LogoLogo
NeurochainAI
NeurochainAI
  • overview
    • Introduction
    • Our Vision
    • Biggest Problems in AI
    • What is NeurochainAI?
    • L1 NCN Chain Overview
    • L3 NCN AI Overview
    • PoWtS Consensus Mechanism
    • Three Types of Nodes Across NeurochainAI
    • Tokenomics
    • Roadmap
  • Services & Products
    • For Developers
    • For Community
    • For Businesses
  • Dev Docs
    • NeurochainAI Node Setup
    • Grant Program
  • DE-AI
    • What is DE-AI
    • The Need of DE-AI
    • Scalability and availability
    • Data Privacy & Security
    • Community Incentives
    • Pre-made AI Models
    • Ready-made Infrastructure
  • Legal Disclaimer
Powered by GitBook
On this page
  • Add and enable sources for debian 11
  • Install missing software for netinstall.iso
  • update sshd_config file
  • systemctl restart ssh
  • Install ufw and add default IP's
  • Install and configure geth
  • Install prometheus node exporter
  • Install and run NTP
  • RPC Node systemd service ncrpcgeth.service
  • Enable geth ports for syncing
  • NGINX SSL 443 config RPC1
  • switch to USER_ID account
  • Start RPC node
  1. Dev Docs

NeurochainAI Node Setup

To ensure seamless functionality and robust performance, the setup involves the configuration and deployment of nodes across the network. Each node serves as a crucial building block, responsible for validating transactions, maintaining the ledger, and participating in the consensus mechanism.

Add and enable sources for debian 11

root@nc-rpc1:~# cat /etc/apt/sources.list
# deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main

#deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main


deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://deb.debian.org/debian bullseye main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

Install missing software for netinstall.iso

apt update
apt install open-ssh
apt install openssh-server -y
systemctl enable ssh
systemctl start ssh
apt install sudo -y
apt install vim -y

update sshd_config file

root@nc-rpc1:~# cat /etc/ssh/sshd_config
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

Restart ssh

systemctl restart ssh

upgrade OS

apt upgrade -y


Install ufw and add default IP's

apt install ufw -y
ufw default deny incoming
ufw default allow outgoing

Install and configure geth

apt install add-apt-repository

## add ubuntu repository to sources.list

deb https://ppa.launchpadcontent.net/ethereum/ethereum/ubuntu bionic main
deb-src https://ppa.launchpadcontent.net/ethereum/ethereum/ubuntu bionic main
apt-get install -y gnupg2
apt-key adv --keyserver keyserver.ubuntu.com  --recv-keys 0x2A518C819BE37D2C2031944D1C52189C923F6CA9

apt update

apt install ethereum

Install prometheus node exporter

apt-get install -y prometheus prometheus-node-exporter
systemctl enable  prometheus.service prometheus-node-exporter.service
systemctl restart  prometheus.service prometheus-node-exporter.service



Install and run NTP

apt-get install ntp

RPC Node systemd service ncrpcgeth.service

root@ltc-rpc:~# cat /etc/systemd/system/ncrpcgeth.service 
[Unit]
Description=Ethereum go client
After=syslog.target network.target

[Service]
User=<USER_ID>
Group=<USER_GROUP>
Environment=HOME=/home/<USER_ID>
Type=simple
ExecStart=/usr/bin/geth --datadir /home/<USER_ID>/nc-ethereum/data --syncmode full --networkid 313 --port 30304  --http.vhosts=<RPC_DOMAIN_NAME> --config /home/<USER_ID>/nc-ethereum/config.toml
KillMode=process
KillSignal=SIGINT
TimeoutStopSec=90
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target


systemctl daemon-reload


Enable geth ports for syncing

ufw allow 30304/tcp
ufw allow 30304/udp

### only for RPC nodes:
ufw allow 443/tcp
ufw allow 443/udp

### For miner 
ufw allow 8551/tcp

NGINX SSL 443 config RPC1

server {

    listen 80 ;
    server_name <RPC_DOMAIN_NAME>;
    return 301 https://<RPC_DOMAIN_NAME>$request_uri;

