misaradmin/synor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
synor/docs/DEPLOYMENT.md
Gulshan Yadav b22c1b89f0 feat: Phase 7 production readiness improvements 
- Add SYNOR_BOOTSTRAP_PEERS env var for runtime seed node configuration
- Implement secrets provider abstraction for faucet wallet key security
  (supports file-based secrets in /run/secrets for production)
- Create WASM crypto crate foundation for web wallet (Ed25519, BIP-39)
- Add DEPLOYMENT.md guide for testnet deployment
- Add SECURITY_AUDIT_SCOPE.md for external security audit preparation
- Document seed node deployment process in synor-network

Security improvements:
- Faucet now auto-detects /run/secrets for secure key storage
- CORS already defaults to specific origins (https://faucet.synor.cc)
- Bootstrap peers now configurable at runtime without recompilation
2026-01-08 07:21:14 +05:30

276 lines
6.4 KiB
Markdown
Raw Blame History

# Synor Testnet Deployment Guide
This guide covers deploying the Synor blockchain testnet, including seed nodes, validators, and supporting infrastructure.
---
## Prerequisites
- Rust 1.75+ with `wasm32-unknown-unknown` target
- Docker (optional, for containerized deployment)
- 3+ servers with static IPs or DNS hostnames
- Ports: 17511 (P2P), 17110 (RPC), 17111 (WebSocket)
---
## 1. Build from Source
```bash
# Clone and build
git clone https://github.com/g1-technologies/synor.git
cd synor
# Build release binaries
cargo build --release -p synord -p synor-cli
# Binaries will be in target/release/
```
---
## 2. Deploy Seed Nodes
Seed nodes are the first nodes deployed. They provide initial peer discovery for the network.
### 2.1 Deploy First Seed Node
```bash
# On testnet-seed1.synor.cc
./synord --network testnet \
--data-dir /var/lib/synor \
--rpc-host 0.0.0.0 \
--rpc-port 17110 \
--ws-port 17111 \
--p2p-port 17511
```
**Get the peer ID from startup logs:**
```
INFO synor_network::service: Local peer ID: 12D3KooWXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```
Record this peer ID - you'll need it for other nodes.
### 2.2 Deploy Additional Seed Nodes
For the second and third seed nodes, configure them to bootstrap from the first:
```bash
# On testnet-seed2.synor.cc
export SYNOR_BOOTSTRAP_PEERS="/dns4/testnet-seed1.synor.cc/tcp/17511/p2p/12D3KooWXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
./synord --network testnet \
--data-dir /var/lib/synor \
--rpc-host 0.0.0.0 \
--rpc-port 17110
```
After all seed nodes are running, record all peer IDs:
| Seed Node | Hostname | Peer ID |
|-----------|----------|---------|
| Seed 1 (US-East) | testnet-seed1.synor.cc | 12D3KooW... |
| Seed 2 (EU-Frankfurt) | testnet-seed2.synor.cc | 12D3KooW... |
| Seed 3 (Asia-Singapore) | testnet-seed3.synor.cc | 12D3KooW... |
### 2.3 Configure Bootstrap Peers
Once all seed nodes are running, update the `SYNOR_BOOTSTRAP_PEERS` environment variable on each node:
```bash
export SYNOR_BOOTSTRAP_PEERS="\
/dns4/testnet-seed1.synor.cc/tcp/17511/p2p/12D3KooW...,\
/dns4/testnet-seed2.synor.cc/tcp/17511/p2p/12D3KooW...,\
/dns4/testnet-seed3.synor.cc/tcp/17511/p2p/12D3KooW..."
```
Or create a config file at `~/.synor/config.toml`:
```toml
[p2p]
seeds = [
"/dns4/testnet-seed1.synor.cc/tcp/17511/p2p/12D3KooW...",
"/dns4/testnet-seed2.synor.cc/tcp/17511/p2p/12D3KooW...",
"/dns4/testnet-seed3.synor.cc/tcp/17511/p2p/12D3KooW...",
]
```
---
## 3. Deploy Faucet
The faucet provides testnet tokens to developers.
### 3.1 Generate Faucet Wallet
```bash
# Generate a new wallet for the faucet
synor-cli wallet create --name faucet
# Note the address for genesis allocation
synor-cli wallet list
```
