Deployment Instructions
Saito Installation Notes
To install saito for development or local experimentation, follow the Basic Install Instructions.
To Run a Public Node on the Satio Network, follow the additional steps to secure your server.
These instructions have been tested against Ubuntu 16.04 and 18.04.
They should work on most linux distributions with minor edits.
Basic install
For public or development nodes.
Install Saito
Install build tools:
apt-get update && apt-get upgrade
apt-get install g++ make git
Install node.js 9:
curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
sudo apt-get install -y nodejs
Install Google’s Dense Hashmap
We need Google’s implementation of dense Dense Hashmaps for fast in-memory data handling.
git clone https://github.com/sparsehash/sparsehash
cd sparesehash/
./configure
make
make install
Download and Intstall Saito
These instructions manually install Saito to
/opt/saitothis is our default location. Saito will work anywhere in your directory structure with the correct permissions. If you are developing, you can make this a suitable directoy in your work area.
cd /opt/
git clone https://github.com/saitotech/saito
cd saito
npm install
cd lib
./compile
At this point you can test that the software is installed correctly by running the command: node start.js
You should see block output on a test chain as std out.
You can test the software is running by opening the http://[server ip]:12101 in a browser.
Tips for Developing and Running Saito
The port Saito is running on can be adjusted in the
optionsfile.
The
compilescript rebuilds Saito AND resets the blockchain and other data.
Thefrefreshscript rebuilds Saito maintaining the blockchain and data.
Public Node configuration
The following steps add SSL and a dedicated user to secure your node and configure it to connect to the public network.
Create Saito User
useradd -M -s /usr/sbin/nologin saito
usermod -m -d /opt/saito/home saito
mkdir /opt/saito/home
Then update permissions on /opt/saito
chown -R saito /opt/saito/
chmod -R go-wr /opt/saito/
Install pm2 process manager.
npm install -g pm2
Now we can run saito as a user with very restricted permission using runuser.
runuser -s /bin/bash saito -c 'pm2 start npm -- run serve'
Remember if you want to see process information from pm2 running as a secured user you will need to query that version of pm2:
runuser -s /bin/bash saito -c 'pm2 info 0'
You can test the software is running by opening the http://[server ip]:12101 in a browser.
The Saito node.js process is now running as a restricted user.
SSL
We recoment running public Saito nodes under SSL.
The fantastic letsencrypt project provides a free and automated process for obtaining, securing and updating SSL certificates.
Requirement: fully qualified domain name directed to the ip address (load balancer, or proxy) of the server.
apt-get install nginx
Confirm nginx is running.
systemctl status nginx
Obtain Certificate
Here we will use the letsenctrypt.org Certbot to obtain and manage an SSL certificate for our domain.
These instructions work for any ssl certificate with the appropriate edits to the nginx configuration.
Following Certbot’s install instructions:
apt-get update && apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update && apt-get install python-certbot-nginx
and accepting defaults.
If you are working on a new server you can safely run certbot’s built-in nginx configuration tool:
sudo certbot --nginx
If this is a dedicated instance it is a good idea to redirect accidental http traffic to https.
nginx now has SSL installed.
If you have had any trouble with the certbot process or have a preexisting configuration that is incompatible with certbot’s automated installation, refer to Certbot‘s documentation.
Configure NGINX to reverse proxy Saito
Open the nginx config file using your favourite text editor. (We are vim folks.)
vim /etc/nginx/sites-enabled/default
And make the following changes to the SSL server section.
This can be recognised by the line
listen 443 ssl;
comment out the line:
root /var/www/html
and add
ssl on;
replace the ssl location:
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
with:
proxy_pass http://127.0.0.1:12101;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
Then restart nginx: systemctl restart nginx
And you can test ssl at the domain name configured.
Note this will bring up Saito’s main page and modules, but applications will not function as websockets are not yet configured to use SSL.
Update Saito configiruation for SSL AND to connect to the Saito network.
Add ‘endpoint’, ‘dns’ and ‘peer’ information to options.server
{
"server": {
"host":"localhost",
"port":12101,
"endpoint": {
"host":"[this server TLDN]",
"port":443,
"protocol":"https"
}
},
"dns": [{
"domain":"saito",
"host":"dns.saito.tech",
"port":12101,
"publickey":"nR2ecdN7cW91nxVaDR4uXqW35GbAdGU5abzPJ9PkE8Mn"
}],
"peers": [{
"host":"saito.tech",
"port":443,
"protocol":"https",
"publickey":""
}]
}
endpoint: sets the url and protocol clients use to connect to the server.
dns: sets the dns server clients use to resolve names to saito addresses.
peers: is an array that can contain details for connecting to any number of peers on the saito network. The configuration here contains is for connecting to the main saito server.
Ensure Saito is stopped:
runuser -s /bin/bash saito -c 'pm2 stop npm -- run serve'
Recompile Saito to clean out old test chains, and to update the configureation.
Remember to do this as the user that will run Saito or to update permissions.
runuser -s /bin/bash saito -c './compile'
then restart the service:
runuser -s /bin/bash saito -c 'pm2 start npm -- run serve'
Congratulations! you should now have a node on the Saito network.
To test this compare records in the block explorer on the node just created with Saito Network: Blockchain Explorer
Cleanup
Set up Certbot to autorenew it’s certificate.
Check that certbot renew --dry-run run’s without errors.
Add the following line to cron by running crontab -e
2 3 * * 6 certbot renew