misaradmin/synor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
synor/docs/DEPLOYMENT.md
Gulshan Yadav b22c1b89f0 feat: Phase 7 production readiness improvements 
- Add SYNOR_BOOTSTRAP_PEERS env var for runtime seed node configuration
- Implement secrets provider abstraction for faucet wallet key security
  (supports file-based secrets in /run/secrets for production)
- Create WASM crypto crate foundation for web wallet (Ed25519, BIP-39)
- Add DEPLOYMENT.md guide for testnet deployment
- Add SECURITY_AUDIT_SCOPE.md for external security audit preparation
- Document seed node deployment process in synor-network

Security improvements:
- Faucet now auto-detects /run/secrets for secure key storage
- CORS already defaults to specific origins (https://faucet.synor.cc)
- Bootstrap peers now configurable at runtime without recompilation
2026-01-08 07:21:14 +05:30

6.4 KiB
Raw Permalink Blame History

Synor Testnet Deployment Guide

This guide covers deploying the Synor blockchain testnet, including seed nodes, validators, and supporting infrastructure.

Prerequisites

  • Rust 1.75+ with wasm32-unknown-unknown target
  • Docker (optional, for containerized deployment)
  • 3+ servers with static IPs or DNS hostnames
  • Ports: 17511 (P2P), 17110 (RPC), 17111 (WebSocket)

1. Build from Source

# Clone and build
git clone https://github.com/g1-technologies/synor.git
cd synor

# Build release binaries
cargo build --release -p synord -p synor-cli

# Binaries will be in target/release/

2. Deploy Seed Nodes

Seed nodes are the first nodes deployed. They provide initial peer discovery for the network.

2.1 Deploy First Seed Node

# On testnet-seed1.synor.cc
./synord --network testnet \
    --data-dir /var/lib/synor \
    --rpc-host 0.0.0.0 \
    --rpc-port 17110 \
    --ws-port 17111 \
    --p2p-port 17511

Get the peer ID from startup logs:

INFO synor_network::service: Local peer ID: 12D3KooWXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Record this peer ID - you'll need it for other nodes.

2.2 Deploy Additional Seed Nodes

For the second and third seed nodes, configure them to bootstrap from the first:

# On testnet-seed2.synor.cc
export SYNOR_BOOTSTRAP_PEERS="/dns4/testnet-seed1.synor.cc/tcp/17511/p2p/12D3KooWXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

./synord --network testnet \
    --data-dir /var/lib/synor \
    --rpc-host 0.0.0.0 \
    --rpc-port 17110

After all seed nodes are running, record all peer IDs:

Seed Node Hostname Peer ID
Seed 1 (US-East) testnet-seed1.synor.cc 12D3KooW...
Seed 2 (EU-Frankfurt) testnet-seed2.synor.cc 12D3KooW...
Seed 3 (Asia-Singapore) testnet-seed3.synor.cc 12D3KooW...

2.3 Configure Bootstrap Peers

Once all seed nodes are running, update the SYNOR_BOOTSTRAP_PEERS environment variable on each node:

export SYNOR_BOOTSTRAP_PEERS="\
/dns4/testnet-seed1.synor.cc/tcp/17511/p2p/12D3KooW...,\
/dns4/testnet-seed2.synor.cc/tcp/17511/p2p/12D3KooW...,\
/dns4/testnet-seed3.synor.cc/tcp/17511/p2p/12D3KooW..."

Or create a config file at ~/.synor/config.toml:

[p2p]
seeds = [
    "/dns4/testnet-seed1.synor.cc/tcp/17511/p2p/12D3KooW...",
    "/dns4/testnet-seed2.synor.cc/tcp/17511/p2p/12D3KooW...",
    "/dns4/testnet-seed3.synor.cc/tcp/17511/p2p/12D3KooW...",
]

3. Deploy Faucet

The faucet provides testnet tokens to developers.

