• This repository has been archived on 07/Jul/2022
  • Stars
    star
    215
  • Rank 183,925 (Top 4 %)
  • Language
    JavaScript
  • License
    Apache License 2.0
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Polkadot Validator Secure Setup

NOTE: this repository isn't actively maintained

Polkadot Validator Setup

This repo describes a potential setup for a Polkadot or Kusama validator that aims to prevent some types of potential attacks at the TCP layer and below. The Workflow section describes the Platform Layer and the Application Layer in more detail.

Usage

There are two ways of using this repository:

  • Platform & Application Layer

    Configure credentials for infrastructure providers such as AWS, Azure, GCP, digitalocean, and/or Packet, then execute the Terraform process to automatically deploy the required machines (Platform Layer) and setup the Application Layer.

    See the Complete Guide for more.

  • Application Layer

    Setup Debian-based machines yourself, which only need basic SSH access and configure those in an inventory. The Ansible scripts will setup the entire Application Layer.

    See the Ansible Guide for more.

Structure

The secure validator setup is composed of one or more validators that run with a local instance of NGINX as a reverse TCP proxy in front of them. The validators are instructed to:

  • advertise themselves with the public IP of the node and the port where the reverse proxy is listening.
  • bind to the localhost interface, so that they only allow incoming connections from the proxy.

The setup also configures a firewall in which the default p2p port is closed for incoming connections and only the proxy port is open.

Workflow

The secure validator setup is structured in two layers, an underlying platform and the applications that run on top of it.

Platform Layer

Validators are created using the terraform modules located at terraform directory. We have created code for several providers but it is possible to add new ones, please reach out if you are interested in any provider currently not available.

Besides the actual machines the terraform modules create the minimum required networking infrastructure for adding firewall rules to protect the nodes.

Application Layer

This is done through the ansible playbook and polkadot-validator role located at ansible, basically the role performs these actions:

  • Software firewall setup, for the validator we only allow the proxy, SSH and, if enabled, node-exporter ports.
  • Configure journald to tune log storage.
  • Create polkadot user and group.
  • Configure NGINX proxy
  • Setup polkadot service, including binary download.
  • Polkadot session management, create session keys if they are not present.
  • Setup node-exporter if the configuration includes it.

Note about upgrades from the sentries setup

The current version of polkadot-secure-validator doesn't allow to create and configure sentry nodes. Although the terraform files and ansible roles of this latest version can be applied on setups created with previous versions, the validators would be configured to work without sentries and to connect to the network using the local reverse proxy instead.

If you created the sentries with a previous version of this tool through terraform following the complete workflow, then they will not be deleted automatically when running this new version. In short, the old sentries will no longer be used by the validators and it will be up to you to remove them manually.

More Repositories

1

Grants-Program

Web3 Foundation Grants Program
JavaScript
1,018
star
2

General-Grants-Program

Web3 Foundation General Grants Program
590
star
3

polkadot-wiki

The source of truth for Polkadot.
JavaScript
370
star
4

schnorrkel

Schnorr VRFs and signatures on the Ristretto group
Rust
309
star
5

polkadot-spec

The Polkadot Protocol Specification
TeX
178
star
6

messaging

Messaging for Web3
TeX
167
star
7

PSPs

Polkadot Smart Contract Proposals
152
star
8

unbounded

Open source, freely available and on-chain funded font.
152
star
9

Grant-Milestone-Delivery

Repository to submit finished milestones
104
star
10

polkadot-deployer

Tool for deploying polkadot networks
JavaScript
101
star
11

research

Overview of W3F research initatives
JavaScript
95
star
12

consensus

Consensus for Web3
TeX
88
star
13

staking-rewards-collector

JavaScript
78
star
14

bls

Aggregatable BLS sigantures
Rust
65
star
15

1k-validators-be

Thousand Validators Program backend.
TypeScript
63
star
16

polkadot-wiki-old

The Polkadot wiki.
HTML
55
star
17

apk-proofs

Rust
50
star
18

polkadot-legacy-spec

A more technical description of Polkadot protocol
47
star
19

ring-vrf

TeX
36
star
20

jamtestvectors

The latest test vectors for JAM.
Python
31
star
21

substrate-telemetry-exporter

JavaScript
30
star
22

polkadot

Rust
30
star
23

hd-ed25519

Hierarchical derivations on Ed25519
Rust
25
star
24

polkadot-charts

Helm charts for deploying Polkadot networks.
Smarty
22
star
25

CardsAgainstBlockchain

Cards Against Blockchain
TeX
22
star
26

mooc-exercises

Exercises for Web3 MOOC
Rust
21
star
27

fflonk

Rust
21
star
28

validator-security

A collaborative document for good practice with validator security
20
star
29

1KC

Thousand Contributors Programme
20
star
30

polkadot-payouts

TypeScript
19
star
31

polkadot-watcher-validator

TypeScript
18
star
32

offences-monitor

Monitors slashable offences registered on a Substrate based chain.
JavaScript
18
star
33

w3f-education

Technical Education at Web3 Foundation
JavaScript
17
star
34

polkadot-registrar-challenger

Polkadot Registrar Service (beta)
Rust
15
star
35

ring-proof

ring-vrf ring proof v2.5
Rust
14
star
36

educhain

Parachain developed and maintained by Tech Ed team
Rust
14
star
37

polkadot-registrar-watcher

TypeScript
13
star
38

polkadot-light-paper

Light Polkadot info
12
star
39

ipfs-cluster-chart

Helm Chart for: https://cluster.ipfs.io/documentation/guides/k8s/
Shell
11
star
40

polkadot-tests

Polkadot Protocol Conformance Tests
Rust
11
star
41

polkadot-lab

Testing framework for Polkadot networks
TypeScript
11
star
42

polkadot-watcher-csv-exporter

polkadot-watcher-csv-exporter
TypeScript
11
star
43

chainspec-generator

CLI for generating the Polkadot and Kusama chain specification from Ethereum state.
TypeScript
11
star
44

faucet-bot

A DOTs-giving bot frontend to the faucet.
JavaScript
10
star
45

parachain-implementers-guide

9
star
46

ark-scale

Arkworks serialization wrapped in Parity SCALE codec
Rust
8
star
47

helm-charts

8
star
48

substrate-legacy

Rust
8
star
49

xcmp_prototype_playground

Prototyping several xcmp approaches
Rust
8
star
50

matrixbot

ChatBot for infrastructure interactions
Python
8
star
51

substrate-telemetry-chart

Smarty
7
star
52

polkadot-api-client-ts

TypeScript
7
star
53

polkadot-watcher-transaction

TypeScript
7
star
54

polkadot-dashboard

6
star
55

matrix-server-charts

Shell
6
star
56

injection-tool

Tools, scripts and utilities for making injections.
TypeScript
6
star
57

substrate-benchmarks-role

Ansible role for substrate runtime module benchmarking
Python
6
star
58

algorithmacs

Algorithmic style for Texmacs
TypeScript
6
star
59

ethereum-tracker

JavaScript
6
star
60

polkadot-docs

Polkadot Developer Documentation
6
star
61

validator-selection-tool

TypeScript
6
star
62

polkadot-claims

Claim a DOT allocation to a Polkadot public key.
Solidity
6
star
63

KTFPs

Kusama Treasury Funding Proposals
6
star
64

terraform-digitalocean-polkadot-deployer

Go
5
star
65

polkadot-react-icons

TypeScript
5
star
66

PPPs

Polkadot Protocol Proposals
TypeScript
5
star
67

terraform-ts

TypeScript
4
star
68

test-utils-ts

TypeScript
4
star
69

matrix-recorder-chart

HTML
4
star
70

helm-ts

TypeScript
4
star
71

substrate-alertrules-chart

Shell
4
star
72

polkadot-account-monitoring

Rust
4
star
73

kusama-guide-staging

staging server for kusama guide
HTML
4
star
74

components-ts

TypeScript
4
star
75

kusama-guide-hosting

Repository to deploy the Kusama Guide for hosting on GitHub Pages.
HTML
4
star
76

ethberlin4

Solidity
4
star
77

terraform-google-polkadot-lab

Creates the infrastructure for running polkadot network tests
HCL
3
star
78

polkadot-wiki-staging

polkadot wiki dev server build branch (github pages deployment)
JavaScript
3
star
79

edgeware-deployment

Dockerfile
3
star
80

cloudflare-ts

TypeScript
3
star
81

web3

3
star
82

terratest-polkadot-deployer

Go
3
star
83

polkadot-checker

JavaScript
3
star
84

terraform-google-polkadot-deployer

Go
3
star
85

teleport-role

HTML
3
star
86

terraform-azure-polkadot-deployer

HCL
3
star
87

node-docker

Dockerfile
3
star
88

NPoS-Economics

Jupyter Notebook
3
star
89

node-exporter-dashboard

3
star
90

polkadot-validator-ansible

Python
3
star
91

harvester-chart

Smarty
3
star
92

uptime-probe

Rust
3
star
93

1k-validators-candidate-verification

Rust
3
star
94

ghost-staging

Shell
3
star
95

disc2020-scalability-and-interoperability-workshop

HTML
3
star
96

algebraic-torus

A library to facilitate comptutation with algebraic torus
Sage
3
star
97

hs-p4p

p2p networking library in Haskell
Haskell
3
star
98

terraform-aws-polkadot-deployer

HCL
3
star
99

1k-watcher-claimed-payouts

A tool for generating reports about reward claims of all the 1k Validator Programme candidates.
Rust
3
star
100

crypto-ts

TypeScript
3
star