How to setup Sentry Node

The sentry node setup is a way to secure your validator node by hiding it behind a set of so-called sentry fullnodes. The validator node is located in a private network and will only have contact with the sentry nodes. This tutorial is a brief description of how to achieve this.

Create machines for N sentry nodes and 1 validator node
Create private network for senty nodes' machines and validator's machine (e.g. you can use WireGuard and easy-wg-quick to quick setup)
Setup firewall on validator node to accept connections only from sentry nodes' machines (e.g. https://aws.amazon.com/network-firewall)
Setup sentry node(s):

Create directory testnet-sentrynode

Linux, macOS, other Unix-like systems

Create a testnet-sentrynode directory

mkdir testnet-sentrynode

Go to the testnet-sentrynode directory

cd "testnet-sentrynode"

Windows

Create a testnet-sentrynode directory

md testnet-sentrynode

Go to the testnet-sentrynode directory

cd "testnet-sentrynode"

Create a docker-compose.yaml in the testnet-sentrynode directory

Linux, macOS, other Unix-like systems

Create a docker-compose.yaml with nano and paste configuration provided below

nano docker-compose.yaml

After editing docker-compose.yaml, save the changes in nano:

Press Ctrl+O to save changes
Press Ctrl+X to exit

Windows

Create docker-compose.yaml with notepad and paste configuration provided below

#This will create and open the docker-compose.yaml file in Notepad for editing. If you prefer to use a different text editor, replace notepad.exe with the appropriate command for your editor.
notepad.exe docker-compose.yaml

version: "3"

services:
  testnet-sentrynode:
    image: $QCLIENT_IMAGE
    entrypoint: [
      "geth",
      "--datadir=/data",
      "--bootnodes=$BOOTNODE_URI",
      "--port=$EXT_PORT",
      "--syncmode=full",
      "--verbosity=3",
      "--testnet",
      "--miner.gasprice=50000000000",
      "--txpool.pricelimit=47619047619",
      "--http.addr=0.0.0.0",
      "--http.corsdomain=*",
      "--http.api=net,web3,eth"
    ]
    volumes:
      - ./additional:/data/additional
      - testnet-sentrynode-data:/data
    ports:
      - $EXT_PORT:$EXT_PORT/tcp
      - $EXT_PORT:$EXT_PORT/udp
    restart: unless-stopped

volumes:
  testnet-sentrynode-data:

Create .env file

Linux, macOS, other Unix-like systems

Create a .env with nano and paste environment variables provided below

nano .env

After editing .env, save the changes in nano:

Press Ctrl+O to save changes
Press Ctrl+X to exit

Windows

Create .env with notepad and paste configuration provided below

#This will create and open the .env file in Notepad for editing. If you prefer to use a different text editor, replace notepad.exe with the appropriate command for your editor.
notepad.exe .env

QCLIENT_IMAGE=qblockchain/q-client:v1.4.0
BOOTNODE_URI=enode://$BOOTNODE_ENODE_PUBLIC_KEY@$BOOTNODE_IP:30301
EXT_PORT=30303

Run node

docker-compose up -d

Get admin.nodeInfo.enode from nodes' JS console and copy enode URI

docker-compose exec testnet-sentrynode geth attach data/geth.ipc

admin.nodeInfo.enode

Setup validator node:

Create directory testnet-validator

Linux, macOS, other Unix-like systems

Go back from testnet-sentrynode

cd  ..

Create a testnet-validator directory

mkdir testnet-validator

Go to the testnet-validator directory

cd "testnet-validator"

Windows

Go back from testnet-sentrynode

cd  ..

Create a testnet-validator directory

md testnet-validator

Go to the testnet-validator directory

cd "testnet-validator"

Create docker-compose.yaml in the testnet-validator directory

Linux, macOS, other Unix-like systems

Create a docker-compose.yaml with nano and paste configuration provided below

nano docker-compose.yaml

After editing docker-compose.yaml, save the changes in nano:

Press Ctrl+O to save changes
Press Ctrl+X to exit

Windows

Create docker-compose.yaml with notepad and paste configuration provided below

#This will create and open the docker-compose.yaml file in Notepad for editing. If you prefer to use a different text editor, replace notepad.exe with the appropriate command for your editor.
notepad.exe docker-compose.yaml

version: "3"

services:
  testnet-validator-node:
    image: $QCLIENT_IMAGE
    entrypoint: [
      "geth",
      "--datadir=/data",
      "--bootnodes=$SENTRY",
      "--syncmode=full",
      "--verbosity=3",
      "--testnet",
      "--miner.gasprice=50000000000",
      "--txpool.pricelimit=47619047619",  
      "--mine",
      "--unlock=$VALIDATOR_ADDRESS",
      "--password=/data/keystore/pwd.txt",
      "--nodiscover",
      "--netrestrict $MASK"
    ]   
    volumes:
      - ./keystore:/data/keystore
      - ./additional:/data/additional
      - testnet-validator-node-data:/data
    restart: unless-stopped

volumes:
  testnet-validator-node-data:

Create .env file

Linux, macOS, other Unix-like systems

Create a .env with nano and paste environment variables provided below

nano .env

After editing .env, save the changes in nano:

Press Ctrl+O to save changes
Press Ctrl+X to exit

Windows

Create .env with notepad and paste configuration provided below

#This will create and open the .env file in Notepad for editing. If you prefer to use a different text editor, replace notepad.exe with the appropriate command for your editor.
notepad.exe .env

QCLIENT_IMAGE=qblockchain/q-client:v1.4.0
VALIDATOR_ADDRESS=0000000000000000000000000000000000000000
SENTRY=uri1,uri2,uri3
MASK=10.xxx.xxx.0/24

10.xxx.xxx.0/24 is the network mask of your private network (note: it can be not only in 10.0.0.0 range). Sentry uri must be set for the node started in the previous step.

Add sentries' uris to /data/geth/static-nodes.json

[
    "uri1",
    "uri2",
    "uri3",
    ...
]

uri1,uri2,uri3 are the enode uris of your sentry nodes. Please provide all uris because peer discovery discovery is disabled!

Start validator

docker-compose up -d

Wait for sync and check mining is working

Note: if ping is huge your blocks can don't reach to blockchain