Validator Proxy Options explained

There are different options for connecting a Radix node to the internet. I’ve created some annotated slides to try and illustrate some of these options and how they relate to configuration files and values.

1. Direct Connection

Direct Connection

This is the simplist setup where you open TCP port 30000 on your server firewall and your Radix Node listens and receives inbound internet requests directly on port 30000.

2. Reverse Proxy

Reverse Proxy

A reverse proxy is an intermediary that accepts inbound requests from the internet and forwards them to another service. In this example, an Nginx server listens for inbound TCP connections on port 30000 and then forwards them on to our Radix Node that is listening on port 30001. We still only have port 30000 open on our server firewall to ensure that no direct connections can be made to our Radix node on port 30001 from the internet.

In the Nginx configuration we listen on port 30000, and then proxy_pass (forward) requests to our Radix node which has been configured to listen on port 30001. In the Radix configuration we need to override the default broadcast_port from 30001 to 30000. This is so that peers will communicate with the Nginx proxy rather than directly with our Radix Node (which will be blocked because port 30001 is not open on our firewall)

3. Reverse Proxy with Proxy Protocol

Reverse Proxy with Proxy Protocol

An issue with using a reverse proxy is that our Radix Node application is only aware of the connection details of the Nginx Proxy. This means that application logging will only refer to the IP address of the Nginx Server and a random port number instead of the real source IP address and port of the peer. By enabling the Proxy Protocol on both the Nginx Server configuration and Radix configuration, we are able to pass the real source IP address and port details of a connected peer. The logging of the real source IP and port details is useful for troubleshooting and capturing peer specific metrics.

There slides are already quite information dense so I’ve mainly focused on the inbound requests. Let me know if anything is incorrect or unclear.


For anyone looking for the specific Nginx setting @Stuart wrote this post that covers off How do I get the real IP address of the connected node in my Radix logs when using an nginx reverse proxy? - Validators - RadixTalk