Exposing node endpoint on GCP - Compute VM Instance

Hello,

I have setup a devnet Algorand node on a Compute VM Iinstance. Everything works great, however I need to expose the endpoint externally for DApp development.

This is my config.json file

{
    "Version": 16,
    "AccountUpdatesStatsInterval": 5000000000,
    "AccountsRebuildSynchronousMode": 1,
    "AnnounceParticipationKey": true,
    "Archival": false,
    "BaseLoggerDebugLevel": 4,
    "BlockServiceCustomFallbackEndpoints": "",
    "BroadcastConnectionsLimit": -1,
    "CadaverSizeTarget": 1073741824,
    "CatchpointFileHistoryLength": 365,
    "CatchpointInterval": 10000,
    "CatchpointTracking": 0,
    "CatchupBlockDownloadRetryAttempts": 1000,
    "CatchupBlockValidateMode": 0,
    "CatchupFailurePeerRefreshRate": 10,
    "CatchupGossipBlockFetchTimeoutSec": 4,
    "CatchupHTTPBlockFetchTimeoutSec": 4,
    "CatchupLedgerDownloadRetryAttempts": 50,
    "CatchupParallelBlocks": 16,
    "ConnectionsRateLimitingCount": 60,
    "ConnectionsRateLimitingWindowSeconds": 1,
    "DNSBootstrapID": "<network>.algodev.network",
    "DNSSecurityFlags": 1,
    "DeadlockDetection": 0,
    "DisableLocalhostConnectionRateLimit": true,
    "DisableNetworking": false,
    "DisableOutgoingConnectionThrottling": false,
    "EnableAccountUpdatesStats": false,
    "EnableAgreementReporting": false,
    "EnableAgreementTimeMetrics": false,
    "EnableAssembleStats": false,
    "EnableBlockService": false,
    "EnableBlockServiceFallbackToArchiver": true,
    "EnableCatchupFromArchiveServers": false,
    "EnableDeveloperAPI": false,
    "EnableGossipBlockService": true,
    "EnableIncomingMessageFilter": false,
    "EnableLedgerService": false,
    "EnableMetricReporting": false,
    "EnableOutgoingNetworkMessageFiltering": true,
    "EnablePingHandler": true,
    "EnableProcessBlockStats": false,
    "EnableProfiler": false,
    "EnableRequestLogger": false,
    "EnableTopAccountsReporting": false,
    "EndpointAddress": "127.0.0.1:4001",
    "FallbackDNSResolverAddress": "",
    "ForceRelayMessages": false,
    "GossipFanout": 4,
    "IncomingConnectionsLimit": 10000,
    "IncomingMessageFilterBucketCount": 5,
    "IncomingMessageFilterBucketSize": 512,
    "IsIndexerActive": false,
    "LedgerSynchronousMode": 2,
    "LogArchiveMaxAge": "",
    "LogArchiveName": "node.archive.log",
    "LogSizeLimit": 1073741824,
    "MaxCatchpointDownloadDuration": 7200000000000,
    "MaxConnectionsPerIP": 30,
    "MinCatchpointFileDownloadBytesPerSecond": 20480,
    "NetAddress": "",
    "NetworkMessageTraceServer": "",
    "NetworkProtocolVersion": "",
    "NodeExporterListenAddress": ":9100",
    "NodeExporterPath": "./node_exporter",
    "OptimizeAccountsDatabaseOnStartup": false,
    "OutgoingMessageFilterBucketCount": 3,
    "OutgoingMessageFilterBucketSize": 128,
    "ParticipationKeysRefreshInterval": 60000000000,
    "PeerConnectionsUpdateInterval": 3600,
    "PeerPingPeriodSeconds": 0,
    "PriorityPeers": {},
    "PublicAddress": "",
    "ReconnectTime": 60000000000,
    "ReservedFDs": 256,
    "RestReadTimeoutSeconds": 15,
    "RestWriteTimeoutSeconds": 120,
    "RunHosted": false,
    "SuggestedFeeBlockHistory": 3,
    "SuggestedFeeSlidingWindowSize": 50,
    "TLSCertFile": "",
    "TLSKeyFile": "",
    "TelemetryToLog": true,
    "TxPoolExponentialIncreaseFactor": 2,
    "TxPoolSize": 15000,
    "TxSyncIntervalSeconds": 60,
    "TxSyncServeResponseSize": 1000000,
    "TxSyncTimeoutSeconds": 30,
    "UseXForwardedForAddressField": "",
    "VerifiedTranscationsCacheSize": 30000
}

I have an external VM IP but I am not sure how to add it into the configuration. I have tried to add it to EndpointAddress: <ExtIP>:4001 - however the node wouldn’t start up.

Any idea on how to expose this endpoint externally and internally (as other instances weren’t able to reach the endpoint with the internal IP).

Thank you.

You have several ways of exposing the endpoint:

  • Solution not recommended because the connection to the endpoint won’t be secure which means attackers can intercept it and change the data you see. But for testing, it can be good enough. Change EndpointAddress to 0.0.0.0:4001 in config.json. Then, you need to open the port at the Google Cloud Platform VPC level: How to open a specific port such as 9090 in Google Compute Engine - Stack Overflow. You may also need to change the firewall rules on your VM itself. If you’re using Ubuntu, most likely it’s using ufw. Do sudo ufw status verbose to see what the rules are
  • Use nginx as a reverse proxy. You can Google it. Configuration should look like:
    location / {
        proxy_pass http://127.0.0.1:4001;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
    
    You should also use Let’s encrypt to get a TLS certificate. So that traffic is encrypted and authenticated.
  • Use GCP API Gateway and/or GCP Load Balancer.

PS: it’s often simpler to just keep in config.json the fields that changed, like:

{
   "EndpointAddress": "127.0.0.1:4001"
}
2 Likes