How to run a Solana RPC node

Introduction

The easiest way to run a Solana RPC node is with Chainstack:

  1. Sign up with Chainstack.
  2. Deploy a Solana RPC node.
  3. Get the deployed node’s endpoint.

That said, this post provides you with the step-by-step instructions on running a non-validating Solana RPC node and connecting it to the mainnet beta cluster.

This tutorial uses the Solana Lumen server program specifications.

Prerequisites

  • Operating system: Ubuntu 20.04
  • Memory: 250 GB
  • CPU: Intel(R) Xeon(R) Gold 6226R
  • Cores: 32 cores @ 2.9 GHz
  • Storage: 2 x 900 GB NVMe

Notes

In this tutorial:

  • We will not be using accounts in RAM.
  • We will avoid creating RAID 0 or logical volumes with different sizes.
  • Accounts and the ledger will be stored on different volumes.
  • We will manually tune the system.

In brief

The process is the following:

  1. Mount disks to store Solana data.
  2. sysctl additional values—the memory mapped files limit and the UDP buffer size.
  3. Create a user for the Solana instance.
  4. Install Solana binaries.
  5. Create a run script.
  6. Create a service for the Solana instance.
  7. Create an identity for the node.
  8. Install Node Exporter to expose node metrics.
  9. Install Nginx.
  10. Obtain an SSL certificate.

1. Mount disks

We will store our data in /var/solana on two different mounted disks:

  • disk #1 for ledger and config — /var/solana/data
  • disk #2 for accounts — /var/solana/accounts

It’s an official Solana recommendation to store the ledger data and the accounts data on separate disks.

Run:

[email protected]:~# mkdir /var/solana &&  mkdir /var/solana/data && mkdir /var/solana/accounts
[email protected]:~# mount /dev/nvme2n1 /var/solana/data 
[email protected]:~# mkfs -t xfs /dev/nvme2n1
[email protected]:~# mount /dev/nvme1n1 /var/solana/accounts
[email protected]:~# mkfs -t xfs /dev/nvme1n1

2. sysctl additional values

Increase the memory mapped files limit, increase the UDP buffer size, and optimize the kernel parameters:

[email protected]:~# bash -c "cat >/etc/sysctl.d/20-solana-additionals.conf <<EOF
kernel.nmi_watchdog=0
kernel.sched_min_granularity_ns='10000000'
kernel.sched_wakeup_granularity_ns='15000000'
vm.swappiness='30'
kernel.hung_task_timeout_secs=600
vm.stat_interval=10
vm.dirty_ratio=40
vm.dirty_background_ratio=10
vm.dirty_expire_centisecs=36000
vm.dirty_writeback_centisecs=3000
vm.dirtytime_expire_seconds=43200
kernel.timer_migration=0
kernel.pid_max=65536
net.ipv4.tcp_fastopen=3
EOF"
[email protected]:~# bash -c "cat >/etc/sysctl.d/20-solana-mmaps.conf <<EOF
# Increase memory mapped files limit
vm.max_map_count = 1000000
EOF"
[email protected]:~# bash -c "cat >/etc/sysctl.d/20-solana-udp-buffers.conf <<EOF
# Increase UDP buffer size
net.core.rmem_default = 134217728
net.core.rmem_max = 134217728
net.core.wmem_default = 134217728
net.core.wmem_max = 134217728
EOF"
[email protected]:~# sysctl -p /etc/sysctl.d/20-solana-mmaps.conf
[email protected]:~# sysctl -p /etc/sysctl.d/20-solana-udp-buffers.conf
[email protected]:~# sysctl -p /etc/sysctl.d/20-solana-additionals.conf

3. Create a user for Solana

[email protected]:~# adduser  solana
[email protected]:~# chown solana:solana /var/solana/data/
[email protected]:~# chown solana:solana /var/solana/accounts/

4. Install Solana binaries

[email protected]:~$ sh -c "$(curl -sSfL https://release.solana.com/stable/install)"

5. Create a run script

[email protected]:~$ mkdir /home/solana/bin && cd /home/solana/bin
[email protected]:~$ bash -c "cat > validator.sh <<EOF
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
# Remove empty snapshots
find "/var/solana/data/ledger" -name 'snapshot-*' -size 0 -print -exec rm {} \; || true
export RUST_LOG=error
export RUST_BACKTRACE=full
solana-validator \
--ledger /var/solana/data/ledger \
--identity /var/solana/data/config/validator-keypair.json \
--trusted-validator 7Np41oeYqPefeNQEHSv1UDhYrehxin3NStELsSKCT4K2 \
--trusted-validator GdnSyH3YtwcxFvQrVVJMm1JhTS4QVX7MFsX56uJLUfiZ \
--trusted-validator DE1bawNcRJB9rVm3buyMVfr8mBEoyyu73NBovf2oXJsJ \
--trusted-validator CakcnaRDHka2gXyfbEd2d3xsvkJkqsLw2akB3zsN1D2S \
--expected-genesis-hash 5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d \
--entrypoint entrypoint.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint2.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint3.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint4.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint5.mainnet-beta.solana.com:8001 \
--no-voting \
--snapshot-interval-slots 500 \
--maximum-local-snapshot-age 500 \
--rpc-bind-address 127.0.0.1 \
--rpc-port 8799 \
--gossip-port 8801 \
--dynamic-port-range 8802-8812 \
--no-port-check \
--wal-recovery-mode skip_any_corrupted_record \
--enable-rpc-transaction-history \
--enable-cpi-and-log-storage \
--init-complete-file /var/solana/data/init-completed \
--snapshot-compression none \
--require-tower \
--no-wait-for-vote-to-start-leader \
--no-poh-speed-test \
--limit-ledger-size 50000000 \
--accounts /var/solana/accounts \
--log -
EOF"
[email protected]:~$ chmod +x validator.sh

