk model: Volume
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Create a new partition. If the previous command shows a file path different from /dev/sdc
, use that instead in the commands below:
sudo mkfs.ext4 /dev/sdc
Create a new mount point:
sudo mkdir /mnt/data
Mount the new partition:
sudo mount /dev/sdc /mnt/data
Verify that the partition was created by running the following command:
sudo lsblk -o NAME,PATH,SIZE,FSAVAIL,FSUSE%,MOUNTPOINT
NAME PATH SIZE FSAVAIL FSUSE% MOUNTPOINT
sda /dev/sda 319.5G 289.5G 3% /
sdb /dev/sdb 512M [SWAP]
sdc /dev/sdc 800G 328G 53% /mnt/data
Set the volume to be mounted automatically. Open /etc/fstab
:
sudo nano /etc/fstab
Add the following line to the bottom of the file:
/dev/sdc /mnt/data ext4 defaults,noatime,nofail 0 2
Save the file with Ctrl+O
and then Enter
.
Exit nano with Ctrl+X
.
Many Pocket commands assume a data directory path of ~/.pocket
. While it is possible to specify a different data directory with every command, it will be much easier to change the location of the pocket
user home directory. For this tutorial, we will be putting the Pocket data directory at /mnt/data/.pocket
.
To change the home directory of the pocket
user:
sudo usermod -d /mnt/data pocket
While not required, using an SSH key provides a more secure means of accessing your server.
Using an SSH key removes the ability for credentials to be sniffed in the login process, and removes the pitfalls that can often come with user generated passwords since the key will truly be random.
One important thing to understand, is that without access to the ssh key, you won’t be able to log into your node. If you intend on accessing your node from multiple computers, it’s recommended that you repeat the Generate Key and Upload Key steps from each computer that you intend to access your node from before moving on to the Disable Root Login and Password Authentication step.
Log Out
At the terminal you’ll need to enter the logout
command twice. The first logout logs you out of the pocket user, back to the root user, and the second logout logs you out of the server and back to your terminal.
Generate Key
Next, we’ll generate an ssh key. To do that you’ll run the ssh-keygen command. You’ll be prompted to specify the file you want to save the key to, and for a password. Specifying a password means that if someone has access to your key, they’d still need to know the password to be able to use it to login. To create the key, do the following:
Run the ssh-keygen command
ssh-keygen -t rsa -b 4096
Enter file in which to save the key (~/.ssh/id_rsa
)
Enter a passphrase (empty for no passphrase)
Enter same passphrase again
The results should looking something like the following:
The key fingerprint is:
SHA256:jr2MLXIha188wYsp/bNflN9BuqQ3LWCAXJNTtHO7sWk
The key's randomart image is:
+---[RSA 4096]----+
| o+o |
| . oo. . |
| o ..o . . |
| . . o.+ |
| S oo= . |
| ...B o..+.B..|
| .o=.B ..E...|
| +.o*.o .o o |
| . +o.*+. |
+----[SHA256]-----+
Upload Key
Now we’re going to upload the key so that we can use it to log into the pocket user. If you choose a different path for the ssh key, it’s important to replace the ~/.ssh/id_rsa
with the key you used.
ssh-copy-id -i ~/.ssh/id_rsa pocket@pokt001.pokt.run
Windows users may not have access to this command. If you don't have access to a Bash shell, you can use PowerShell to mimic this command. [See these instructions for more details.](https://chrisjhart.com/Windows-10-ssh-copy-id/)
Disable Root Login and Password Authentication
Now we’re now going to configure ssh to no longer allow root logins, and to not allow any password based login attempts. Meaning without access to the ssh key for the pocket user, no one will be able to log into the server.
First we’ll need to log back into the server:
ssh pocket@pokt001.pokt.run
From there, we’ll want to open the /etc/ssh/sshd_config
file to make some changes to the default configuration:
sudo nano /etc/ssh/sshd_config
Once there, we’ll need to find and change the following lines:
#PermitRootLogin prohibit-password
-> PermitRootLogin no
#PubkeyAuthentication yes
-> PubkeyAuthentication yes
#PasswordAuthentication yes
-> PasswordAuthentication no
Once changed, Ctrl-O
followed by Enter
will save the changes, and Ctrl-X
will exit nano back to the terminal.
