The following information provides a set of security and operation best practices that node operators need to use at a minimum to enhance the security and reliability of their infrastructure.
To run a Chainlink node, the Operator UI port does not need to be open on the internet for it to correctly function. Due to this, we recommend restricting access to all of the services required over the internet.
-L 6688:localhost:6688to your SSH command.
10.0.0.0/16and use these IP addresses for communicating.
To ensure there is very minimal downtime, failover capabilities are required on both the Chainlink and Ethereum clients so that if any one server fails, the service is still online.
Problems occur and when they do, the right processes need to be in-place to ensure that as little downtime as possible occurs. The main impediment to incurring large amounts of downtime in the context of Chainlink node operators is a fully corrupted Ethereum node that requires a re-sync.
Due to the challenge of recovering an Ethereum client, we recommend:
With this process in-place, the elapsed time of full disaster is kept to a minimum.
To be proactive in detecting any issues before or when they occur, active monitoring needs to be in place. The areas where we recommend to monitor are:
Monitoring can be set up from the Docker container's output and fed into most major logging providers. For example, you can use Docker's docs to set up the logging driver for Amazon CloudWatch and Google Cloud Logging. You will want to set the
JSON_CONSOLE configuration variable to
true so that the output of the container is JSON-formatted for logging.
Due to the early nature of the software, it may be required to perform frequent updates to your Chainlink node.
On performing system maintenance to update the Chainlink node, follow this guide.
The following are suggestions for job specifications and configuration settings for the node.
MIN_INCOMING_CONFIRMATIONSconfig by setting a
confirmationsfield in jobs which perform off-chain payments to allow for greater security by making the node ensure the transaction is still valid after X blocks.
confirmationsfor specific jobs.
0if you're using external log drivers which parse the output from Docker containers. This will save you disk space.
trueif you're using external log drivers to parse the output of Docker containers. This will make it easier to parse individual fields of the log and set up alerts.
Running a Chainlink node works well if you template out your infrastructure using tools like Kubernetes or Terraform. The following repositories can assist you with doing that: