Creating a Cardano Node
First create a new droplet on digital ocean.
Server | Plan | Region | Authentication |
---|---|---|---|
Ubuntu 20.04 (LTS) x64 | Basic | Your choice | Choose SSH Keys |
Choose a hostname like "cardano-node-relay1"
Select backups when running live node
Log into your server via ssh with Terminal.app
ssh root@143.198.54.87 -p 22
The authenticity of host '164.92.85.5 (164.92.85.5)' can't be established.
ED25519 key fingerprint is SHA256:29tf+S+w0lQyRIAe6JjvXGxhCa0azD7DJUGMtgCQW20.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Create a user and give administrator privileges
sudo adduser cardano
sudo usermod -aG sudo cardano
sudo su - cardano
whoami
Check if we can execute commands with root privileges
sudo whoami
Add ssh keys to new user
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
sudo nano ~/.ssh/authorized_keys
#paste public key into authorized_keys file
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys
sudo chown -R cardano:cardano ~/.ssh
Try logging in with new user
ssh -i ~/.ssh/id_rsa_digocean cardano@164.92.85.5 -p 22
Change port of ssh
sudo nano /etc/ssh/sshd_config
# uncomment Port 22
# change to 2288
# Move down to PermitRootLogin
# change to "no"
sudo systemctl restart sshd
Before closing the terminal window, open another one and test that you can login with the new port and user
ssh -i ~/.ssh/id_rsa_digocean cardano@164.92.82.5 -p 2288
Adding swap virtual memory
swapon -s
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sudo swapon --show
sudo nano /etc/sysctl.conf
Save this file and exit. (Press CTRL + X, press Y and then press ENTER).
Add this to the bottom of the file. /etc/sysctl.conf
vm.swappiness=10
vm.vfs_cache_pressure=50
Save this file and exit. (Press CTRL + X, press Y and then press ENTER).
Update the server
sudo apt-get update -y
sudo apt-get upgrade -y
Installing the node with CNTOOLS
sudo ufw status
sudo ufw allow proto tcp from any to any port 2288
sudo ufw allow proto tcp from any to any port 6000
sudo ufw enable
Install Google Authenticator
sudo apt install libpam-google-authenticator
google-authenticator
Press y for all after you have backed up the QR codes
modify the sshd_config file to allow 2Way authentication
sudo nano /etc/ssh/sshd_config
ChallengeResponseAuthentication no
Save this file and exit. (Press CTRL + X, press Y and then press ENTER).
sudo systemctl restart ssh
sudo nano /etc/pam.d/sshd
Paste this text at the end of the document
#One-time authentication via Google Authenticator
auth required pam_google_authenticator.so
Ctrl+x y Enter
sudo systemctl restart ssh
install fail2ban
sudo apt install fail2ban
sudo systemctl status fail2ban
Build the nodes
follow the guide starting with "STEP 1 - downloading the prerequisites:"