Help understanding relay setup vs node producer setup

Hi Folks,

Can you please hold my hand? I followed the step by step Cardano tutorial three weeks ago when 1.25.x was current on testnet and I was able to get the testnet node producer simpleview working on AWS. However, I terminated the processes to start over, had lifre interrupt my work, and now Cardano is on 1.27.0. I’ve hit a wall with my understanding …

My goal is to setup up two relays and a node producer on AWS. I have three AWS instances running, libsodium, cabal and even cardano node installed on all three. cardano-node version and cardano-cli version return the following …

cardano-cli 1.27.0 - linux-x86_64 - ghc-8.10
git rev 1022092e0f048fb1d21d313cd72b8684bede3c1b

Ok, so far so good, but here is where it goes bad … I’ve done so many things that I am lost … I do not understand the differnce in configuring relay nodes vs. the block producer node.

These are my beliefs …

Block Producer

• Has an IP of 1.1.1.123 for example
• Can connect on port 3001
• Should only connect to relays

relay_1

• Has an IP of 1.1.1.100 for example
• should connect to 1.1.1.123 AND relays-new.cardano-mainnet.iohk.io"
• Public IP should be exposed

relay_2

• Has an IP of 1.1.1.200 for example
• should connect to 1.1.1.123 AND relays-new.cardano-mainnet.iohk.io"
• Public IP should not be exposed

I’m stuck at this point … I don’t what configuration files to change on block producer node and what configuration file(s) to change on relay nodes. i don’t know which instance(s) topology.json should be used. When I read the docs, I’m not clear on configuring the differnt machines.

Any help is appreciated.

Thank you,
TFPJ

Hello, the configuration for all nodes is the same but it’s different the way how you connect them

The Producer:
should be connected only with the relays; u must edit the Producer topology.json… add there only the relays

Should be:

{
  "Producers": [
    {
      "addr": "reay1 ip",
      "port": relay1 cnode port,
      "valency": 1
    },
 {
      "addr": "reay2 ip",
      "port": relay2 cnode port,
      "valency": 2
    }
  ]
}

Then the Producer should accept connections only from the relays

Set rules on firewall for this
sudo ufw allow proto tcp from Relay1-IP to any port Producer-cnode-port
Same for relay2

Relays:

Will be connected static with the producers and dynamically with other nodes, first open the port in fw to accept incoming connections from any

sudo allow proto tcp from any to any port Relay-cnode-port

Then in topology fetch script u will need to add the Producer IP + port to the BlockProducer line

Cheers

Hi Alex i appreciate the help a lot - so far so good. I am not done, but I’ve configured the topology and secutity on each server, but have not tested yet … It all makes sense and should work …

Another question to anyone …

1. My aws relays are specifically open to 0.0.0.0/0 on ports 3000, 3001 and 6000. Is this good, bad, or other?

Thank you,

TFPJ

U will need to keep open only the cnode port for relay (the port used to start the node) if it is 6000 then u don’t need 3000 or 3001

PS: assuming the above port are not for ssh