Then we’ll need to restart the ssh server for these changes to take effect:
sudo systemctl restart sshd.service
Verify Everything Works
The last step is to log out of the server, and try logging back in. If you’re no longer prompted for a password, then everything is working as expected.
ssh -i C:\Users\<USER>\.ssh\id_rsa -l pocket pokt001.pokt.run
ssh -i ~\.ssh\id_rsa pocket@pokt001.pokt.run
That’s it for the server setup! Continue on to install the necessary software.
This section will help you install all the necessary software for your node.
Now let’s move on to the Pocket CLI installation.
At this point you should be logged in via SSH as the pocket
user that we set up in a previous step. Before we install the Pocket software, we need to update the existing system packages and add a few dependencies.
sudo apt update
sudo apt dist-upgrade -y
After the update completes, we’re ready to install the dependencies.
There are a handful of dependencies but installing them won’t take long. Also, some might already be installed. So if one of the dependencies exists, you can just move on to the next one.
sudo apt-get install git -y
sudo apt-get install build-essential -y
sudo apt-get install curl -y
sudo apt-get install file -y
sudo apt install nginx -y
sudo apt install certbot -y
sudo apt-get install python3-certbot-nginx -y
sudo apt install jq -y
After installing the dependencies, there is one more dependency we’ll need to add, and that’s Go. Go (sometimes known as “Golang”) is the programming language that the Pocket software was written in.
We could install Go using apt
, but we want to get the latest stable version which probably isn’t available by default in the apt
repository. So, we’ll use the steps below to install Go.
cd ~
wget https://dl.google.com/go/go1.19.2.linux-amd64.tar.gz
sudo tar -xvf go1.19.2.linux-amd64.tar.gz
sudo chown -R pocket ./go
PATH
:echo 'export PATH=$PATH:$HOME/go/bin' >> ~/.profile
GOPATH
and GOBIN
environment variables:echo 'export GOPATH=$HOME/go' >> ~/.profile
echo 'export GOBIN=$HOME/go/bin' >> ~/.profile
.profile
:source ~/.profile
go version
go version go1.19.2 linux/amd64
Make sure the version number matches the version you downloaded. If the go version
command doesn’t work, try logging out and logging back in.
GOPATH
and GOBIN
variables are set correctly:go env
GOPATH="/mnt/data/go"
GOBIN="/mnt/data/go/bin"
After you can verify that you have the latest stable version of Go, we’re ready to install the Pocket software.
We’ll be downloading Pocket Core from GitHub and then compiling it with Go to get it fully installed.
To download and install Pocket Core, do the following:
Create a project directory:
sudo mkdir -p $GOPATH/src/github.com/pokt-network
Change to the project directory:
cd $GOPATH/src/github.com/pokt-network
Clone the Pocket Core repository:
sudo git clone https://github.com/pokt-network/pocket-core.git
Change to the code directory:
cd pocket-core
Checkout the latest version. You can find the latest tag by going to https://github.com/pokt-network/pocket-core/tags:
sudo git checkout tags/RC-0.9.2
You may see a warning about being in a “detached HEAD” state. This is normal.
Build project code:
go build -o $GOPATH/bin/pocket $GOPATH/src/github.com/pokt-network/pocket-core/app/cmd/pocket_core/main.go
Test that the build succeeded:
pocket version
AppVersion: RC-0.9.2
That’s it for the software installation. Now let’s move on to the Pocket core configuration.
This section will help you configure your instance of Pocket.
Rather than synchronizing your Pocket node from block zero (which could take weeks), you can use a snapshot. A snapshot of the Pocket blockchain is taken every 12 hours and can be downloaded using the instructions on the Pocket Snapshots Repository page.
As of this writing, the snapshots are refreshed every 12 hours. In the GitHub repo you can look at when the README.md
file was last updated to determine when the last snapshot was taken. It’s best to download the snapshot that is less than a few hours old.
Downloading a snapshot will likely take a few hours, so we’re going to use the screen
command so that the download can run in the background, allowing you to perform other tasks.
To download the most recent snapshot:
screen
instance:screen
Enter
to get back to a prompt..pocket
directory.cd ~/.pocket
data
and change into it:mkdir data && cd data
wget -qO- https://snapshot.nodes.pokt.network/latest.tar.gz | tar xvfz -
While the snapshot is downloading, press Ctrl-A
and then d
to let the process run in the background and be returned to a prompt.
