Over the years, as a DevOps engineer who has deployed and maintained blockchain nodes in production, I've compiled this list of security standards that should be used as a checklist, whether you are a node operator (or developer) or building an application using blockchain for production.
This docs defines:
| #! /bin/bash | |
| apt-get update | |
| apt-get install -y nginx | |
| service nginx start | |
| sed -i -- 's/nginx/Google Cloud Platform - '"$HOSTNAME"'/' /var/www/html/index.nginx-debian.html |
| Description | |
|---|---|
| Ether | Ethereum's cryptocurrency is called Ether (ETH). It is the fuel that keeps the network running. It is used to pay for the computational resources and transaction fees associated with each transaction carried out on the Ethereum network. |
| Smart Contracts | A smart contract is a simple computer program that facilitates the exchange of any asset between two parties. |
| Ethereum Virtual Machine | Ethereum provides the underlying technology, architecture, and software to understand smart contracts and interact with them. |
| Decentralized applications (Dapps) | A Dapp is like any other piece of software you use. It might be a mobile app or a website. A Dapp is an application that is built on a decentralized network, such as Ethereum, as opposed to a conventional app |
| Description | |
|---|---|
| Hash Function | Cryptographic hash functions take any length input string and return a fixed length output string. In the context of blockchain, transactions are taken as input and passed through a hashing algorithm, which produces a fixed-length output. It is used for security and is the foundation of crypto security. A transaction's hash makes it simple to identify transactions on the blockchain. |
| Transaction | Transaction refers to the process of moving assets from one party to another in the network. All transactions are recorded and saved permanently. Assume A wishes to send 10 Ether to B. Then this is a network transaction. |
| Block | A block is formed by combining several transactions. Each block is identified in the network by a unique hash. The hash of the preceding block is used to link one block to the next. |
| Genesis Block | The first block in any blockchain-based system is known as the genesis block. It serves as the foundation for new blocks to |
| Pros | Cons | |
|---|---|---|
| Full nodes | Full nodes maintain consensus, validate the blockchain, and transmit blocks in a more secure way. | They need plenty of resources, are challenging to keep up, and are less user-friendly. |
| Light nodes | Light nodes are resource-saving, portable, and user-friendly. | They don't validate the blockchain, they don't transmit blocks as well, and they are less secure. |
| Pruned nodes | Their storage is flexible. | Old blocks need to be revalidated. |
| Mining nodes | Light nodes are resource-saving, portable, and user-friendly. | They don't validate the blockchain, they don't transmit blocks as well, and they are less secure. |
| Archive nodes | They have a complete history. | storage and resource-intensive. |
| Masternodes | They are inexpensive to maintain and provide a mix of benefits and rewards. | They have a challenging setup process and a significant upfront cost. |
| Staking nodes | They have low energy consumption and a low |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| labels: | |
| app.kubernetes.io/instance: ingress-nginx | |
| app.kubernetes.io/name: ingress-nginx | |
| name: ingress-nginx | |
| --- | |
| apiVersion: v1 | |
| automountServiceAccountToken: true |
| composable_releases: "https://api.github.com/repos/{{composable_repository}}/releases/latest" | |
| composable_repository: "ComposableFi/composable" | |
| composable_node_version: "latest" |
| - name: Install dependencies | |
| become_user: root | |
| become: true | |
| apt: | |
| force_apt_get: yes | |
| update_cache: yes | |
| pkg: | |
| - acl | |
| - ansible | |
| - build-essential |
The first step is to install all of the necessary packages from the default Ubuntu repositories. This includes pip, the Python package manager, which will manage your Python components. You’ll also get the Python development files necessary to build some of the Gunicorn components.
First, update the local package:
sudo apt update
Certbot provides a variety of ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration whenever necessary. To use this plugin, type the following:
sudo certbot --apache
This script will prompt you to answer a series of questions in order to configure your SSL certificate. First, it will ask you for a valid e-mail address. This email will be used for renewal notifications and security notices:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache