This guide assumes you using the Security Best Practices setup guide on your server.
An RPC (Remote Procedure Call) node on a Hyperledger Besu-based blockchain is a service that enables communication between an external application or client and the Besu blockchain network. It provides an interface that allows you to make requests and receive responses to interact with the blockchain.
The RPC node in Hyperledger Besu has several functions and utilities:
- Data queries: Allows you to query the block chain to obtain information about blocks, transactions, account balances, events, among other relevant data. Clients can use the RPC node to get up-to-date information about the state of the chain and perform analysis or make decisions based on this data.
- Sending transactions: Through the RPC node, users can send transactions to the Besu blockchain. This allows you to interact with smart contracts and execute operations defined on them. It can be used to perform digital asset transfers, execute automated business logic, and perform specific actions on the blockchain.
- Integration with external applications: The RPC node in Besu makes it easy to integrate the blockchain with external applications and systems. It allows web services, mobile applications or other platforms to interact with the Besu blockchain and take advantage of its functionality. This enables the construction of decentralized applications (DApps) and interoperability with other services and systems.
- Development and testing: The RPC node is especially useful during development and testing of applications based on the Besu blockchain. It allows developers to interact with the blockchain locally, submit transactions, and perform queries without the need to set up an entire network. This facilitates the process of developing and testing applications based on Besu.
In short, an RPC node in a Hyperledger Besu based blockchain is an essential component that enables communication and interaction between external applications and the blockchain network. It allows you to query data, send transactions, integrate with external applications, and facilitate the development and testing of Besu-based applications.
We are providing this guide to encourage developers to run thier own RPC nodes whenever posible. KalyChain community members who wish to support the network can run an RPC node for KalyChain to support the network by providing additional public RPC nodes.
Getting Started
Follow the Installation Guide just as you would with a regular node execpt change the kalynode.service file line
ExecStart=/home/$USER/node/../kaly/bin/besu --config-file=/Node-Install/regular/config/config.toml
To this so it reads the proper config.toml file for RPC nodes
ExecStart=/home/$USER/node/../kaly/bin/besu --config-file=/Node-Install/rpc/config/config.toml
🔥 Pro Tip The included a bash script start_node.sh is already setup to start your node with RPC services. Make the file exicutable by running chmod +x start_node.sh
Point your Domain
To use a domain name with your RPC service you’ll need to create an A record that points to your node’s IP address. Sub-doamins are also allowed.
Setup Nginx Reverse Proxy
Install Nginx
sudo apt install nginx
Adjust your firewall rules
sudo ufw allow 'Nginx FULL'
Create a server block so Nginx can serve RPC and WS calls, replace your_domain with the domain name you pointed to the server.
sudo nano /etc/nginx/sites-available/your_domain
Paste in the following configuration
server {
server_name your_domain;
location ^~ /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://0.0.0.0:8546/;
}
location ^~ /rpc {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://0.0.0.0:8545/;
}
}
Dont forget replace your_domain with your domain name before saving
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
Test to make sure that there are no syntax errors in your Nginx files
sudo nginx -t
If there are no errors restart Nginx to enable the changes
sudo systemctl restart nginx
Get a free SSL certificate with Let’s Encrypt
Install Certbot and the Nginx plugin
sudo apt install certbot python3-certbot-nginx
Get the SSL Cert for your domain
sudo certbot --nginx -d example.com
If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.
Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Select your choice then hit ENTER
A message telling you the process was successful and where your certificates are stored will show on screen:
Output
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-08-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Share your new RPC service
For JSON-RPC calls use:
https://example.com/rpc
For WebSocet use:
https://example.com/ws