Hi, I want to run stake pool on a VPS. My question is simple:
Is it advised/secure to run the BP node and the two relays on three different servers of a VPS?
OR
Is it better to have the BP node at home/office and only the relays in the VPS?
The question rises from the thought that the BP node should not be “open” to the internet and only connected to the relays. Therefore, if the BP node is in a VPS, isn’t it as (un)protected as running the relays and BP node in the same server?
Which option would be preferable:
A) Relays AND BP on a VPS (each in a different server)
B) BP at “home” and relays on a VPS
I hope I’ve explained myself, excuse my terminology, I’m kind of new to this world. Thanks for your help
They’re technically both the same security if they’re setup the same. The home server setup might be considered less secure depending on the operator. As in, someone who is using an ISP provided router wouldn’t be considered as secure as one run by a well known Hosting company.
With a VPS, as long as “shared memory” is disabled then it’s considered reasonably secure (once again depending on the setup).
The idea with the BP is to not expose the IP and to firewall it so on the relays can see it. Since the BP holds the keys, you want it protected as much as possible.
Personally, I’d leave your BP and a few relays on VPS and then have a relay on a home PC if you want to “cut down” on costs. Most people wouldn’t be able to guarantee to be up all the time with a home setup, but it’s definitely what some people prefer to do.
I see… It makes sense. The vulnerability would be connecting from my home to the BP via SSH right? Is it possible to connect to the BP through the relays using them as jump servers? So that no one can see/access the BP. Or is this step useless?
In the case they manage to penetrate the relays, would the BP be compromised?
Some people do that, but it doesn’t make sense to connect to the BP from the relay via SSH, compared to connecting to the BP directly from home via SSH. As long as you have your firewall setup to only accept connects from specific IPs, then it’s fine as that’s what most servers do.
If you were really concerned, you could setup a private network of which you have to VPN into first before being able to see the BP (which is kind of like what a home setup would be like since it’s on its own subnet).
If someone was able to get into a relay, the most they could do is then see your BP IP but if the SSH firewall isn’t allowed from the relay, then it’s still tricky to get to the BP. So in that sense it’s still secure. In the end, it would be a pretty targeted attack for someone to pull it off.
Okay great! I’m thinking on getting the VPSs from MVPS. 1 VPS POWER for the BP and 2 VPS BASIC as relays.
Are the specs enough for each one? Do you recommend having more than two relays? I don’t quite understand what’s the use of having so many relays, what could make a relay unusable? Is the only reason for having multiple relays their vulnerability to attacks? Or does uptime of the server play a role too?
Also, does the location of the servers matter? In terms of decentralization I understand that the more spread the nodes are arround the world the better it is. I’m in Spain so, should I choose a VPS that’s in Spain or is it better to get one closer to Ouroboros?
It’s entirely up to you, and you can always connect to other peoples relays to help propagate the network.
A lot of people go for German hosting as it’s pretty cheap, but for my pool the majority is in Australia. I’ve got 1 server in Germany so that it’s close to the majority of servers and I don’t have to wait for it to bounce around.
So the number of relays for me is based on maximum uptime but also to try and get blocks as fast possible. In the future, when blocks are made every second, a high latency could lose you a block being produced and submitted.
The BP node would need to have all incoming Firewall connections to DENY unless it’s from your trusted relays or your home IP (as long as it’s a static IP).