} 

server {

  listen 443 ssl;
  ssl_certificate /etc/ssl/live/<RPC_DOMAIN_NAME>/server.pem;
  ssl_certificate_key /etc/ssl/live/<RPC_DOMAIN_NAME>/server.key;
  ssl_session_cache shared:SSL:10m;
  server_name <RPC_DOMAIN_NAME>;

  location / {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
      proxy_redirect http:// https://;
      proxy_pass   http://localhost:8545/;
  }

}

server {
    listen 80 ;
    server_name <RPC_WS_DOMAIN_NAME>;
    return 301 https://<RPC_WS_DOMAIN_NAME>$request_uri;
} 

server {

  listen 443 ssl;
  ssl_certificate /etc/ssl/live/<RPC_WS_DOMAIN_NAME>/server.pem;
  ssl_certificate_key /etc/ssl/live/<RPC_WS_DOMAIN_NAME>/server.key;
  ssl_session_cache shared:SSL:10m;
  server_name <RPC_WS_DOMAIN_NAME>;

  location / {
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
      proxy_pass   http://localhost:8546/;
  }
}

switch to USER_ID account

mkdir nc-ethereum
cd nc-ethereum/
vim genesis.json

add contents to genesis json file, by placing below content

{
  "config": {
    "chainId": 313,
    "homesteadBlock": 0,
    "eip150Block": 0,
    "eip150Hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
    "eip155Block": 0,
    "eip158Block": 0,
    "byzantiumBlock": 0,
    "constantinopleBlock": 0,
    "petersburgBlock": 0,
    "istanbulBlock": 0,
    "muirGlacierBlock": 0,
    "berlinBlock": 0,
    "londonBlock": 0,
    "arrowGlacierBlock": 0,
    "grayGlacierBlock": 0,
    "clique": {
      "period": 3,
      "epoch": 30000
    }
  },
  "nonce": "0x0",
  "difficulty": "0x1",
  "gasLimit": "0x7fffffffffffff",
  "extradata": "0x00000000000000000000000000000000000000000000000000000000000000000E331B9305fE88B5d9364e273df338Ff669a8Fbf1642557FEc3350995F7b8F8CDCC91D148361F89c89C75C61761e750Fc9BF897bDd375a6C41a002A40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "coinbase":"0x0e331b9305fe88b5d9364e273df338ff669a8fbf",
  "validators": {
    "multi": {
        "0": {
            "list": [
                "0x0E331B9305fE88B5d9364e273df338Ff669a8Fbf",
                "0x1642557FEc3350995F7b8F8CDCC91D148361F89c",
                "0x89C75C61761e750Fc9BF897bDd375a6C41a002A4"
            ]
        }
    }
},
  "alloc": {
    "1B7e1e8a2fcCE7386c7ea6550DFe198318B18F03": { "balance": "76500000000000000000000000" },
    "a02A914808cD03B13345C83860089C8B4012a4FC": { "balance": "279000000000000000000000000" },
    "2fE367138156821f9A80559e6423cDA9F25fDfd1": { "balance": "13500000000000000000000000" },
    "4bB47E35322aFf4836360893f4418Ea583F75B7e": { "balance": "45000000000000000000000000" },
    "cFBF504018374b4F3C137C92074026fD4E44f664": { "balance": "36000000000000000000000000" }
  }
}

geth init --datadir data genesis.json

add contents to config.toml file, by placing below content:

[Eth]
NetworkId = 313
SyncMode = "full"
EthDiscoveryURLs = []
SnapDiscoveryURLs = []
NoPruning = false
NoPrefetch = false
TxLookupLimit = 2350000
LightPeers = 100
DatabaseCache = 512
DatabaseFreezer = ""
TrieCleanCache = 154
TrieCleanCacheJournal = "triecache"
TrieCleanCacheRejournal = 3600000000000
TrieDirtyCache = 256
TrieTimeout = 3600000000000
SnapshotCache = 102
Preimages = false
FilterLogCacheSize = 32
EnablePreimageRecording = false
RPCGasCap = 50000000
RPCEVMTimeout = 5000000000
RPCTxFeeCap = 1e+00