To return to your screen
instance to see how things are going:
screen -r
You can also check on the status of the download by watching your disk usage:
df -h
Once your download is completed, make the pocket
user the owner of the data
directory:
sudo chown -R pocket ~/.pocket/data
And when you’re done with your screen
instance, you can exit out of it:
exit
Pocket nodes are associated with a Pocket wallet account. This is the account that will be used to send and receive transactions from the node. You can either create a new account using the Pocket CLI we just installed, or you can use an existing account. For this guide, we’ll be creating a new account.
To create an account, run the following command:
pocket accounts create
You’ll be prompted to set a passphrase for the account. You can use any passphrase you like but for security reasons, it’s best to use a passphrase that is at least 12 characters long, preferably longer.
If you already have a Pocket account that you’d like to use to run the node, you can import it here. Upload the JSON file associated with your account to the server and run the following command:
pocket accounts import-armored <armoredJSONFile>
You will be prompted for the decryption passphrase of the file, and then for a new encryption passphrase to store in the keybase.
After you’ve created the account you can use the pocket accounts list
command to confirm that the account was added successfully.
pocket accounts list
Next, set the account as the one the node will use with the following command:
pocket accounts set-validator [YOUR_ACCOUNT_ADDRESS]
Finally, you can confirm that the validator address was set correctly by running the following command:
pocket accounts get-validator
config.json
The Pocket core software uses a config file to store configuration details. By default the config file is located at ~/.pocket/config/config.json
. In this step we’ll look at how to create a new config file.
To create a new config file:
Run the following command, which will create the default config.json
file, add the seeds, set port 8081 to 8082, and increase the RPC timeout value:
echo $(pocket util print-configs) | jq '.tendermint_config.P2P.Seeds = "03b74fa3c68356bb40d58ecc10129479b159a145@seed1.mainnet.pokt.network:20656,64c91701ea98440bc3674fdb9a99311461cdfd6f@seed2.mainnet.pokt.network:21656,0057ee693f3ce332c4ffcb499ede024c586ae37b@seed3.mainnet.pokt.network:22856,9fd99b89947c6af57cd0269ad01ecb99960177cd@seed4.mainnet.pokt.network:23856,1243026603e9073507a3157bc4de99da74a078fc@seed5.mainnet.pokt.network:24856,6282b55feaff460bb35820363f1eb26237cf5ac3@seed6.mainnet.pokt.network:25856,3640ee055889befbc912dd7d3ed27d6791139395@seed7.mainnet.pokt.network:26856,1951cded4489bf51af56f3dbdd6df55c1a952b1a@seed8.mainnet.pokt.network:27856,a5f4a4cd88db9fd5def1574a0bffef3c6f354a76@seed9.mainnet.pokt.network:28856,d4039bd71d48def9f9f61f670c098b8956e52a08@seed10.mainnet.pokt.network:29856,5c133f07ed296bb9e21e3e42d5f26e0f7d2b2832@poktseed100.chainflow.io:26656"' | jq '.pocket_config.rpc_timeout = 15000' | jq '.pocket_config.rpc_port = "8082"' | jq '.pocket_config.remote_cli_url = "http://localhost:8082"' | jq . > ~/.pocket/config/config.json
This is a long command! Make sure you’ve copied it completely.
Verify the config.json
file setting by viewing the contents of the file:
cat ~/.pocket/config/config.json
{
"tendermint_config": {
"RootDir": "/mnt/data/.pocket",
"ProxyApp": "tcp://127.0.0.1:26658",
"Moniker": "pokt001.pokt.run",
"FastSyncMode": true,
"DBBackend": "goleveldb",
"LevelDBOptions": {
"block_cache_capacity": 83886,
"block_cache_evict_removed": false,
"block_size": 4096,
"disable_buffer_pool": true,
"open_files_cache_capacity": -1,
"write_buffer": 838860
},
...
...
...
chains.json
Pocket nodes relay transactions to other blockchains. So, you’ll need to configure the chains your node can relay to. For this guide, we’ll just be setting up our node to relay to the Pocket mainnet blockchain, essentially through itself.
To maximize your rewards, you’ll want to relay to other chains. We’ll cover that in more detail later but here is a list of other blockchains you could relay to.
chains.json
file with the CLIYou can use the Pocket CLI to generate a chains.json
file for your node by running the following command:
pocket util generate-chains
This will prompt you for the following information:
0001
http://127.0.0.1:8082/
n
for now.By default the chains.json
file will be created in ~/.pocket/config
. You can use the --datadir
flag to create the chains.json file in an alternate location. For example: pocket util generate-chains --datadir "/mnt/data/.pocket"
.
genesis.json
Now that we have a chains.json
file set up, so we can move on to test our node.
