NeurochainAI Node Setup

root@nc-rpc1:~# cat /etc/apt/sources.list
# deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main

#deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main


deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://deb.debian.org/debian bullseye main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

apt update
apt install open-ssh
apt install openssh-server -y
systemctl enable ssh
systemctl start ssh
apt install sudo -y
apt install vim -y

root@nc-rpc1:~# cat /etc/ssh/sshd_config
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

apt install ufw -y
ufw default deny incoming
ufw default allow outgoing

apt install add-apt-repository

## add ubuntu repository to sources.list

deb https://ppa.launchpadcontent.net/ethereum/ethereum/ubuntu bionic main
deb-src https://ppa.launchpadcontent.net/ethereum/ethereum/ubuntu bionic main
apt-get install -y gnupg2
apt-key adv --keyserver keyserver.ubuntu.com  --recv-keys 0x2A518C819BE37D2C2031944D1C52189C923F6CA9

apt update

apt install ethereum

apt-get install -y prometheus prometheus-node-exporter
systemctl enable  prometheus.service prometheus-node-exporter.service
systemctl restart  prometheus.service prometheus-node-exporter.service

apt-get install ntp

root@ltc-rpc:~# cat /etc/systemd/system/ncrpcgeth.service 
[Unit]
Description=Ethereum go client
After=syslog.target network.target

[Service]
User=<USER_ID>
Group=<USER_GROUP>
Environment=HOME=/home/<USER_ID>
Type=simple
ExecStart=/usr/bin/geth --datadir /home/<USER_ID>/nc-ethereum/data --syncmode full --networkid 313 --port 30304  --http.vhosts=<RPC_DOMAIN_NAME> --config /home/<USER_ID>/nc-ethereum/config.toml
KillMode=process
KillSignal=SIGINT
TimeoutStopSec=90
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target

ufw allow 30304/tcp
ufw allow 30304/udp

### only for RPC nodes:
ufw allow 443/tcp
ufw allow 443/udp

### For miner 
ufw allow 8551/tcp

server {

    listen 80 ;
    server_name <RPC_DOMAIN_NAME>;
    return 301 https://<RPC_DOMAIN_NAME>$request_uri;

} 

server {

  listen 443 ssl;
  ssl_certificate /etc/ssl/live/<RPC_DOMAIN_NAME>/server.pem;
  ssl_certificate_key /etc/ssl/live/<RPC_DOMAIN_NAME>/server.key;
  ssl_session_cache shared:SSL:10m;
  server_name <RPC_DOMAIN_NAME>;

  location / {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
      proxy_redirect http:// https://;
      proxy_pass   http://localhost:8545/;
  }

}

server {
    listen 80 ;
    server_name <RPC_WS_DOMAIN_NAME>;
    return 301 https://<RPC_WS_DOMAIN_NAME>$request_uri;
} 

server {

  listen 443 ssl;
  ssl_certificate /etc/ssl/live/<RPC_WS_DOMAIN_NAME>/server.pem;
  ssl_certificate_key /etc/ssl/live/<RPC_WS_DOMAIN_NAME>/server.key;
  ssl_session_cache shared:SSL:10m;
  server_name <RPC_WS_DOMAIN_NAME>;

  location / {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
      proxy_pass   http://localhost:8546/;
  }
}

mkdir nc-ethereum
cd nc-ethereum/
vim genesis.json

{
  "config": {
    "chainId": 313,
    "homesteadBlock": 0,
    "eip150Block": 0,
    "eip150Hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
    "eip155Block": 0,
    "eip158Block": 0,
    "byzantiumBlock": 0,
    "constantinopleBlock": 0,
    "petersburgBlock": 0,
    "istanbulBlock": 0,
    "muirGlacierBlock": 0,
    "berlinBlock": 0,
    "londonBlock": 0,
    "arrowGlacierBlock": 0,
    "grayGlacierBlock": 0,
    "clique": {
      "period": 3,
      "epoch": 30000
    }
  },
  "nonce": "0x0",
  "difficulty": "0x1",
  "gasLimit": "0x7fffffffffffff",
  "extradata": "0x00000000000000000000000000000000000000000000000000000000000000000E331B9305fE88B5d9364e273df338Ff669a8Fbf1642557FEc3350995F7b8F8CDCC91D148361F89c89C75C61761e750Fc9BF897bDd375a6C41a002A40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "coinbase":"0x0e331b9305fe88b5d9364e273df338ff669a8fbf",
  "validators": {
    "multi": {
        "0": {
            "list": [
                "0x0E331B9305fE88B5d9364e273df338Ff669a8Fbf",
                "0x1642557FEc3350995F7b8F8CDCC91D148361F89c",
                "0x89C75C61761e750Fc9BF897bDd375a6C41a002A4"
            ]
        }
    }
},
  "alloc": {
    "1B7e1e8a2fcCE7386c7ea6550DFe198318B18F03": { "balance": "76500000000000000000000000" },
    "a02A914808cD03B13345C83860089C8B4012a4FC": { "balance": "279000000000000000000000000" },
    "2fE367138156821f9A80559e6423cDA9F25fDfd1": { "balance": "13500000000000000000000000" },
    "4bB47E35322aFf4836360893f4418Ea583F75B7e": { "balance": "45000000000000000000000000" },
    "cFBF504018374b4F3C137C92074026fD4E44f664": { "balance": "36000000000000000000000000" }
  }
}

