How To Replace Infura With Your Ethereum Full Node

Tired of using the central point of failure that Infura is? Or you simply don’t want to pay 1000$/month to be able to inspect each block? Run an Ethereum full node!

The goal of this tutorial is to help you set up your node, configure the server and connect web3 to it through WebSocket, safely and securely.
It’s pretty simple. So let’s get started.

The final result!

Node Requirements

The biggest bottleneck of an Ethereum node is the disk I/O. This means you will need a good SSD of a decent size (at least 300gb). Don’t even try to sync on an HDD, it won’t work.
You will also need at least 4gb of RAM. If you want better performance you will need a lot more RAM (16GB+). This would allow you to load the state into memory instead of loading it from the disk.
For the CPU, anything recent with multiple cores will do.

Pre-requisites

Let’s start by installing all the software that we will need to safely install and run your node.

wget https://releases.parity.io/ethereum/v2.6.4/x86_64-unknown-linux-gnu/parity

sudo add-apt-repository ppa:certbot/certbot

sudo apt install nginx ufw python-certbot-nginx screen

Configuration

Parity

Let’s create the path to the config file

mkdir -p ~/.local/share/io.parity.ethereum

and create the config file itself

nano ~/.local/share/io.parity.ethereum/config.toml

# This config should be placed in following path:
# ~/.local/share/io.parity.ethereum/config.toml
[parity]
# Blockchain and settings will be stored in /data/io.parity.ethereum
# You will need to change this.
base_path = “/data/io.parity.ethereum”
[websockets]
# JSON-RPC over WebSockets will be accessible on port 8646.
port = 8646
# JSON-RPC will be listening for connections on IP all.
interface = “all”
[footprint]
# If defined will never use more then X MB for all caches. (Overrides other cache settings).
# Set this value according to the amount of RAM you have on the server minus 4gb to run parity itself if you have 12gb available, this should be set to 8000
cache_size = 8000
# Increase performance on SSD.
db_compaction = “ssd”

Create a new screen session to run parity:

screen

if you’re running the initial sync, you should use the following parameters to sync as fast as possible:

./parity --allow-ips=public --max-peers=256 --max-pending-peers=256 --no-serve-light --no-periodic-snapshot --no-secretstore --no-ipc --no-hardware-wallets --no-jsonrpc --no-ws --scale-verifiers

When the sync is finished, you will need to switch to

./parity --no-serve-light --no-periodic-snapshot --no-secretstore --no-ipc --no-hardware-wallets --max-peers=256 --max-pending-peers=256

detach from the screen

ctrl+a d

reattach:

screen -r

Nginx

Why use Nginx? Nginx will be used as a reverse proxy in front of the Ethereum Node which gives us a few advantages:
- We can simply setup WebSocket over SSL (WSS)
- We can use a .htpasswd to set a simple auth
- We can close all ports associated with an Ethereum node with the UFW firewall and only require the port 80/443 to be opened.

Let’s only configure Nginx for WebSocket through HTTP for the moment, the HTTPS will be configured automatically with Certbot.

sudo nano /etc/nginx/sites-available/node.example.com

server {
auth_basic “Protected Ethereum client”;
auth_basic_user_file /etc/nginx/.htpasswd;
listen 80;
listen [::]:80;
server_name node.example.com;
location / {
# redirect all HTTP traffic to localhost:8646
proxy_pass http://localhost:8646;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
}

Now we need to create the .htpasswd. You can use a tool like https://www.htaccesstools.com/htpasswd-generator/ to generate it.

nano /etc/nginx/.htpasswd

Let’s try the validity of our newly created conf file with

sudo nginx -t

To make the site available, create a symlink and reload Nginx

sudo ln -s /etc/nginx/sites-available/node.example.com /etc/nginx/sites-enabled/

sudo systemctl reload nginx

Certbot

Run the following command to create the SSL certificate though Cerbot and follow the instruction prompted on screen.

sudo certbot — nginx -d node.example.com

When prompted to choose if you should allow the HTTP traffic, choose option 2: redirect.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Let’s check the Nginx conf file for that domain, it should now look like this:

sudo nano /etc/nginx/sites-available/node.example.com

server {
auth_basic “Protected Ethereum client”;
auth_basic_user_file /etc/nginx/.htpasswd;
server_name node.example.com;
listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/node.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/node.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# redirect all HTTP traffic to localhost:8646
proxy_pass http://localhost:8646;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
}
server {
if ($host = node.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name node.example.com;
return 404; # managed by Certbot
}

UFW

Before enabling the firewall, we need to configure it to allow HTTP(S) and SSH traffic

sudo ufw allow ‘Nginx Full’

sudo ufw allow OpenSSH

Let’s check if it’s correctly configured with

sudo ufw status

You should see results similar to this

Status: activeTo                         Action      From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

Your server is now fully configured, the only thing remaining is to enable the firewall so let’s do it!

sudo ufw enable

Web3

const web3 = new Web3('wss://YOUR_USER:YOUR_PASSWORD@node.example.com');

That’s it your done!

Software Developer, Bitcoin enthousiast, Shitcoin Minimalist, Freelance/Consultant sylti.eu