To ensure seamless functionality and robust performance, the setup involves the configuration and deployment of nodes across the network. Each node serves as a crucial building block, responsible for validating transactions, maintaining the ledger, and participating in the consensus mechanism.
systemctl restart ssh
apt upgrade -y
systemctl daemon-reload
add contents to genesis json file, by placing below content
add contents to config.toml file, by placing below content:
Switch to root user or run sudo command:
root@nc-rpc1:~# cat /etc/apt/sources.list
# deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main
#deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main
deb bullseye main contrib non-free
deb bullseye-security main contrib non-free
deb-src bullseye main contrib non-free
deb-src bullseye-security main contrib non-free
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
apt update
apt install open-ssh
apt install openssh-server -y
systemctl enable ssh
systemctl start ssh
apt install sudo -y
apt install vim -y
root@nc-rpc1:~# cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
apt install ufw -y
ufw default deny incoming
ufw default allow outgoing
apt install add-apt-repository
## add ubuntu repository to sources.list
deb bionic main
deb-src bionic main
apt-get install -y gnupg2
apt-key adv --keyserver --recv-keys 0x2A518C819BE37D2C2031944D1C52189C923F6CA9
apt update
apt install ethereum
apt-get install -y prometheus prometheus-node-exporter
systemctl enable prometheus.service prometheus-node-exporter.service
systemctl restart prometheus.service prometheus-node-exporter.service
apt-get install ntp
root@ltc-rpc:~# cat /etc/systemd/system/ncrpcgeth.service
Description=Ethereum go client
ExecStart=/usr/bin/geth --datadir /home/<USER_ID>/nc-ethereum/data --syncmode full --networkid 313 --port 30304 --http.vhosts=<RPC_DOMAIN_NAME> --config /home/<USER_ID>/nc-ethereum/config.toml
ufw allow 30304/tcp
ufw allow 30304/udp
### only for RPC nodes:
ufw allow 443/tcp
ufw allow 443/udp
### For miner
ufw allow 8551/tcp
server {
listen 80 ;
server_name <RPC_DOMAIN_NAME>;
return 301 https://<RPC_DOMAIN_NAME>$request_uri;
server {
listen 443 ssl;
ssl_certificate /etc/ssl/live/<RPC_DOMAIN_NAME>/server.pem;
ssl_certificate_key /etc/ssl/live/<RPC_DOMAIN_NAME>/server.key;
ssl_session_cache shared:SSL:10m;
server_name <RPC_DOMAIN_NAME>;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect http:// https://;
proxy_pass http://localhost:8545/;
server {
listen 80 ;
server_name <RPC_WS_DOMAIN_NAME>;
return 301 https://<RPC_WS_DOMAIN_NAME>$request_uri;
server {
listen 443 ssl;
ssl_certificate /etc/ssl/live/<RPC_WS_DOMAIN_NAME>/server.pem;
ssl_certificate_key /etc/ssl/live/<RPC_WS_DOMAIN_NAME>/server.key;
ssl_session_cache shared:SSL:10m;
server_name <RPC_WS_DOMAIN_NAME>;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8546/;
mkdir nc-ethereum
cd nc-ethereum/
vim genesis.json
"config": {
"chainId": 313,
"homesteadBlock": 0,
"eip150Block": 0,
"eip150Hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
"eip155Block": 0,
"eip158Block": 0,
"byzantiumBlock": 0,
"constantinopleBlock": 0,
"petersburgBlock": 0,
"istanbulBlock": 0,
"muirGlacierBlock": 0,
"berlinBlock": 0,
"londonBlock": 0,
"arrowGlacierBlock": 0,
"grayGlacierBlock": 0,
"clique": {
"period": 3,
"epoch": 30000
"nonce": "0x0",
"difficulty": "0x1",
"gasLimit": "0x7fffffffffffff",
"extradata": "0x00000000000000000000000000000000000000000000000000000000000000000E331B9305fE88B5d9364e273df338Ff669a8Fbf1642557FEc3350995F7b8F8CDCC91D148361F89c89C75C61761e750Fc9BF897bDd375a6C41a002A40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
"validators": {
"multi": {
"0": {
"list": [
"alloc": {
"1B7e1e8a2fcCE7386c7ea6550DFe198318B18F03": { "balance": "76500000000000000000000000" },
"a02A914808cD03B13345C83860089C8B4012a4FC": { "balance": "279000000000000000000000000" },
"2fE367138156821f9A80559e6423cDA9F25fDfd1": { "balance": "13500000000000000000000000" },
"4bB47E35322aFf4836360893f4418Ea583F75B7e": { "balance": "45000000000000000000000000" },
"cFBF504018374b4F3C137C92074026fD4E44f664": { "balance": "36000000000000000000000000" }
geth init --datadir data genesis.json
NetworkId = 313
SyncMode = "full"
EthDiscoveryURLs = []
SnapDiscoveryURLs = []
NoPruning = false
NoPrefetch = false
TxLookupLimit = 2350000
LightPeers = 100
DatabaseCache = 512
DatabaseFreezer = ""
TrieCleanCache = 154
TrieCleanCacheJournal = "triecache"
TrieCleanCacheRejournal = 3600000000000
TrieDirtyCache = 256
TrieTimeout = 3600000000000
SnapshotCache = 102
Preimages = false
FilterLogCacheSize = 32
EnablePreimageRecording = false
RPCGasCap = 50000000
RPCEVMTimeout = 5000000000
RPCTxFeeCap = 1e+00