Nginx server
To access your archive node from outside, you need to install a server and setup a certificate. In this guide, we will use Nginx as a server.

Firewall

Your server will communicate through HTTP ports, you need to enable ports 80 (http) and 443 (https) in your firewall.
At the end of the configuration, you can close port 80 since only port 443 will be used to access the node.

Domain name

In this guide, we consider that you already have a domain name and you have control over the DNS. In this case, you need to add an A record with the sub domain you will use and the IP address of your node into you DNS provider console.
Example of DNS A Record
If you don't have a domain name, you will have to generate a self-signed certificate and access your node through the raw ip address of your server.

Installation

In all the next steps, don't forget to update ${SUB_DOMAIN} with your full sub domain name. example: ws.astar.awesomedappproject.io
First, install Nginx and Certbot:
1
sudo apt-get install nginx snapd
2
sudo snap install core; sudo snap refresh core
3
sudo snap install --classic certbot
4
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Copied!
Create and enable the site:
1
cd /etc/nginx/sites-available
2
sudo cp default ${SUB_DOMAIN}
3
sudo ln -s /etc/nginx/sites-available/${SUB_DOMAIN} /etc/nginx/sites-enabled/
Copied!
Edit the site file
1
sudo nano ${SUB_DOMAIN}
Copied!
Change the root and server_name to get a file like this:
1
server {
2
listen 80;
3
listen [::]:80;
4
5
root /var/www/${SUB_DOMAIN}/html;
6
index index.html index.htm index.nginx-debian.html;
7
8
server_name ${SUB_DOMAIN};
9
10
location / {
11
try_files $uri $uri/ =404;
12
}
13
}
Copied!

Generate SSL certificate

Issue the Certbot certificate:
1
sudo certbot certonly --nginx
Copied!
Certbot will issue the SSL certificate into /etc/letsencrypt/live.

Switch to https

Edit again the site file:
1
sudo nano ${SUB_DOMAIN}
Copied!
Delete existing lines and set the content as below:
1
map $http_upgrade $connection_upgrade {
2
default upgrade;
3
'' close;
4
}
5
6
server {
7
8
# SSL configuration
9
#
10
listen 443 ssl;
11
listen [::]:443 ssl;
12
13
root /var/www/${SUB_DOMAIN}/html;
14
15
server_name ${SUB_DOMAIN};
16
ssl_certificate /etc/letsencrypt/live/${SUB_DOMAIN}/fullchain.pem; # managed by Certbot
17
ssl_certificate_key /etc/letsencrypt/live/${SUB_DOMAIN}/privkey.pem; # managed by Certbot
18
ssl_session_timeout 5m;
19
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
20
ssl_ciphers HIGH:!aNULL:!MD5;
21
ssl_prefer_server_ciphers on;
22
23
location / {
24
proxy_pass http://localhost:9944;
25
proxy_pass_request_headers on;
26
proxy_http_version 1.1;
27
proxy_set_header Host $host;
28
proxy_set_header X-Real-IP $remote_addr;
29
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
30
proxy_set_header Upgrade $http_upgrade;
31
proxy_set_header Connection $connection_upgrade;
32
}
33
34
}
35
Copied!
Note the port 9944 used in proxy_pass in this example, this is the WS port. To pass the RPC port, just change it to 9933.
Check and restart nginx:
1
sudo nginx -t
2
sudo systemctl restart nginx
Copied!

Usage

This is it, your arcive node is set and available from outside.
If you set a WS endpoint, you can explore the chain from the Polkadot.js portal using the format wss://${SUB_DOMAIN}
If you set a RPC endpoint, you can it through https://${SUB_DOMAIN}

Self-signed certificate

In case you do not have a domain name, you need to issue yourself a self-signed certificate:
1
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
2
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Copied!
Then in the https site config file, you will have to replace the following values:
1
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
2
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
3
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Copied!
In all steps, the ${SUB_DOMAIN} value will be the node server ip address.