Compiled and written by EOSForce Core Team
Available in Chinese on EOSForce Github
Table of Contents
- Principles of Deployment
- Recommended architecture
Graph of architecture
Architecture description
Block producing node
* Block producer private key
* Disable RPC
* Limit P2P
*Others - Synchronized node
config.ni
Optional plugins
Principles of Deployment
- Isolate BP server
- Open functional plugins on a minimal level
- Configure master and slave to switch at any time
- Avoid single points of failure
- Minimal server requirements: 3 servers, each: 16G RAM, 256G Disk
Recommended architecture
- AWS in the graph can be other VPS service providers, such as Alibaba Cloud, Tencent Cloud, and etc.
- Redundancy in deployment: deploy Master and Slace two identical solutions at the same time in two different rooms.
- Slave BP and Master BP set up to produce blocks for one synchronized node at normal times of block production.
- When Master BP experiences issues (or is re-launching), switch to the corresponding block producing node.
Architecture Description
Slave deployment node, Master deployment node, and every corresponding nodes are the same in configuration, so below will be only about Master Node deployment configurations.
It is recommended to use Docker image eosforce/eos:v1.0 for deployment.
- Master BP’s
p2p-peer-addressaddress is only configured in 2 P2P addresses, which are that of Public Node and Secret Node that connect to it. - Public Node is used to connect to other BP’s P2P addresses, with its P2P address made openly available. External users can set up synchronized nodes to connect to this address to synchronize block production.
- Secret Node is only used to connect to other BP’s P2P address, with its IP and port number made unavailable to the external. External users cannot connect their synchronized nodes to this address to synchronize block production.
- Public Node and Secret Node should be at least 2 in number respectively to avoid single point failure.
- Public Node’s RPC port does not provide service to the external, but uses resty-gate as proxy. resty-gate is a project based on OpenResty used to perform HTTPS proxy, current limit, speed limit, defense, etc. for RPC ports.
Block Producing Node
Block producing nodes only configure chain_api_plugin:
plugin = eosio::chain_api_pluginBlock producer private key
When executing updatebp to register BP. Don’t fill parameter block_signing_key with account private key, that is not active or owner key, but create a new pair of keys for block production.
Disable RPC
Write blank tohttp-server-address = to dsiable RPC.
http-server-address = Limit P2P
p2p-listen-endpoint = <inbound ip>:9876 # only allow your own synchronized nodes to connect. Swtich to other random port when officially deploying.
p2p-peer-address = xx.xx.xx.xx:9876 # Own BP synchronized node. Swtich to other random port when officially deploying.Synchronized Node
config.ini
http-server-address = 127.0.0.1:8888 # RPC port monitor is local. Use proxy to provide external service.
access-control-allow-origin = *
access-control-allow-headers = Content-Type
access-control-allow-credentials = false# Swtich to other random port when officially deploying.
p2p-listen-endpoint = 0.0.0.0:9876# Swtich to other random port when officially deploying.
p2p-server-address = <public ip>:9876# Own BP and other BP's Sync Nodes
p2p-peer-address = xx.xx.xx.xx:9876# Can make higher based on own machine configs, but recommended not too high
max-clients = 25
Optional plugins
Synchronized Nodes can configure some plugins based on needs:
# When many plugins are on and setting
get-actions-on = true,
need to moderately increase chain-state-db-size-mb,
# otherwise Syncronized Node might fail to synchronize due to insufficient state catalog capacity.
chain-state-db-size-mb = 10240# chain_api_plugin used for RPC service
plugin = eosio::chain_api_plugin# set filter-on = *, get-actions-on = true can obtain all trasaction records
# these two settings are used usually for explorer and wallet
filter-on = *
get-actions-on = true# filter-on and get-actions-on need history_plugin
plugin = eosio::history_plugin
plugin = eosio::history_api_plugin