When you start a Pocket node for the first time, it will need to find other nodes (peers) to connect with. To do that we use a file named genesis.json
with details about peers the node should connect to get on the network.
To create a JSON file with the genesis information:
.pocket/config
directory:cd ~/.pocket/config
genesis.json
file from GitHub:wget https://raw.githubusercontent.com/pokt-network/pocket-network-genesis/master/mainnet/genesis.json genesis.json
Ubuntu and other UNIX-like systems have a ulimit
shell command that’s used to set resource limits for users. One of the limits that can be set is the number of open files a user is allowed to have. Pocket nodes will have a lot of files open at times, so we’ll want to increase the default ulimit for the pocket
user account.
ulimit -n
-Sn
option is for setting the soft limit on the number of open files:ulimit -Sn 16384
-n
option is for getting the limit for just the number of open files:ulimit -n
Using the above method for setting the ulimit
only keeps the change in effect for the current session. To permanently set the ulimit, you can do the following:
/etc/security/limits.conf
file.sudo nano /etc/security/limits.conf
pocket soft nofile 16384
Ctrl+O
and then Enter
.Ctrl+X
.After permanently setting the ulimit, the next thing we’ll do is download a snapshot of the Pocket blockchain.
Next, we’ll configure the Pocket service using systemd, a Linux service manager. This will enable the Pocket node to run and restart even when we’re not logged in.
To setup a systemd service for Pocket, do the following:
Open nano and create a new file called pocket.service
:
sudo nano /etc/systemd/system/pocket.service
Add the following lines to the file:
[Unit]
Description=Pocket service
After=network.target mnt-data.mount
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
User=pocket
Group=sudo
ExecStart=/home/pocket/go/bin/pocket start
ExecStop=/home/pocket/go/bin/pocket stop
[Install]
WantedBy=default.target
Make sure the User
is set to the user that will run the Pocket service.
Make sure the ExecStart
and ExecStop
paths are set to the path for the Pocket binary.
Save the file with Ctrl+O
and then return
.
Exit nano with Ctrl+X
.
Reload the service files to include the pocket service:
sudo systemctl daemon-reload
Start the pocket service:
sudo systemctl start pocket.service
Verify the service is running:
sudo systemctl status pocket.service
pocket.service - Pocket service
Loaded: loaded (/etc/systemd/system/pocket.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-10-07 00:07:05 UTC; 1 weeks 0 days ago
Stop the pocket service:
sudo systemctl stop pocket.service
Verify the service is stopped:
sudo systemctl status pocket.service
Set the service to start on boot:
sudo systemctl enable pocket.service
Verify the service is set to start on boot:
sudo systemctl list-unit-files --type=service | grep pocket.service
pocket.service enabled enabled
Start the pocket service:
sudo systemctl start pocket.service
sudo systemctl restart pocket.service
sudo systemctl disable pocket.service
sudo systemctl list-units --type=mount
View the logs for the Pocket service:
sudo journalctl -u pocket.service
View just the last 100 lines of the logs (equivalent to the tail -f
command):
sudo journalctl -u pocket.service -n 100 --no-pager
You can use grep
to find errors in the logs.
sudo journalctl -u pocket.service | grep -i error
In case you skipped the step above while the snapshot was downloading, once your download is completed, make the pocket
user the owner of the data
directory:
sudo chown -R pocket ~/.pocket/data
And when you’re done with your screen
instance, you can exit out of it:
exit
We’re just about done. We just need to setup an HTTP proxy and we’ll be ready to go live. We’ll setup the proxy next.
This section will help you set up the proxy setting on your node.
Pocket requires that nodes have an SSL certificate for secure communications. SSL (Secure Sockets Layer) is a layer of security that sits on top of TCP/IP. It’s used to encrypt the data sent between a client and a server. To use SSL, you need to have a certificate and a key. Thankfully, getting an SSL certificate is straightforward and free.
To get a certificate, we’ll be using Let’s Encrypt which is a service that issues SSL certificates for free. We’ll also be using software called certbot to register, install, and renew the certificate.
We installed certbot in a previous step so we just need to use it to request a certificate.
