How to deploy your own node? What kind of problems may you encounter? Is there any workaround for that? These are just some of the questions we often hear. And as such, we believe that we must address them.
First, we released a Twitter thread on the subject, but we felt that the highly concise form of tweets, while beneficial in concocting the very substantial essence of what we had to say, still forced us to leave some essential notions beyond.
To that end, here is an expanded version of our recommendations of the most important things one has to heed before deploying a node on a PoS blockchain. Even though currently extrnode focuses only on Solana, this advice applies to any other Proof-of-Stake blockchain and stems from the extensive experience of Everstake as a validator for over 70+ blockchain networks.
1. Hosting and Infrastructure
Don’t try to find the perfect hosting provider since there’s no such thing. Instead, have some leeway for unpredicted events that will inevitably occur. For instance, don’t enter into contracts that demand yearly advance payments from you. Instead, try several providers and choose the one that fits your needs best without stopping to look for other options.Â
The most typical problem with hosting providers is speed cutting. Simply put, you pay for a 10 Gbps server but get only 200 Mbps, if not less. Leaving for another provider is the only reasonable option if the connection speed is less than what you were promised.
2. Management of Keys
The rule of thumb is as follows: if something can improve the safety of your keys even slightly, you must do it. Similarly, if something can dampen it even slightly, you must avoid it. You should always expect someone to try to breach your security. These things may seem a bit paranoid, but since it’s the people who write the code and service the keys, they always remain the most vulnerable link in the chain. Bugs undiscovered by your team will be discovered by hackers.
In more practical terms, you must always check whatever you use to encrypt your data and visit GitHub regularly to see if any vulnerabilities were discovered. At the same time, keep your master key on a hardware wallet away from the internet.
You must also heed the risk that the hosting provider’s staff could turn to the dark side and try stealing your keys. Similarly, even if they remain good, someone could still physically access your servers. That is why you must always encrypt everything and use multisig. This way, you can always access your keys and move them to safety, even if the server was compromised.
3. Server Security
You will always need a well-trained information security specialist. If you happen to be one, you’re lucky. But please mind that no matter how good of a DevOps you might be, it’s not the same as infosec.Â
Another important notion is about always using the official binary. Building everything yourself might be tiresome, but in this case, you’re less likely to discover open ports that should have been closed. Using the official binary slashes some attack vectors.
The same goes for firewalls. UFW may be easier to use, but it makes discovering vulnerabilities more difficult. Ipstables, on the other hand, are harder to deploy but are generally safer.
Finally, always make backups for everything, especially since an attack may come from anywhere. You must always have a migration procedure in place. This notion is essential since many forget to tick the hosting provider’s uptime as a potential risk.
n addition, you can use extrnode as a backup node. We have more than 100 nodes in our balancer, both public and from our trusted partners.
4. Node Monitoring and Updates
As your infrastructure grows, it’s essential to monitor all its components to identify possible issues and vulnerabilities before they become critical. It’s also a great way to find ways of improving the overall performance of your infrastructure.Â
The tactics here are simple. Don’t pulverize your effort on many tasks at once. Instead, focus on doing just one thing right and then scale it to other areas. Those measures also cover testnets and other services.
Our team recommends using Zabbix and Grafana with backup checks and cross-point data feeding.Â
Regarding updates, don’t rely on official release notes since development teams tend to omit some details—not malevolently but because we’re all human. Therefore, always be sure to check changelogs on GitHub when an update goes live.Â
Finally, when you test something (and you always should), do it on backup nodes. Plus, update your hardware whenever you get the chance since fresher updates generally work better on newer CPUs. The newer the kernel, the fewer vulnerabilities it is likely to have. But that’s just a general rule. Check everything yourself.
5. Being a Part of the Ecosystem
It’s okay to have questions but not to address them to anyone. Blockchains usually have a central organization called a foundation willing to share their knowledge base with you. Since they are experts in this particular blockchain, they know the best way to set up nodes, select the most relevant hosting providers, and tackle possible issues.
If you happen to find a bug, be sure to report it on GitHub. The community can always offer you a workaround if there is one, and if there is none, it should at least know there is a problem. If everyone acts this way, we can always overcome problems. That is the core of community work and responsibility.
Final Thoughts
Start setting up your node with research, and don’t hesitate to ask others for help or advice. Arguably, this is the most fundamental recommendation since it’s applicable at any stage of deploying a node.
And remember, there is no such thing as “enough security.” You should always strive to enhance it, even if it seems borderline paranoid. Timely updates, node monitoring, debugging the code, and basically, everything mentioned above boils down to ensuring security.
Observing those recommendations does not guarantee that you won’t run into problems. It’s safe to say that you will, no matter what. But if you heed our advice, those problems will be less significant or frequent, and that’s the best possible outcome for this imperfect world.
—
What do you think about our recommendations? We’d be happy to hear your feedback about this article and extrnode products on Discord and Twitter!