3.1 Generate Faucet Wallet

# Generate a new wallet for the faucet
synor-cli wallet create --name faucet

# Note the address for genesis allocation
synor-cli wallet list

3.2 Configure Faucet

IMPORTANT: Store the faucet private key securely!

For production, use a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.):

# Development only - NOT for production
export FAUCET_WALLET_KEY="your-private-key-here"
export FAUCET_RPC_URL="http://testnet-seed1.synor.cc:17110"
export FAUCET_DRIP_AMOUNT="1000000000"  # 10 SYNOR (8 decimals)
export FAUCET_COOLDOWN="3600"           # 1 hour between requests

# Run faucet
./faucet --port 8080

3.3 Secure the Faucet Key (Production)

Instead of environment variables, integrate with a secrets manager:

// Example: AWS Secrets Manager integration
// See apps/faucet/src/secrets.rs for implementation

4. Deploy Block Explorer

The explorer provides blockchain visibility.

# Configure explorer
export EXPLORER_RPC_URL="http://testnet-seed1.synor.cc:17110"
export EXPLORER_WS_URL="ws://testnet-seed1.synor.cc:17111"

# Run explorer backend
./explorer --port 3000

# For production, restrict CORS:
export EXPLORER_CORS_ORIGINS="https://explorer.synor.cc,https://testnet.synor.cc"

5. Security Checklist

Network Security

  • Firewall configured (allow 17511, 17110, 17111)
  • DDoS protection enabled
  • Rate limiting configured on RPC endpoints

Node Security

  • Node runs as non-root user
  • Data directory has restricted permissions
  • Log rotation configured

Key Management

  • Faucet key stored in secrets manager (not env vars)
  • Validator keys stored securely
  • Key backup procedures documented

CORS Configuration

  • Explorer CORS restricted to specific origins
  • Faucet CORS restricted to specific origins
  • RPC CORS configured appropriately

6. Monitoring

Prometheus Metrics

Enable metrics on synord:

./synord --network testnet --metrics --metrics-port 9090

Scrape endpoint: http://localhost:9090/metrics

Key Metrics to Monitor

  • synor_peer_count - Number of connected peers
  • synor_block_height - Current block height
  • synor_sync_progress - Sync progress percentage
  • synor_mempool_size - Pending transactions
  • synor_blocks_per_second - Block production rate

7. Troubleshooting

Node won't connect to peers

  1. Check firewall rules (port 17511)
  2. Verify bootstrap peers are reachable
  3. Check peer ID format in SYNOR_BOOTSTRAP_PEERS
# Test connectivity
nc -zv testnet-seed1.synor.cc 17511

Node stuck syncing

  1. Check disk space
  2. Verify network bandwidth
  3. Increase sync batch size if needed

High memory usage

  1. Adjust cache size in config
  2. Enable pruning for non-archive nodes

8. Updating Nodes

Rolling Updates

  1. Stop node gracefully: kill -SIGTERM <pid>
  2. Wait for shutdown (check logs)
  3. Update binary
  4. Restart node

Breaking Changes

For consensus changes, coordinate a hard fork:

  1. Announce upgrade block height
  2. Deploy new binaries to all nodes
  3. All nodes must upgrade before fork height

Quick Reference

Environment Variables

Variable Description Example
SYNOR_BOOTSTRAP_PEERS Comma-separated bootstrap multiaddrs /dns4/seed1.../p2p/12D3...
SYNOR_DATA_DIR Data directory path /var/lib/synor
SYNOR_LOG_LEVEL Log verbosity info, debug, trace
FAUCET_WALLET_KEY Faucet private key (use secrets manager!) -
EXPLORER_CORS_ORIGINS Allowed CORS origins https://explorer.synor.cc

Default Ports (Testnet)

Service Port
P2P 17511
RPC 17110
WebSocket 17111
Metrics 9090
Faucet 8080
Explorer 3000

Last updated: January 2026