Linux/Network configurations for a succesful stake pool

I’m interested in setting up a stake pool, but have very limited experience with linux. I was wondering if there is a guide/doc somewhere that discusses optimal configuration for ubuntu and network settings (vpn? port forwarding? static ip? etc.) I’ve tried searching the forum here with limited success.

Any help is greatly appreciated!

1 Like

Please tell me more about your Linux box. Is this a Virtual Private Server (VPS) on Google Compute Engine (GCE), Amazon Web Services (AWS), Vultr, Digital Ocean, etc. or do you have the physical hardware yourself?

I’d say, the easiest/best option to run a node is with with Docker. You would not have to compile the sources, install system services, cron jobs, monitoring stuff, etc. When you have a container runtime installed on your box (e.g. Docker), you can do …

docker run --detach \
    --name=relay \
    -p 3001:3001 \
    -v shelley-data:/opt/cardano/data \
    nessusio/cardano run

docker logs -f relay

This would get you up and running. From there we can explore block producer nodes, monitoring, topologies, etc. Details of how to run cardano on docker are here.

You can also do this on a RaspberryPi - at least to get started and gain some experience.

PS: A warm welcome BTW

1 Like

Thanks for the welcome!
I have a Windows 10 Pro pc that I was planning on running at least 1 relay and a block producer through Hyper-V virtual machines with Ubuntu 20.04.

In that case, you wouldn’t even need the HyperV stuff. Docker is supported natively on Windows. The docker run instructions from above apply.

When on Windows, I’d start here

The nice thing about this approach is, that everything you learn would equally apply when you should decide to move your setup away from Windows.

On your router (I assume this it at home) you’d want to open port 3001 and redirect this to your windows box.

1 Like

If you do use Docker, make sure to check out this post.

Welcome & good luck!

Yes, you would never open ports for incoming traffic other than those absolutely necessary for p2p communication. In your case, it would be TCP 3001 the default, or whatever port you choose for your node.

Opening your box for “remote (docker) management” over an insecure channel is indeed a serious security breach. In fact since you probably have a keyboard and screen connected to your box, you don’t even need SSH (port 22).

Access to the docker runtime must be restricted in the same way as you would restrict access to your admin/root account