跳转至主要内容

Public RPC Server

Advanced Infrastructure Setup

This setup is for organizations running public blockchain infrastructure services. Most users should never set this up - regular farmers should never expose RPC ports. This documentation exists to show the contrast with secure farming setups and guide infrastructure providers.

Network Architecture

Security Warning

Running a public RPC server requires significant security expertise, infrastructure, and ongoing maintenance. This is not recommended for individual farmers. Exposing RPC ports creates significant security risks.

Required Ports

端口协议Direction作用Security Level
30333TCPInbound/OutboundConsensus chain P2PPublic
30433TCPInbound/OutboundDSN communicationPublic
9944TCP/WSInboundPublic consensus RPCExposed
9945TCP/WSInboundPublic domain RPC (optional)Exposed

Router Port Forwarding

Configure these port forwarding rules for public RPC infrastructure:

ServiceExternal PortInternal IPInternal Port协议
Autonomys-Consensus30333RPC Server IP30333TCP
Autonomys-DSN30433RPC Server IP30433TCP
Autonomys-RPC9944RPC Server IP9944TCP

防火墙配置

# Base node ports
iptables -A INPUT -p tcp --dport 30333 -j ACCEPT
iptables -A INPUT -p tcp --dport 30433 -j ACCEPT

# Public RPC access (use with extreme caution)
iptables -A INPUT -p tcp --dport 9944 -j ACCEPT

# Optional domain RPC (if needed)
# iptables -A INPUT -p tcp --dport 9945 -j ACCEPT

# Monitoring (Prometheus) - restrict to trusted networks
iptables -A INPUT -p tcp -s 10.0.1.0/24 --dport 9615 -j ACCEPT

# Save rules
iptables-save > /etc/iptables/rules.v4