To get a certificate, we’ll need to use the certbot
command with the following options:
--register-unsafely-without-email
: This option is required to get a certificate without an email address.--agree-tos
: This option is required to agree to the Let’s Encrypt Terms of Service.--nginx
: This option is required to use the nginx plugin.--no-redirect
: This option is required to disable the redirect to the Let’s Encrypt website.--domain
: This option is required to specify the domain name.Here’s an example of how to request a certificate. Just replace $HOSTNAME
with the DNS name of your node:
sudo certbot --nginx --domain $HOSTNAME --register-unsafely-without-email --no-redirect --agree-tos
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pokt001.pokt.run
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/default
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://pokt001.pokt.run
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The output from this command should confirm that the certificate was successfully registered.
To be sure, you’ll also want to test that the certificate is working.
There is a command that certbot provides to test your certificate. It’s used for testing the auto-renewal of the certificate but it also confirms that the certificate is working. You can run it using the following command:
sudo certbot renew --dry-run
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/pokt001.pokt.run/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The resulting output should confirm that the certificate is working.
Nginx is a web server. We installed it in a previous step but we need to do some additional configuration.
Nginx uses config files to define servers and routes for incoming requests. For Pocket nodes, nginx needs to relay public requests to a local HTTP server that pocket core is running. This is referred to as the proxy. We’ll also need to proxy requests made by the Pocket CLI. For example, when we run the command pocket query height
, the CLI makes an http request to the node’s local HTTP server.
The nginx configuration files we’re interested in are located in the /etc/nginx/sites-available/
directory. In that directory there is a default configuration file named default
. This is the configuration that is created when you install nginx, but we’ll be creating our own for our node.
To configure nginx:
sudo ls /etc/letsencrypt/live/
sudo nano /etc/nginx/sites-available/pocket
pokt001.pokt.run
) to your node’s DNS hostname in the three places found below:server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
server {
add_header Access-Control-Allow-Origin "*";
listen 80 ;
listen [::]:80 ;
listen 8081 ssl;
listen [::]:8081 ssl;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name pokt001.pokt.run;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/pokt001.pokt.run/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pokt001.pokt.run/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location ~* ^/v1/client/(dispatch|relay|challenge|sim) {
proxy_pass http://127.0.0.1:8082;
add_header Access-Control-Allow-Methods "POST, OPTIONS";
allow all;
}
location = /v1 {
add_header Access-Control-Allow-Methods "GET";
proxy_pass http://127.0.0.1:8082;
allow all;
}
}
Ctrl+O
.Ctrl+X
.sudo systemctl stop nginx
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/pocket /etc/nginx/sites-enabled/pocket
sudo systemctl start nginx
We’re almost done, but before we finish we’ll make our server more secure by setting firewall rules to limit network exposure. The Uncomplicated Firewall (UFW) is a security tool that makes configuring the firewall reasonably simple. We’ll use it to disable unnecessary ports.
For running a Pocket node, you’ll need to open the following ports:
22
: SSH80
: HTTP443
: HTTPS8081
: For the Pocket HTTP API26656
: For the Pocket RPC APITo use UFW to configure the firewall:
Enable UFW. When prompted, press y
to confirm:
sudo ufw enable
Set the default to deny all incoming connections:
sudo ufw default deny
Allow the SSH port:
sudo ufw allow ssh
Allow port 80:
sudo ufw allow 80
Allow port 443:
sudo ufw allow 443
Allow port 8081:
sudo ufw allow 8081
Allow port 26656:
sudo ufw allow 26656
That’s it for the UFW setup. Let’s just check the status to confirm the ports are open. To do that, run the following command:
sudo ufw status
After confirming only the necessary ports are open, you can move on to the final steps.
This section will details the final steps in going live with your node.
At this point your Pocket node should be up and running!
But you’ll want to test it to confirm. The following are some of the things you can do to test your Pocket Node.
The first thing to check is that the pocket service is running. You can do that by running the following command:
top -b -n 1 | grep pocket
You should see output similar to the following:
44871 root 20 0 1018268 33948 21448 S 0.0 0.4 0:00.17 pocket
You’ll want to check that the node is fully synced with the Pocket blockchain. The easiest way is to run the following command:
pocket query height
The result should look something like the following.
{
"height": 48161
}
Another way to see if your node is fully synced is to check the status with the following command:
curl http://127.0.0.1:26657/status
The result should look something like the following. Note the highlighted property catching_up
which indicates if the node is catching up with the blockchain or fully synced. In the example below, the node is fully synced.
