Rocket Pool Beta noob guide for Contabo (or any other) VPS - PART 2

This article is going to be follow up to previous:

Rocket pool noob guide for Contabo (or any other) VPS

..so.. we have our server prepared, Rocketpool node stack running for some time, so Eth1 and Eth2 clients had hopefuly time to download blockchains.. So we log in back as regular user, admin in my case..

Back to work!

Now we have to initialize wallet for our node. So we run

rocketpool wallet init

We’re asked to insert password for this wallet. That should be some strong one again. I found out special characters aren’t supported (at least not all of them) so I stayed with letters and numbers, fair enough.

We obtain mnemonic phrase (bunch of words) we have to copy somewhere safe. We highlight phrase in terminal and copy with Ctrl+Insert, then we paste it somewhere safe.. Text file maybe?? We’re also supposed to repeat phrase as a proof we’re not idiots. So we right-click the highlighted phrase and voilaaaa, it pastes itself to terminal.

If everything goes well, terminal spits out our node wallet address (which I’ve highlighted in screenshot)

Never show phrase and passwords to anyone.. Mmm..

Now we have to send some funds! I expect you read at least basic articles and got yourself Metamask wallet as a chrome extension.. As the faucet to obtain testing ETH mentioned in original manual didn’t work much lately for me, we have to obtain gETH somewhere else.. Here for example:

Goerli Authenticated Faucet

Be greedy and ask for as much as possible so you can play a bit. Now we need to send some cash to pool wallet:

Don’t mind the czech translations..

[!] Note: At the top you have to select Goerli Test Network (!). Don’t send ‘real’ ETH anywhere! Second thing is you need 16ETH for pool, but some comission and transaction fees as well, so send more than that.

It takes few seconds and we can check our node with:

rocketpool node status

As you can see the $$$$$$$ has arrived!! Time for party!!

Here’s our gETH..

Let’s register our node with

rocketpool node register

Timezone should be detected automaticaly, if not, you can write it manually according to https://en.wikipedia.org/wiki/List_of_tz_database_time_zones or use something like Hidden/Hidden if you’re paranoid and want to screw that beautiful map guys have prepared for us on the web!

Now that our node is registered, it’s time to create minipools..

rocketpool node deposit

..with this command you create minipool. You decide if you want to put 16 or 32 ETH from your funds into it. I’m poor, so I go for 16. Point is - you can start staking only when you have 32. If you put in whole 32, your validator is ready and can join the queue for activation. When 16 from users arrive, you can refund your 16 back. If you put in 16 ETH only, your validator has to wait for another 16 from users, before joining the queue.

You’ll be asked if you agree witch comission rate.. just do it.. Aaaand here we have our first minipool and its address!!

Poor again :’(..

You can repeat this until you run out of funds.. More minipools = more service to people = more profit = more GT-Rs infront of your villa.. Or at least Goerli GT-Rs..

rocketpool node status

..shows us that we have one minipool, waiting for launch, and we have no more funds for another.

So what now.. Ah, let’s pimp up our server a bit!!

Resource monitoring

We can monitor with commands included in linux, like top or htop we installed earlier.. (use q to quit)

htop command output

I have a fancy upgrade for you though. But before we begin with that:

[!] Security warning: Following update isn’t exactly attack vector, but gives possible attackers more info about the machine. While it’s perfectly perfect perfection on LAN, you should consider risks if your server is reachable from internet (as our VPS for example).

I presonaly don’t care plus I want to show you :). We’re going to install netdata from netdata.cloud which is awesome live monitoring app.

bash <(curl -Ss https://my-netdata.io/kickstart.sh)

one-command installer.. awesome..

So we’re asked for sudo password, agree with everything and script downloads whole source from git and compiles it on our server.

Done!

Now we can open browser and go to our IP address on port 19999. For me that means http://167.86.68.118:19999/ (you can also try that to see how my server does.. EDIT: server was recently reinstalled to private bigbluebutton appliance, so it’s not accurate load of Rocketpool node.. anyways netdata was kept and you can check how it works).

Gauges and graphs, all live, love it..

You can explore yourself, on the right we can even see docker containers of wich node is composed - so we can see how each part of stack is performing.

We can see ETH2 client is still syncing, everything else is already pretty lazy..

OK.. and now..

Security (and obfuscation)

Most common oldschool way to attack servers like these this way is: bot(net). You just perform some IP segment scan for live hosts, then discover those with open SSH (port 22 TCP) and try several common (or all) login/password combinations.

To reduce chances of guessing password, we’ll install fail2ban. This software records unsuccessful attempts for login and after reaching defined treshold it denies any other connections from the same source.

sudo apt -y install fail2ban
sudo mcedit /etc/fail2ban/jail.conf

Here in editor we see lots of text.. This is how linux config files usualy look like. Those lines with # at the begining are comments. Let’s scroll down a bit and here we find uncommented[!] items called bantime and maxretry. As expected, bantime is length of ban. I go for an hour (60m), 24h or 7d will work too I guess (but than you have to be more careful). Second item tells how many times you can fail before geting ban (pretty obviously). You can read other params comments if curious, for me this is it.

Don’t be to hard, think of yourself too..

Now as we save the file, we have to restart service to take effect. Systemctl is daemon watching over services, so we ask it to do that for us. We can also check how it runs..

sudo systemctl restart fail2ban.service
sudo systemctl status fail2ban.service

Here you can see me not being used to use sudo as my lazy ass always works as root to speed things up :)..

Second thing that can be done (not by me in the end) is to change standard SSH port from 22 to something much higher. You see bots are usualy interested about particular services like SSH or RDP on their assigned port..

or SSH on port 22892!!

So let’s edit config file and restart SSH service as well..

sudo mcedit /etc/ssh/sshd_config

We uncomment default Port and change it to something over 20000.. It shouldn’t collide with anything.

..save..exit..

sudo systemctl restart ssh.service
sudo systemctl restart sshd.service

Maybe you’ll get kicked out of the session (you should :)) so connect back. Don’t forget to adjust SSH port in PuTTy.

Conclusion

Let’s see how our node is doing! We’re staking Ethereum if I remember well!!

rocketpool node status

Staking!

Oh yeeeaaah.. We can see our minipool is staking!! Awesome.. Now we just have to wait for everything to sync and it should start doing it’s thing.

We have a server with rocketpool node stack set up and running. If you restart the server, everything just comes back up as soon as it boots without any user interaction (awesome work of rocketpool creators!).

So that’s it for now! If you want to know how things work, what comes next, how to try the other side, you’ll have to find additional info somewhere else. I recommend official guides from rocketpool:

Rocket Pool 2.5 — Beta Guides

Now I have to make manual for people using their own hardware.. I’ll paste it here too I guess..

..but now I need to get some coffee and work done..

Ooops I did it again, here it is:

Rocket Pool Beta noob guide - Node on own hardware

kajik#8875