How to deploy hardhat contract to mainnet without ALCHEMY or INFURA ?
Alchemy, Infura, and others, are services offering connection to nodes of the Ethereum network.
Contract deployment means that you broadcast a transaction with specific parameters (data field containing the compiled bytecode, to field empty). But you can only broadcast a transaction to the rest of the network from a node connected to the network.
So apart from using a third-party service, you can also run your own node. For example using the go-ethereum client software.
Then you'll be able to broadcast the transaction through this your own node, instead of a third-party one.
I want to be able to connect to any available node on my private Ethereum network.
I think the requirement is similar to the service offered by Infura. I want to be able to replicate similar behavior on a private, locally hosted Ethereum network.
I currently use the following code to connect to a node on my Ethereum network:
client, err := ethclient.Dial("http://localhost:8545")
// do stuff
The end result expected is to basically improve the availability of the network. So, for arguments sake, if the node at 8545 isn't available, it will use the node at 8546 and so on...
I hope the question is clear enough. Thanks!
Im implementing a ethereum PoA network using go-ethereum
I have deployed a ERC20 Token on the network, and the idea is that the network must be accessed from any wallet on the internet (i.e metamask, myetherwallet, etc)
The idea for this network is:
Having N full nodes that are able to seal blocks (the nodes has the unlocked accounts)
Deploy a smart contract that is a ERC20 Token
Having one node that expose the network in order to be accessed from any origin, for example, Metamask, MyEtherWallet, a mobile app with a wallet, etc. The idea is that anybody can hit the ERC20 Token if they have the appropiate client.
In order to achive that, i create 2 full nodes that are in charge of sealing the blocks.
I run those nodes like this:
geth --datadir sealer1/ --syncmode 'full' --port 30351 --rpc --rpcaddr 'localhost' --rpcport 8502 --rpcapi='admin,personal,db,eth,net,web3,txpool,miner' --networkid 20 --gasprice '1' -unlock 'someaccount' --password s2/password.txt --mine
As you can see, there are some important things about those nodes:
Unlocks the accounts
Are only accessed from localhost (note the rpcaddres)
Those nodes are miners
If i expose a node like that to the internet (enabling RPC access from any origin) any hacker could send the ether to another account, so, i create a third node, a standard node, that doesnt expose rpc apis but allows connections on port 8545 (in order to be hitted from metamask, myetherwallet, etc)
I run the node with this command:
geth --datadir standard1/ --syncmode 'full' --port 30352 --rpc --rpcport 8545--rpccorsdomain '*' --rpcaddr 'SERVER_PUBLIC_IP' --networkid 20 --gasprice '1'
as you can see this node:
Doesnt unlock account
Allow rpc accesing from any origin
Doesnt expose rpc apis like personal, admin, etc
My questions are:
is this aproach secure?
Is there another way to allow anyone in the world to use Metamask to hit my smartcontract without open the RPC access on the standard node?
Why i have those questions?
Because there are a lot of places that doesnt recommend open RPC ports, so im not secure if:
Dont have a node exposed with unlocked accounts
Dont expose critical rpc apis like admin and personal
is enough to expose securely my node.
Here are some issues related with opening RPC access:
https://blog.blockdaemon.com/ethereum-geth-configuration-made-in-ireland-7ba2e876c6e3
https://www.reddit.com/r/ethereum/comments/4z0mvi/ethereum_nodes_with_insecure_rpc_settings_are/
https://www.reddit.com/r/ethereum/comments/3ird55/holy_shit_my_eth_accounts_been_hacked/
https://www.reddit.com/r/ethereum/comments/4jav5u/mist_wallet_has_2_sec_vulnerability_for_rpc/
https://blog.3or.de/internet-wide-ethereum-json-rpc-scans.html
https://www.bokconsulting.com.au/blog/7218-ethers-stolen-from-miner-with-rpc-port-open/
https://blog.ethereum.org/2015/08/29/security-alert-insecurely-configured-geth-can-make-funds-remotely-accessible/
Here the team lead of ethereum recomendation:
Ok, your setup seems insanely dangerous. --rpcaddr=external_address
essentially opens up the node to anyone in the world to access it.
Forthermore, --rpcapi 'admin,personal,db,eth,net,web3,txpool,miner'
permits anyone with access to do absolutely anything. I can imagine
someone from the internet is brute forcing the passwords.
https://github.com/ethereum/go-ethereum/issues/17417#issuecomment-413877558
is this approach secure?
You get the general idea, yes, but there is room for improvement.
First of all, I would never run a node that enables the personal API at the same time using -unlock which permanently makes the account accessible by anyone with access to your node. So imagine, someone has gained access to your node through some other doors, they would be able to immediately spend your funds from that account spawning transactions from localhost. Please, consider either only exposing safe APIs on that node or completely removing the unlock statement.
If you insist having the sealing nodes configurated as stated above, add some hardening. There are multiple options, you can use strong firewall rule sets to block basically everything from the outside network except for the node communications on port 30351. Or, what I would do, is hiding disconnecting this node completely from the public Internet and only wire through the p2p traffic from this node to some other proxy node which is connected to both, your node and the other nodes on the Internet. This could come with drawbacks in network stability though.
Is there another way to allow anyone in the world to use Metamask to hit my smartcontract without open the RPC access on the standard node?
Have you considered looking into public PoA networks such as poa.net? This basically allows your users to connect metamask or mycrypto to the already existing infrastructure of POA.
After my first approach deploying an Ethereum network with testrpc, I´m wondering if I can deploy several nodes using docker containers, so I can deploy a real network with several machines/nodes, and I have some questions:
¿Can I use testrpc for this this task or I need to use Geth instead? Because reading the docs I think testrpc is too basic for it
¿Does Truffle or another framework help you to do all this stuff?
Any information related with all this is welcomed because, as I said, I´m in a very initial stage.
TestRPC is just a tool that will simulate an Ethereum network. Nothing else.
If you want to create an ethereum network you'll have to use an ethereum client like Geth, deploy it on various machines in order to makes those machines nodes.
If you want to be a separate network you'll have to change some parameters before launching your client.
I'll leave here some documentation that explains it : See the doc
Is there any solution for running these kind of operations on DreamHost or other shared hosting environments where I don't have access to tweak apache?
You certainly can, but as long as Apache HTTP server doesn't provide non-blocking IO capabilities (and each polling connection has a server thread associated to it), you'll be running out of memory very fast (after 2-3k connections).
If you meant Apache Tomcat, NIO is turned off by default, and you need to have access to configuration files in order to change this.