{
"jsonrpc": "2.0",
"id": -1,
"result": {
"node_info": {
"protocol_version": {
"p2p": "7",
"block": "10",
"app": "0"
},
"id": "80b80c106115259349df8ef06267cff7bbabd194",
"listen_addr": "tcp://0.0.0.0:26656",
"network": "mainnet",
"version": "0.33.7",
"channels": "4020212223303800",
"moniker": "localhost",
"other": {
"tx_index": "on",
"rpc_address": "tcp://127.0.0.1:26657"
}
},
"sync_info": {
"latest_block_hash": "F39BBF5C64D9E02E28DDBB8640F84A22CFAE1727CFBC72537982EF5914E4BB25",
"latest_app_hash": "6198835747411135C1F812CB45FA5621D5ADB63342EC0678C20879D7D39F03B5",
"latest_block_height": "50021",
"latest_block_time": "2022-02-04T12:16:10.77575197Z",
"earliest_block_hash": "7D551967CB8BBC9F8C0EAE78797D0576951DDA25CE63DF1801C020478C0B02F8",
"earliest_app_hash": "",
"earliest_block_height": "1",
"earliest_block_time": "2020-07-28T15:00:00Z",
"catching_up": false
},
"validator_info": {
"address": "80B80C106115259349DF8EF06267CFF7BBABD194",
"pub_key": {
"type": "tendermint/PubKeyEd25519",
"value": "ee+o9bKqCbAO13FgWTLmJdi9hhfYg8AHsif5430uz8A="
},
"voting_power": "0"
}
}
}
You’ll also want to make sure your node is accessible to other nodes.
To test and confirm your node is visible to other nodes on the public network, you’ll make an HTTP request using the public DNS name for the node. You can use the following command to make that request:
curl https://pokt001.pokt.run:8081/v1
As always, don’t forget to change pokt001.pokt.run
to the DNS name for your node.
This should return the following. This is the version of pocket-core that is running.
"RC-0.9.2"
To earn POKT rewards, you’ll need to stake at least 15,000 POKT. That said, you should stake at least 15,100 POKT or more to be safe. This provides a little extra room in case your node gets slashed (penalized) for some reason.
Please make sure that you understand the risks associated with staking POKT and running a Pocket node.
If you’re using the Pocket CLI to fund an account, keep in mind that the CLI uses uPOKT (the smallest unit of POKT) for its calculations. The formula for converting POKT to uPOKT is: uPOKT = POKT * 10^6
. So, multiplying 15050 POKT by 10^6 (one million) will result in 15050000000 uPOKT.
Also keep in mind that there is a cost for every transaction you send. At the moment, that cost is a flat fee of 0.01 POKT, or 10000 uPOKT, but this may be subject to change.
pocket accounts list
pocket accounts get-validator
pocket query balance [YOUR_VALIDATOR_ADDRESS]
pocket nodes stake custodial [YOUR_VALIDATOR_ADDRESS] 15100000000 [CHAIN_IDS] https://[HOSTNAME]:443 mainnet 10000 false
The [CHAIN_IDS]
placeholder should be a list of relay chain IDs that are defined in your ~/.pocket/config/chains.json
file. In this guide we only set up 0001
, but if you were relaying to multiple chains, each id would be separated by a comma. For example, 0001,0022,0040
.
As of RC-0.9.1.3
there are two staking methods: custodial
and non-custodial
. The custodial method is used in the example above.
After you send the stake command, you’ll be prompted for your passphrase
, then you should see something like this:
http://localhost:8082/v1/client/rawtx
{
"logs": null,
"txhash": "155D46196C69F75F85791C4190D384B8BAFFBBEFCC5D1311130C54A1C54435A7"
}
The actual time it takes to stake will vary depending on when the last block was processed, but generally, it should take less than 15 minutes.
After you’ve staked your node, you can confirm it’s live by running the following command:
pocket query node [YOUR_VALIDATOR_ADDRESS]
If you see something like the following, it just means your node is not live yet:
http://localhost:8082/v1/query/node
the http status code was not okay: 400, and the status was: 400 Bad Request, with a response of {"code":400,"message":"validator not found for 07f5084ab5f5246d747fd1154d5d4387ee5a7111"}
If this happens, please wait a few minutes and try again.
Congratulations! You’ve successfully set up a Pocket node.
There’s more to running a Pocket node than this, such as maintenance, upgrades, and other administrative tasks, but hopefully this has gotten you started and on the right path. Thank you for doing your part to help decentralize Web3!