Starting and Syncing Relay node

yes - your are on the way to have a working setup!:slight_smile:

Once the relay is 100% synchronised copy your complete db folder from it to bp. It!ll save you few hours of syncing on the bp.

2 Likes

Great tip I will be sure to do this!

Yes, I read that too.

During the experimentation, I opened port 2375. and link that to my docker socket

Granting insecure remote access to Docker, is indeed something you wouldn’t want to do. The only ports that should be open are: SSH (e.g. 23), Cardono (e.g. 3001).

I work on a Mac and SSH into the box that that runs these Docker containers. My SSH key is password protected and I run docker commands locally on the host. For added security, I NEVER touch files that would give a potential attacker access to my funds (i.e. no CLI keys). Instead my pledge, stake and reward addresses are all controlled by a HW wallet.

To re-configure the pool, I don’t login to the box where the pool runs. Instead, I do it from a machine where I can connect my HW wallet to. No attacker in the world, would be able to press the buttons on my HW device - unless of course he/she sits right next to me :slight_smile:

Anyhow, yes the Docker daemon has essentially root privileges and you would not want to give access to that in same way as you would not want to give root access at the Linux level.

please consider mark one of the answer as solution - indicate to others that this topic has a solution

1 Like

Thank you @tomdx for your explanation, it is much a appreciated! While I “have you here” you mention that 3001 should be open, that port can and should only be open for the relay node correct? and in order for the block chain producing node to communicate with the relay it is necessary to have port 6000 open (default). Could you tell me if port 6000 needs to be open on the BC producer or the relay? thanks!

You need to open the port that you give the relay here …

cardano-node run 
...
--port 1234

it can be anything you like. Some older docs seem to mention 6000. Nowadays, most folks use 3001 - my current topology shows a wide variety of relay port numbers

[core@ada01rl ~]$ docker exec -it relay cat /var/cardano/config/mainnet-topology.json
{ "resultcode": "201", "networkMagic": "764824073", "ipType":4, "requestedIpVersion":"4", "Producers": [
  { "addr": "193.150.14.250", "port": 3001, "valency": 1 } ,
  { "addr": "62.171.129.209", "port": 6000, "valency": 1, "distance":0,  "continent":"EU",  "country":"DE",  "region":"BY" },
  { "addr": "cardano-relay.kysenpool.io", "port": 3001, "valency": 2, "distance":128,  "continent":"EU",  "country":"DE",  "region":"BY" },
  { "addr": "20.52.42.128", "port": 3000, "valency": 1, "distance":307,  "continent":"EU",  "country":"DE",  "region":"HE" },
  { "addr": "relay.adaseal.eu", "port": 6000, "valency": 1, "distance":386,  "continent":"EU",  "country":"CZ",  "region":"64" },
  { "addr": "188.166.90.49", "port": 6000, "valency": 1, "distance":664,  "continent":"EU",  "country":"NL",  "region":"NH" },
  { "addr": "161.35.175.176", "port": 59819, "valency": 1, "distance":923,  "continent":"EU",  "country":"GB",  "region":"ENG" },
  { "addr": "217.160.247.14", "port": 6000, "valency": 1, "distance":1532,  "continent":"EU",  "country":"DE",  "region":"null" },
  { "addr": "node.twoangrycamelsinacar.com", "port": 3001, "valency": 2, "distance":6449,  "continent":"NA",  "country":"US",  "region":"NY" },
  { "addr": "158.247.192.147", "port": 4002, "valency": 1, "distance":6481,  "continent":"NA",  "country":"JP",  "region":"NY" },
  { "addr": "pool-relay2.castlecardano.com", "port": 3001, "valency": 1, "distance":6826,  "continent":"NA",  "country":"US",  "region":"VA" },
  { "addr": "165.232.151.240", "port": 4001, "valency": 1, "distance":7246,  "continent":"NA",  "country":"US",  "region":"IL" },
  { "addr": "35.192.216.217", "port": 3001, "valency": 1, "distance":7785,  "continent":"NA",  "country":"US",  "region":"IA" },
  { "addr": "104.238.146.49", "port": 6000, "valency": 1, "distance":8541,  "continent":"NA",  "country":"US",  "region":"TX" },
  { "addr": "54.150.77.128", "port": 6000, "valency": 1, "distance":9356,  "continent":"AS",  "country":"JP",  "region":"13" },
  { "addr": "209.145.58.238", "port": 6000, "valency": 1, "distance":9624,  "continent":"NA",  "country":"US",  "region":"CA" }
] }

You can test reachability of your relay like this for example …

$ nc -zv relay01.astorpool.net 3001
Connection to relay01.astorpool.net port 3001 [tcp/redwood-broker] succeeded!

Make sure your block producer is reachable from your relay, but not from the outside.

So in this scenario I could for example open port 6000 on the relay node for the BC producer node to communicate with the relay, and open 6001 on the BC for the relay to communicate with the BC? So long as those are the specified ports in the topology json?

Your BP would ideally be on a different machine on the same (private) network, in which case they could use the same port number. If you must run both processes on the same machine, Docker would be your preferred choice as well, because it already provides that level of network isolation (i.e. your BP would not be reachable). This is documented here.

They are both on separate machines in the same network but it will not allow me to use the same port for two IP’s