Network Configuration

Proper network configuration ensures seamless communication between nodes, secure data transmission, and optimized resource usage. This document provides a standard setup for Inery node configurations, including port settings, IP whitelisting, and firewall rules.

Port Configuration

Inery Node use several ports for communication. These include:

Port Name	Config Parameter	Description	Port Number	Port Type
P2P Port	p2p-listen-endpoint	The port used for peer-to-peer communication between nodes.	9010 or specified	TCP
HTTP Port	http-server-address	The port used for API calls and HTTP requests.	8888 or specified	TCP
HTTPS Port	https-server-address	Optional for SSL/TLS encrypted API communication.	443 or specified	TCP

Configuration Example

# config.ini file or start.sh script
p2p-listen-endpoint = 0.0.0.0:9010
http-server-address = 127.0.0.1:8888
p2p-peer-address = seed1.example.com:9010
p2p-peer-address = seed2.example.com:9010

Firewall Configuration

Proper firewall settings are crucial for securing an Inery node. Below is a recommended firewall configuration:

Allow Incoming Traffic on Required Ports:
- 9010/tcp (P2P Port)
- 8888/tcp (HTTP API Port)
- 443/tcp (Optional HTTPS Port)

Block All Other Ports

Ensure that other ports remain blocked to prevent unauthorized access.

Firewall Setup Commands

Allow incoming P2P traffic

sudo ufw allow 9010/tcp

Allow incoming HTTP API traffic

sudo ufw allow 8888/tcp

(Optional) Allow incoming HTTPS traffic

sudo ufw allow 443/tcp

Enable the firewall

sudo ufw enable

Peer-to-Peer Network Parameters

Max Peers (max-clients): Set the maximum number of allowed peer connections.
- Default: 25
Peer Authentication: Enable SSL/TLS authentication between nodes to prevent unauthorized connections. This involves creating SSL certificates for each node.
P2P Retry Attempts (p2p-max-nodes-per-host): Specify the maximum number of retry attempts for establishing connections with a peer node. (Default: 1)

Example Configuration

# config.ini file or start.sh script

max-clients = 25
p2p-max-nodes-per-host = 1
p2p-peer-address = peer1.example.com:9010
p2p-peer-address = peer2.example.com:9011
p2p-peer-address = peer3.example.com:9012

Secure Node Communication with SSL/TLS Certificates

it is recommended to use SSL/TLS certificates for encrypted communication between the node and external clients. Using tools like Let's Encrypt, you can obtain free SSL certificates. First, install certbot and generate a certificate for your domain:

Example Command

sudo apt-get install certbot ;
sudo certbot certonly --standalone -d yourdomain.com

This generates a certificate stored at /etc/letsencrypt/live/yourdomain.com/fullchain.pem and a private key at /etc/letsencrypt/live/yourdomain.com/privkey.pem. Once the certificate is obtained, update your node’s configuration file (config.ini) to include these certificates:

Example Configuration

# config.ini file or start.sh script
https-server-address = 0.0.0.0:443
https-certificate-chain-file = /etc/letsencrypt/live/yourdomain.com/fullchain.pem
https-private-key-file = /etc/letsencrypt/live/yourdomain.com/privkey.pem

caution

Remember to replace yourdomain.com with your actual domain name dns or ip address.

tip

Node Restart Strategy: Implement automated restarts in case of node failures using system monitoring tools like systemd or supervisord

Port Configuration​

Firewall Configuration​

Allow incoming P2P traffic​

Allow incoming HTTP API traffic​

(Optional) Allow incoming HTTPS traffic​

Enable the firewall​

Peer-to-Peer Network Parameters​

Secure Node Communication with SSL/TLS Certificates​