Tired of using the central point of failure that Infura is? Or you simply don’t want to pay 1000$/month to be able to inspect each block? Run an Ethereum full node!
The goal of this tutorial is to help you set up your node, configure the server and connect web3 to it through WebSocket, safely and securely.
It’s pretty simple. So let’s get started.
Node Requirements
The biggest bottleneck of an Ethereum node is the disk I/O. This means you will need a good SSD of a decent size (at least 300gb). Don’t even try to sync on an HDD, it won’t work.
You will also need at least 4gb of RAM. If you want better performance you will need a lot more RAM (16GB+). This would allow you to load the state into memory instead of loading it from the disk.
For the CPU, anything recent with multiple cores will do.
Pre-requisites
Let’s start by installing all the software that we will need to safely install and run your node.
wget https://releases.parity.io/ethereum/v2.6.4/x86_64-unknown-linux-gnu/parity
sudo add-apt-repository ppa:certbot/certbot
sudo apt install nginx ufw python-certbot-nginx screen
Configuration
Parity
Let’s create the path to the config file
mkdir -p ~/.local/share/io.parity.ethereum
and create the config file itself
nano ~/.local/share/io.parity.ethereum/config.toml
# This config should be placed in following path:
# ~/.local/share/io.parity.ethereum/config.toml[parity]
# Blockchain and settings will be stored in /data/io.parity.ethereum
# You will need to change this.
base_path = “/data/io.parity.ethereum”[websockets]
# JSON-RPC over WebSockets will be accessible on port 8646.
port = 8646
# JSON-RPC will be listening for connections on IP all.
interface = “all”[footprint]
# If defined will never use more then X MB for all caches. (Overrides other cache settings).
# Set this value according to the amount of RAM you have on the server minus 4gb to run parity itself if you have 12gb available, this should be set to 8000
cache_size = 8000
# Increase performance on SSD.
db_compaction = “ssd”
Create a new screen session to run parity:
screen
if you’re running the initial sync, you should use the following parameters to sync as fast as possible:
./parity --allow-ips=public --max-peers=256 --max-pending-peers=256 --no-serve-light --no-periodic-snapshot --no-secretstore --no-ipc --no-hardware-wallets --no-jsonrpc --no-ws --scale-verifiers
When the sync is finished, you will need to switch to
./parity --no-serve-light --no-periodic-snapshot --no-secretstore --no-ipc --no-hardware-wallets --max-peers=256 --max-pending-peers=256
detach from the screen
ctrl+a d
reattach:
screen -r
Nginx
Why use Nginx? Nginx will be used as a reverse proxy in front of the Ethereum Node which gives us a few advantages:
- We can simply setup WebSocket over SSL (WSS)
- We can use a .htpasswd to set a simple auth
- We can close all ports associated with an Ethereum node with the UFW firewall and only require the port 80/443 to be opened.
Let’s only configure Nginx for WebSocket through HTTP for the moment, the HTTPS will be configured automatically with Certbot.
sudo nano /etc/nginx/sites-available/node.example.com
server {
auth_basic “Protected Ethereum client”;
auth_basic_user_file /etc/nginx/.htpasswd;
listen 80;
listen [::]:80;
server_name node.example.com;location / {
# redirect all HTTP traffic to localhost:8646
proxy_pass http://localhost:8646;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
}
Now we need to create the .htpasswd. You can use a tool like https://www.htaccesstools.com/htpasswd-generator/ to generate it.
nano /etc/nginx/.htpasswd
Let’s try the validity of our newly created conf file with
sudo nginx -t
To make the site available, create a symlink and reload Nginx
sudo ln -s /etc/nginx/sites-available/node.example.com /etc/nginx/sites-enabled/
sudo systemctl reload nginx
Certbot
Run the following command to create the SSL certificate though Cerbot and follow the instruction prompted on screen.
sudo certbot — nginx -d node.example.com
When prompted to choose if you should allow the HTTP traffic, choose option 2: redirect.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Let’s check the Nginx conf file for that domain, it should now look like this:
sudo nano /etc/nginx/sites-available/node.example.com
server {
auth_basic “Protected Ethereum client”;
auth_basic_user_file /etc/nginx/.htpasswd;
server_name node.example.com; listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/node.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/node.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbotlocation / {
# redirect all HTTP traffic to localhost:8646
proxy_pass http://localhost:8646;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
}server {
if ($host = node.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot listen 80;
listen [::]:80;
server_name node.example.com;
return 404; # managed by Certbot
}
UFW
Before enabling the firewall, we need to configure it to allow HTTP(S) and SSH traffic
sudo ufw allow ‘Nginx Full’
sudo ufw allow OpenSSH
Let’s check if it’s correctly configured with
sudo ufw status
You should see results similar to this
Status: activeTo Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
Your server is now fully configured, the only thing remaining is to enable the firewall so let’s do it!
sudo ufw enable
Web3
const web3 = new Web3('wss://YOUR_USER:YOUR_PASSWORD@node.example.com');
That’s it your done!