geth init --datadir data genesis.json

[Eth]
NetworkId = 313
SyncMode = "full"
EthDiscoveryURLs = []
SnapDiscoveryURLs = []
NoPruning = false
NoPrefetch = false
TxLookupLimit = 2350000
LightPeers = 100
DatabaseCache = 512
DatabaseFreezer = ""
TrieCleanCache = 154
TrieCleanCacheJournal = "triecache"
TrieCleanCacheRejournal = 3600000000000
TrieDirtyCache = 256
TrieTimeout = 3600000000000
SnapshotCache = 102
Preimages = false
FilterLogCacheSize = 32
EnablePreimageRecording = false
RPCGasCap = 50000000
RPCEVMTimeout = 5000000000
RPCTxFeeCap = 1e+00


[Eth.TxPool]
Locals = []
NoLocals = false
Journal = "transactions.rlp"
Rejournal = 3600000000000
PriceLimit = 1000000000
PriceBump = 10
AccountSlots = 512
GlobalSlots = 10000
AccountQueue = 256
GlobalQueue = 5000
Lifetime = 10800000000000

[Eth.GPO]
Blocks = 20
Percentile = 60
MaxHeaderHistory = 1024
MaxBlockHistory = 1024
MaxPrice = 500000000000
IgnorePrice = 2

[Node]
DataDir = "/home/ncgeek/nc-ethereum/data"
IPCPath = "geth.ipc"
HTTPHost = "localhost"
HTTPPort = 8545
HTTPVirtualHosts = ["localhost"]
HTTPModules = ["web3","eth","net","txpool","debug"]
AuthAddr = "localhost"
AuthPort = 8551
AuthVirtualHosts = ["localhost"]
WSHost = "localhost"
WSPort = 8546
WSModules = ["web3","eth","net","txpool","debug"]
GraphQLVirtualHosts = ["localhost"]

[Node.P2P]
MaxPeers = 50
NoDiscovery = false
BootstrapNodes = ["enode://063b86010bb453c31f88960477a1135937a96e8b4e19718adf141b7d83260d03db3b66365ec5bf467fc6b921b9ce54203039a9f92286ddbd103f77620a4c8956@195.12.190.175:30304","enode://ee269227f41e71aa52c030a4d5a1fc400c3e3684d219a05888500c2ca86c4e4ca7e1ba5317aa80639fb9a2714d6899bf5b6ded582c885b1006382220ce78b995@195.12.190.176:30304","enode://01cc1588228cc6e419ae101577258408a1cb8ad028884f96dfc567d7a46450f8507fe7e8632e7e9b869ed8d2f9f5d20ee75357bbd3b0acde6068df417a47c901@195.12.190.177:30304"]
StaticNodes = ["enode://063b86010bb453c31f88960477a1135937a96e8b4e19718adf141b7d83260d03db3b66365ec5bf467fc6b921b9ce54203039a9f92286ddbd103f77620a4c8956@195.12.190.175:30304","enode://ee269227f41e71aa52c030a4d5a1fc400c3e3684d219a05888500c2ca86c4e4ca7e1ba5317aa80639fb9a2714d6899bf5b6ded582c885b1006382220ce78b995@195.12.190.176:30304","enode://01cc1588228cc6e419ae101577258408a1cb8ad028884f96dfc567d7a46450f8507fe7e8632e7e9b869ed8d2f9f5d20ee75357bbd3b0acde6068df417a47c901@195.12.190.177:30304"]
TrustedNodes = []
ListenAddr = ":30304"
DiscAddr = ""
EnableMsgEvents = false

[Node.HTTPTimeouts]
ReadTimeout = 30000000000
ReadHeaderTimeout = 30000000000
WriteTimeout = 30000000000
IdleTimeout = 120000000000

[Metrics]
HTTP = "127.0.0.1"
Port = 6060
InfluxDBEndpoint = "http://localhost:8086"
InfluxDBDatabase = "geth"
InfluxDBUsername = "test"
InfluxDBPassword = "test"
InfluxDBTags = "host=localhost"
InfluxDBToken = "test"
InfluxDBBucket = "geth"
InfluxDBOrganization = "geth"

systemctl start ncrpcgeth.service

systemctl restart nginx.service