6. Create a service for Solana

[email protected]:~# bash -c "cat > /etc/systemd/system/sol.service <<EOF
[Unit]
Description=Solana Validator
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User=solana
LimitNOFILE=1000000
LogRateLimitIntervalSec=0
Environment="PATH=/bin:/usr/bin:/home/solana/.local/share/solana/install/active_release/bin"
ExecStart=/home/solana/bin/validator.sh
[Install]
WantedBy=multi-user.target
EOF"

7. Create the node identity

You need a key pair to identify the node on the network. You do not need any funds on the key pair as you are not running a validator.

[email protected]:~$ solana-keygen new -o /var/solana/data/config/validator-keypair.json

8. Install Prometheus Node Exporter

Install the Prometheus Node Exporter to export node metrics that you can later feed into your monitoring tools.

[email protected]:~# wget https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz
[email protected]:~# tar xvfz node_exporter-1.3.1.linux-amd64.tar.gz
[email protected]:~# mv node_exporter-1.3.1.linux-amd64/node_exporter /usr/local/bin/
[email protected]:~# useradd -rs /bin/false node_exporter
[email protected]:~# tee /etc/systemd/system/node_exporter.service<<EOF
[Unit]
Description=Node Exporter
After=network.target
[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter
[Install]
WantedBy=multi-user.target
EOF

…if you need to change port:

[email protected]:~# tee /etc/prometheus.conf<<EOF
ARGS=--web.listen-address=localhost:9101
EOF

Change /etc/systemd/system/node_exporter.service to the ExecStart string to look like this:
ExecStart=/usr/local/bin/node_exporter $ARGS

…continue:

[email protected]:~# systemctl daemon-reload
[email protected]:~# systemctl start node_exporter
[email protected]:~# systemctl enable node_exporter
[email protected]:~# systemctl enable --now sol

9. Install and configure Nginx

Enable secure access to your Solana’s node endpoint with Nginx.

9.1 Install Nginx

[email protected]:~# apt update && apt install nginx
[email protected]:~# cd /etc/nginx/sites-available/
[email protected]:~# vim default

9.2 In location /, set proxy_pass http://solana, save

[email protected]:~# cd ../ && vim nginx.conf

9.3 At the end of the http section, add:

upstream solana{
    server 127.0.0.1:8799;
}

Save.

9.4 Set your domain name, if needed

In /etc/nginx/sites-available/default, add the string server_name {{YOUR DOMAIN NAME HERE}} in the server section.

9.5 Test the Nginx configuration by executing the following:

[email protected]:~# nginx -t

9.6 Reload Nginx

[email protected]:~# systemctl reload nginx

10. Obtain the SSL certificate

10.1 Install Certbot

[email protected]:~# apt install certbot python3-certbot-nginx

10.2 Obtain and apply the certificate

[email protected]:~# certbot --nginx -d {{YOUR DOMAIN NAME HERE}}

11. Enable basic authentication on the endpoint

Run:

[email protected]:~# apt install apache2-utils -y
[email protected]:~# cd /etc/nginx/
[email protected]:~# htpasswd -c .htpasswd {{YOUR_BASIC_AUTH_USER}}

Edit the Nginx configuration:

[email protected]:~# cd sites-available/
[email protected]:~# vim default

Add the following lines inside the server section:

    auth_basic           "Authorization requred";
    auth_basic_user_file /etc/nginx/.htpasswd;

Restart Nginx:

[email protected]:~# nginx -t
[email protected]:~# systemctl restart nginx

Conclusion

This tutorial walked you through the basics of setting up a non-validating Solana RPC node with a protected RPC endpoint.

Have you already explored what you can achieve with Chainstack? Get started for free today.

SHARE THIS ARTICLE

A StarkNet odyssey: Escaping Cairo hell

Cairo learning curve is pretty steep. In this article we review all the things that you need to know before writing your first line of code.

Antonio Ufano
May 20
Chainstack uses cookies to provide you with a secure and
personalized experience on its website. Learn more.