As part of Game of Nodes – a community initiative of SharkCIA Favourite, LTO Network it was necessary to deploy and configure a public blockchain node, in order to process transactions on the network and be eligible to participate.
We wanted to share with you details of a basic node setup, using the Lunanode cloud hosting provider, which in our own experience represents one of the most cost effective and solid performing cloud VPS providers out there. This website, and even our suite of charting bots across Telegram, Discord and Twitter, and the charting website ChartEx are all hosted on Lunanode Infrastructure.
This tutorial assumes that you have already created your new lease wallet and credited it with the minimum 1000 LTO required to start a node on the network, and all reference to LTO wallets henceforth relate to this specific wallet.
Your LEASE WALLET should be separate to your main wallet for security purposes. This adds an additional layer of security and mitigates against the risk of you having to expose your wallet seed to the VPS. You would then lease your main funds to your LEASE WALLET, and the Node would have the full benefit of your balance.
Step 1, naturally, is to sign up for a hosting account at Lunanode. Use this link if you’d like to support us via our affiliate link (we’d appreciate it very much!), or alternatively go direct to them using this link (no hard feelings!).
Step 2, fund your account. The node template we’ve been using costs $3.50 a month, so $10 will last you nearly a full quarter.
Step 3, create your VM. Lunanode have datacentres in Toronto, Montreal and Roubaix. Choose the one geographically closest, although in practical terms, all three options are more than suitable. Give your VM an appropriate name for future reference. This will become the VM’s hostname.
You’ll then be presented with the available hardware configurations, and for our required use-case, the ‘Memory Optimised’ m.1s template at $3.50 is sufficient.
Now you can choose an OS template from Lunanode’s own, vetted, tested repository, or if you wish to configure from scratch, you can upload your own ISOs and templates. We’ll be using Ubuntu 18.04 64-bit. The x.04 designation on the OS name represents Ubuntu’s long-term support releases, ie these distributions will be continually maintained for years to come.
Choose the ‘Default’ security group, for now. This enabled all traffic in and out via the firewall. YOU MUST CONFIGURE THIS once we’ve done the basic setup.
Hit the green ‘Create Virtual Machine’ button and you’ll be redirected to a new page where you can manage your VM.
The internal and external addresses will show once your VM is fully online. You’ll also receive an email when the VM is provisioned.
Step 4, you can now start configuring your VM. Click into the VM and you’ll be presented with the information you need to access the machine via SSH.
Note the External IP, username and password as these will be needed to start configuring your machine. Open up a terminal (for OSX, this is the Terminal app, for Windows, I use Putty and connect to your VM using the IP, username and password from above.
Next, run through the following commands, one-by-one, to install the pre-requisites:
sudo apt-get update sudo apt-get install ntp sudo apt-get install ntpdate sudo service ntp stop sudo ntpdate pool.ntp.org sudo service ntp start sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io sudo apt-get install docker-compose git clone https://github.com/legalthings/lto cd lto/public-node
In short, this will install and configure a time server, install docker and docker compose, then clone the LTO public node repository to your machine, ready for you to configure it.
Now open up Nano, the text editor installed to the VM to edit the ‘docker-compose.yml’ file to tailor it to your node.
Edit the following:
LTO_WALLET_SEED – remove the triangular brackets, and enter the seed phrase for your LEASE WALLET (ie the delegated wallet you are leasing to).
LTO_WALLET_PASSWORD – set a password here, be mindful that the docker compose file is stored, so don’t use anything hugely sensitive, this will be used to encrypt the keystore file on the node.
LTO_API_KEY – remove the triangular brackets and set an API key for later use with scripts and automations.
Add the following, where LTO_DECLARED_ADDRESS is the external IP of your node:
- LTO_ENABLE_REST_API=true - LTO_DECLARED_ADDRESS=x.x.x.x:6868
Once you’ve saved the file (use CTRL+O then CTRL+X) you can start your node by entering:
sudo docker-compose up
All being well, you’ll see Docker a) pull down the images for the LTO node then b) start synchronising blocks.
This will take some time, but when the messages change from consistent ‘New height’ to include mention of MicroBlock, you are all caught up. You can now press CTRL+C to gracefully close down the node, then start it again in ‘Daemon mode’ ie running in the background.
sudo docker-compose up -d
That’s it. You’ve now installed and configured your LTO public node. Your node will start generating blocks in approximately 16 hours (after 1000 blocks) and you can check on your rewards using this link and appending your Lease Wallet address, or using any other block explorer or community tool.
Now, time to secure your node.
Lunanode Security Groups provide firewall capabilities, controlling inward and outward traffic. Go to the ‘Security Groups’ section of the management interface, and create a new group in your region.
Then add rules to allow inbound traffic on ports 22, 6868 and 6869 only. 22 is for SSH console access, 6868 and 6869 for the node itself.
Choose ‘Add a New Rule’ then set the protocol to TCP/IP and port range to match the specific port in question. For a static IP based connection (your public IP address of your internet connection does not change) In ‘Remote CIDR’ you should set the IP address or range you will be administering your node from. All other sections can be left as their default.
Once all rules are in place, it should look as the below, with your IP address/range in the ‘Remote’ column for ingress rules if you have a static IP address:
Finally, back to your VM, head to Security Groups and from the dropdown on the right, choose your new group then ‘Add’.
Once this shows under applied, ONLY THEN, remove ‘default’ (otherwise you’ll sever your remote console session via SSH).
The remainder of security settings are at the users’ discretion and according to their appetite for hardening their installation, so will not be covered here. However, I HIGHLY recommend following this awesome guide: https://medium.com/@jayjaynl/extensive-guide-to-a-secure-lto-network-public-node-setup-33053a4370c8 which covers things like SSH security, Fail2ban etc.
Good luck in Game of Nodes!