[Eth.TxPool]
Locals = []
NoLocals = false
Journal = "transactions.rlp"
Rejournal = 3600000000000
PriceLimit = 1000000000
PriceBump = 10
AccountSlots = 512
GlobalSlots = 10000
AccountQueue = 256
GlobalQueue = 5000
Lifetime = 10800000000000

[Eth.GPO]
Blocks = 20
Percentile = 60
MaxHeaderHistory = 1024
MaxBlockHistory = 1024
MaxPrice = 500000000000
IgnorePrice = 2

[Node]
DataDir = "/home/ncgeek/nc-ethereum/data"
IPCPath = "geth.ipc"
HTTPHost = "localhost"
HTTPPort = 8545
HTTPVirtualHosts = ["localhost"]
HTTPModules = ["web3","eth","net","txpool","debug"]
AuthAddr = "localhost"
AuthPort = 8551
AuthVirtualHosts = ["localhost"]
WSHost = "localhost"
WSPort = 8546
WSModules = ["web3","eth","net","txpool","debug"]
GraphQLVirtualHosts = ["localhost"]

[Node.P2P]
MaxPeers = 50
NoDiscovery = false
BootstrapNodes = ["enode://063b86010bb453c31f88960477a1135937a96e8b4e19718adf141b7d83260d03db3b66365ec5bf467fc6b921b9ce54203039a9f92286ddbd103f77620a4c8956@195.12.190.175:30304","enode://ee269227f41e71aa52c030a4d5a1fc400c3e3684d219a05888500c2ca86c4e4ca7e1ba5317aa80639fb9a2714d6899bf5b6ded582c885b1006382220ce78b995@195.12.190.176:30304","enode://01cc1588228cc6e419ae101577258408a1cb8ad028884f96dfc567d7a46450f8507fe7e8632e7e9b869ed8d2f9f5d20ee75357bbd3b0acde6068df417a47c901@195.12.190.177:30304"]
StaticNodes = ["enode://063b86010bb453c31f88960477a1135937a96e8b4e19718adf141b7d83260d03db3b66365ec5bf467fc6b921b9ce54203039a9f92286ddbd103f77620a4c8956@195.12.190.175:30304","enode://ee269227f41e71aa52c030a4d5a1fc400c3e3684d219a05888500c2ca86c4e4ca7e1ba5317aa80639fb9a2714d6899bf5b6ded582c885b1006382220ce78b995@195.12.190.176:30304","enode://01cc1588228cc6e419ae101577258408a1cb8ad028884f96dfc567d7a46450f8507fe7e8632e7e9b869ed8d2f9f5d20ee75357bbd3b0acde6068df417a47c901@195.12.190.177:30304"]
TrustedNodes = []
ListenAddr = ":30304"
DiscAddr = ""
EnableMsgEvents = false

[Node.HTTPTimeouts]
ReadTimeout = 30000000000
ReadHeaderTimeout = 30000000000
WriteTimeout = 30000000000
IdleTimeout = 120000000000

[Metrics]
HTTP = "127.0.0.1"
Port = 6060
InfluxDBEndpoint = "http://localhost:8086"
InfluxDBDatabase = "geth"
InfluxDBUsername = "test"
InfluxDBPassword = "test"
InfluxDBTags = "host=localhost"
InfluxDBToken = "test"
InfluxDBBucket = "geth"
InfluxDBOrganization = "geth"


Start RPC node

Switch to root user or run sudo command:

systemctl start ncrpcgeth.service

systemctl restart nginx.service
PreviousFor BusinessesNextGrant Program

Last updated 9 months ago

Page cover image