### 3.2 Configure Faucet
**IMPORTANT: Store the faucet private key securely!**
For production, use a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.):
```bash
# Development only - NOT for production
export FAUCET_WALLET_KEY="your-private-key-here"
export FAUCET_RPC_URL="http://testnet-seed1.synor.cc:17110"
export FAUCET_DRIP_AMOUNT="1000000000" # 10 SYNOR (8 decimals)
export FAUCET_COOLDOWN="3600" # 1 hour between requests
# Run faucet
./faucet --port 8080
```
### 3.3 Secure the Faucet Key (Production)
Instead of environment variables, integrate with a secrets manager:
```rust
// Example: AWS Secrets Manager integration
// See apps/faucet/src/secrets.rs for implementation
```
---
## 4. Deploy Block Explorer
The explorer provides blockchain visibility.
```bash
# Configure explorer
export EXPLORER_RPC_URL="http://testnet-seed1.synor.cc:17110"
export EXPLORER_WS_URL="ws://testnet-seed1.synor.cc:17111"
# Run explorer backend
./explorer --port 3000
# For production, restrict CORS:
export EXPLORER_CORS_ORIGINS="https://explorer.synor.cc,https://testnet.synor.cc"
```
---
## 5. Security Checklist
### Network Security
- [ ] Firewall configured (allow 17511, 17110, 17111)
- [ ] DDoS protection enabled
- [ ] Rate limiting configured on RPC endpoints
### Node Security
- [ ] Node runs as non-root user
- [ ] Data directory has restricted permissions
- [ ] Log rotation configured
### Key Management
- [ ] Faucet key stored in secrets manager (not env vars)
- [ ] Validator keys stored securely
- [ ] Key backup procedures documented
### CORS Configuration
- [ ] Explorer CORS restricted to specific origins
- [ ] Faucet CORS restricted to specific origins
- [ ] RPC CORS configured appropriately
---
## 6. Monitoring
### Prometheus Metrics
Enable metrics on synord:
```bash
./synord --network testnet --metrics --metrics-port 9090
```
Scrape endpoint: `http://localhost:9090/metrics`
### Key Metrics to Monitor
- `synor_peer_count` - Number of connected peers
- `synor_block_height` - Current block height
- `synor_sync_progress` - Sync progress percentage
- `synor_mempool_size` - Pending transactions
- `synor_blocks_per_second` - Block production rate
---
## 7. Troubleshooting
### Node won't connect to peers
1. Check firewall rules (port 17511)
2. Verify bootstrap peers are reachable
3. Check peer ID format in SYNOR_BOOTSTRAP_PEERS
```bash
# Test connectivity
nc -zv testnet-seed1.synor.cc 17511
```
### Node stuck syncing
1. Check disk space
2. Verify network bandwidth
3. Increase sync batch size if needed
### High memory usage
1. Adjust cache size in config
2. Enable pruning for non-archive nodes
---
## 8. Updating Nodes
### Rolling Updates
1. Stop node gracefully: `kill -SIGTERM <pid>`
2. Wait for shutdown (check logs)
3. Update binary
4. Restart node
### Breaking Changes
For consensus changes, coordinate a hard fork:
1. Announce upgrade block height
2. Deploy new binaries to all nodes
3. All nodes must upgrade before fork height
---
## Quick Reference
### Environment Variables
| Variable | Description | Example |
|----------|-------------|---------|
| `SYNOR_BOOTSTRAP_PEERS` | Comma-separated bootstrap multiaddrs | `/dns4/seed1.../p2p/12D3...` |
| `SYNOR_DATA_DIR` | Data directory path | `/var/lib/synor` |
| `SYNOR_LOG_LEVEL` | Log verbosity | `info`, `debug`, `trace` |
| `FAUCET_WALLET_KEY` | Faucet private key (use secrets manager!) | - |
| `EXPLORER_CORS_ORIGINS` | Allowed CORS origins | `https://explorer.synor.cc` |
### Default Ports (Testnet)
| Service | Port |
|---------|------|
| P2P | 17511 |
| RPC | 17110 |
| WebSocket | 17111 |
| Metrics | 9090 |
| Faucet | 8080 |
| Explorer | 3000 |
---
*Last updated: January 2026*
Reference in a new issue View git blame Copy permalink